feat: Login to access Swagger documentation #7496
Conversation
|
Adding the "do-not-merge/release-note-label-needed" label because no release-note block was detected, please follow our release note process to remove it. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
| @@ -175,7 +175,7 @@ func Routers() *gin.Engine { | |||
|
|
|||
| swaggerRouter := Router.Group("1panel") | |||
| docs.SwaggerInfo.BasePath = "/api/v1" | |||
| swaggerRouter.GET("/swagger/*any", ginSwagger.WrapHandler(swaggerfiles.Handler)) | |||
| swaggerRouter.Use(middleware.JwtAuth()).Use(middleware.SessionAuth()).GET("/swagger/*any", ginSwagger.WrapHandler(swaggerfiles.Handler)) | |||
| PublicGroup := Router.Group("") | |||
| { | |||
| PublicGroup.GET("/health", func(c *gin.Context) { | |||
There was a problem hiding this comment.
The provided diff shows changes that need to be addressed concerning function parameters and middleware usage:
-
Middleware Usage Update:
The lineswaggerRouter.GET("/swagger/*any", ginSwagger.WrapHandler(swaggerfiles.Handler))has been updated withmiddleware.JwtAuth(),middleware.SessionAuth(). This suggests adding authentication middleware before serving Swagger UI. -
Security Considerations:
Adding authentication via JWT (middleware.JwtAuth()) ensures that only authorized users can access the Swagger interface, improving security. -
Session Authentication (if applicable):
Ensuring session authenticity usingmiddleware.SessionAuth()is another layer of protection, though this would depend on how session handling is implemented elsewhere in the application. -
Potential Performance Impact:
While these changes improve security, they might introduce some performance overhead due to added HTTP handlers (authentication checks). It's important to measure if there's any significant impact and consider caching strategies where appropriate.
Overall, these modifications enhance both functionality and security but should be thoroughly tested to ensure they meet expectations without negatively affecting other parts of the system.
|
No description provided.