"encoding/json"
"fmt"
"io/ioutil"
- "log"
"net/http"
+ "strings"
"git.curoverse.com/arvados.git/sdk/go/auth"
"git.curoverse.com/arvados.git/sdk/go/httpserver"
// If runtime_token is not set, create a new token
if _, ok := containerRequest["runtime_token"]; !ok {
- log.Printf("ok %v", ok)
-
// First make sure supplied token is valid.
creds := auth.NewCredentials()
creds.LoadTokensFromHTTPRequest(req)
return true
}
- newtok, err := h.handler.createAPItoken(req, currentUser.UUID, nil)
- if err != nil {
- httpserver.Error(w, err.Error(), http.StatusForbidden)
- return true
+ // Must be home cluster for this authorization
+ if strings.HasPrefix(currentUser.Authorization.UUID, h.handler.Cluster.ClusterID) {
+ newtok, err := h.handler.createAPItoken(req, currentUser.UUID, nil)
+ if err != nil {
+ httpserver.Error(w, err.Error(), http.StatusForbidden)
+ return true
+ }
+ containerRequest["runtime_token"] = newtok.TokenV2()
}
- containerRequest["runtime_token"] = newtok.TokenV2()
}
newbody, err := json.Marshal(request)
req.ContentLength = int64(buf.Len())
req.Header.Set("Content-Length", fmt.Sprintf("%v", buf.Len()))
- resp, cancel, err := h.handler.remoteClusterRequest(*clusterId, req)
- if cancel != nil {
- defer cancel()
- }
+ resp, err := h.handler.remoteClusterRequest(*clusterId, req)
h.handler.proxy.ForwardResponse(w, resp, err)
return true
}