MG-94 - Add authorization on downstream messages in WS (#96)

felixgateru · web-flow · commit edf967fbb46a · 2025-06-05T17:06:48.000+02:00
* feat(ws.go): add auth on downstream publish

Signed-off-by: Felix Gateru &lt;felix.gateru@gmail.com&gt;

* ci: add no contextcheck on failing cases

Signed-off-by: Felix Gateru &lt;felix.gateru@gmail.com&gt;

* refactor: rearrange nolint comment lines

Signed-off-by: Felix Gateru &lt;felix.gateru@gmail.com&gt;

---------

Signed-off-by: Felix Gateru &lt;felix.gateru@gmail.com&gt;
diff --git a/pkg/http/http.go b/pkg/http/http.go
@@ -79,6 +79,7 @@ func (p Proxy) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 	}
 
 	if isWebSocketRequest(r) {
+		//nolint:contextcheck // handleWebSocket does not need context
 		p.handleWebSocket(w, r, s)
 		return
 	}
diff --git a/pkg/http/ws.go b/pkg/http/ws.go
@@ -101,13 +101,18 @@ func (p *Proxy) stream(ctx context.Context, topic string, src, dest *websocket.C
 		if err != nil {
 			return handleStreamErr(err, upstream)
 		}
-		if upstream {
+		switch upstream {
+		case true:
 			if err := p.session.AuthPublish(ctx, &topic, &payload); err != nil {
 				return err
 			}
 			if err := p.session.Publish(ctx, &topic, &payload); err != nil {
 				return err
 			}
+		default:
+			if err := p.session.AuthSubscribe(ctx, &[]string{topic}); err != nil {
+				return err
+			}
 		}
 		if err := dest.WriteMessage(messageType, payload); err != nil {
 			return err
diff --git a/pkg/mqtt/websocket/websocket.go b/pkg/mqtt/websocket/websocket.go
@@ -67,6 +67,7 @@ func (p Proxy) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
+	//nolint:contextcheck // new context is created in pass method
 	go p.pass(cconn)
 }
 

Original file line number	Diff line number	Diff line change
`@@ -79,6 +79,7 @@ func (p Proxy) ServeHTTP(w http.ResponseWriter, r *http.Request) {`
`79`	`79`	`}`
`80`	`80`
`81`	`81`	`if isWebSocketRequest(r) {`
	`82`	`+ //nolint:contextcheck // handleWebSocket does not need context`
`82`	`83`	`p.handleWebSocket(w, r, s)`
`83`	`84`	`return`
`84`	`85`	`}`
Original file line number	Diff line number	Diff line change
`@@ -101,13 +101,18 @@ func (p Proxy) stream(ctx context.Context, topic string, src, dest websocket.C`
`101`	`101`	`if err != nil {`
`102`	`102`	`return handleStreamErr(err, upstream)`
`103`	`103`	`}`
`104`		`- if upstream {`
	`104`	`+ switch upstream {`
	`105`	`+ case true:`
`105`	`106`	`if err := p.session.AuthPublish(ctx, &topic, &payload); err != nil {`
`106`	`107`	`return err`
`107`	`108`	`}`
`108`	`109`	`if err := p.session.Publish(ctx, &topic, &payload); err != nil {`
`109`	`110`	`return err`
`110`	`111`	`}`
	`112`	`+ default:`
	`113`	`+ if err := p.session.AuthSubscribe(ctx, &[]string{topic}); err != nil {`
	`114`	`+ return err`
	`115`	`+ }`
`111`	`116`	`}`
`112`	`117`	`if err := dest.WriteMessage(messageType, payload); err != nil {`
`113`	`118`	`return err`
Original file line number	Diff line number	Diff line change
`@@ -67,6 +67,7 @@ func (p Proxy) ServeHTTP(w http.ResponseWriter, r *http.Request) {`
`67`	`67`	`return`
`68`	`68`	`}`
`69`	`69`
	`70`	`+ //nolint:contextcheck // new context is created in pass method`
`70`	`71`	`go p.pass(cconn)`
`71`	`72`	`}`
`72`	`73`