Conversation
| fn := func(w http.ResponseWriter, r *http.Request) { | ||
| ctx := r.Context() | ||
| ad, ok := ctx.Value(auth.AuthDataContextKey).(auth.AuthData) | ||
| ad, ok := handleAuthData(r) |
There was a problem hiding this comment.
DRYed up the left side as it was now happening in 3 places, see handleAuthData() below.
| V3EnabledACOs []string `conf:"v3_enabled_acos"` // Simple list of ACOs with v3 access | ||
| CutoffDuration time.Duration | ||
| RateLimitConfig RateLimitConfig `conf:"rate_limit_config"` | ||
| V1V2DenyRegexes []string `conf:"v1_v2_deny_regexes"` |
There was a problem hiding this comment.
I went with an array of regexes as it gives us pretty dynamic control, allowing for cutting off of whole models (eg IOTA), specific ACO IDs (eg A1234, A1235), or all access in general (eg ".*").
And I went with handling both v1 and v2 together as both will be getting replaced with v3 at the same time.
There was a problem hiding this comment.
[...] allowing for cutting off of whole models
Is this referring to matching models based on the CMS_ID pattern that ACOs in that model follow?
There was a problem hiding this comment.
If Im understanding your question then we could cut off all of IOTA for example by doing "IOTA\d{3}".
carlpartridge
requested review from
bhagatparwinder and
laurenkrugen-navapbc
3 participants
🎫 Ticket
https://jira.cms.gov/browse/BCDA-9782
🛠 Changes
Add a v1/v2 deny access configuration check to v1/v2 request middleware.
ℹ️ Context
Part of making sure new clients that start with v3 are not making old request.
🧪 Validation
Local linting and testing.