From 8c4ab94870d61926ec8ca6d2b54618584073e4bf Mon Sep 17 00:00:00 2001
From: l30035975 <lijing465@huawei.com>
Date: Thu, 28 Dec 2023 21:40:39 +0800
Subject: [PATCH 1/3] check api before authenticate the request

---
 server/plugin/auth/buildin/buildin.go | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/server/plugin/auth/buildin/buildin.go b/server/plugin/auth/buildin/buildin.go
index 8b092daa7..c78cd18a6 100644
--- a/server/plugin/auth/buildin/buildin.go
+++ b/server/plugin/auth/buildin/buildin.go
@@ -57,6 +57,10 @@ func (ba *TokenAuthenticator) Identify(req *http.Request) error {
 
 	pattern := getRequestPattern(req)
 
+	if !rbacsvc.MustAuth(pattern) {
+		return nil
+	}
+
 	account, err := ba.mustAuth(req, pattern)
 	if account == nil || err != nil {
 		return err

From 275f91e50fe6e1347263b4afca017c24a7d7f3cd Mon Sep 17 00:00:00 2001
From: l30035975 <lijing465@huawei.com>
Date: Fri, 5 Jan 2024 15:11:43 +0800
Subject: [PATCH 2/3] check api before authenticate the request

---
 server/plugin/auth/buildin/buildin.go | 12 ++++--------
 1 file changed, 4 insertions(+), 8 deletions(-)

diff --git a/server/plugin/auth/buildin/buildin.go b/server/plugin/auth/buildin/buildin.go
index c78cd18a6..127ceadb0 100644
--- a/server/plugin/auth/buildin/buildin.go
+++ b/server/plugin/auth/buildin/buildin.go
@@ -57,10 +57,6 @@ func (ba *TokenAuthenticator) Identify(req *http.Request) error {
 
 	pattern := getRequestPattern(req)
 
-	if !rbacsvc.MustAuth(pattern) {
-		return nil
-	}
-
 	account, err := ba.mustAuth(req, pattern)
 	if account == nil || err != nil {
 		return err
@@ -94,14 +90,14 @@ func getRequestPattern(req *http.Request) string {
 }
 
 func (ba *TokenAuthenticator) mustAuth(req *http.Request, pattern string) (*rbacmodel.Account, error) {
+	if !rbacsvc.MustAuth(pattern) {
+		return nil, nil
+	}
 	account, err := ba.VerifyRequest(req)
 	if err == nil {
 		return account, nil
 	}
-	if rbacsvc.MustAuth(pattern) {
-		return nil, err
-	}
-	return nil, nil
+	return nil, err
 }
 
 func (ba *TokenAuthenticator) VerifyRequest(req *http.Request) (*rbacmodel.Account, error) {

From 698ab410c6ae1e3b15516b1c0f7df689f8a2e2da Mon Sep 17 00:00:00 2001
From: l30035975 <lijing465@huawei.com>
Date: Fri, 5 Jan 2024 20:13:17 +0800
Subject: [PATCH 3/3] check api before authenticate the request

---
 server/plugin/auth/buildin/buildin.go | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/server/plugin/auth/buildin/buildin.go b/server/plugin/auth/buildin/buildin.go
index 127ceadb0..21f2d0451 100644
--- a/server/plugin/auth/buildin/buildin.go
+++ b/server/plugin/auth/buildin/buildin.go
@@ -93,11 +93,7 @@ func (ba *TokenAuthenticator) mustAuth(req *http.Request, pattern string) (*rbac
 	if !rbacsvc.MustAuth(pattern) {
 		return nil, nil
 	}
-	account, err := ba.VerifyRequest(req)
-	if err == nil {
-		return account, nil
-	}
-	return nil, err
+	return ba.VerifyRequest(req)
 }
 
 func (ba *TokenAuthenticator) VerifyRequest(req *http.Request) (*rbacmodel.Account, error) {