fix: shift down require admin credentials check

supabase · Feb 17, 2024 · 3e4a1c8 · 3e4a1c8
1 parent 3e57b61
commit 3e4a1c8
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 6 deletions.
diff --git a/internal/api/auth.go b/internal/api/auth.go
@@ -39,7 +39,6 @@ func (a *API) requireAdmin(ctx context.Context, w http.ResponseWriter, r *http.R
 	// Find the administrative user
 	claims := getClaims(ctx)
 	if claims == nil {
-		fmt.Printf("[%s] %s %s %d %s\n", time.Now().Format("2006-01-02 15:04:05"), r.Method, r.RequestURI, http.StatusForbidden, "Invalid token")
 		return nil, unauthorizedError("Invalid token")
 	}
 
@@ -50,7 +49,6 @@ func (a *API) requireAdmin(ctx context.Context, w http.ResponseWriter, r *http.R
 		return withAdminUser(ctx, &models.User{Role: claims.Role, Email: storage.NullString(claims.Role)}), nil
 	}
 
-	fmt.Printf("[%s] %s %s %d %s\n", time.Now().Format("2006-01-02 15:04:05"), r.Method, r.RequestURI, http.StatusForbidden, "this token needs role 'supabase_admin' or 'service_role'")
 	return nil, unauthorizedError("User not allowed")
 }
 

diff --git a/internal/api/middleware.go b/internal/api/middleware.go
@@ -166,15 +166,15 @@ func (a *API) verifyCaptcha(w http.ResponseWriter, req *http.Request) (context.C
 	ctx := req.Context()
 	config := a.config
 
-	if !config.Security.Captcha.Enabled {
+	if !config.Security.Captcha.Enabled || isIgnoreCaptchaRoute(req) {
 		return ctx, nil
 	}
+
 	if _, err := a.requireAdminCredentials(w, req); err == nil {
 		// skip captcha validation if authorization header contains an admin role
 		return ctx, nil
-	}
-	if shouldIgnore := isIgnoreCaptchaRoute(req); shouldIgnore {
-		return ctx, nil
+	} else if err != nil {
+		return nil, err
 	}
 
 	verificationResult, err := security.VerifyRequest(req, strings.TrimSpace(config.Security.Captcha.Secret), config.Security.Captcha.Provider)