fix: Avoid fatal on invalid container filters in auth (#4379)

Signed-off-by: Mirza-Samad-Ahmed-Baig <Mirzasamadahmedbaig@gmail.com>

internal/auth/proxy.go

@@ -46,7 +46,9 @@ func (p *proxyAuthContext) AuthMiddleware(next http.Handler) http.Handler {
 		if r.Header.Get(p.headerUser) != "" {
 			containerFilter, err := container.ParseContainerFilter(r.Header.Get(p.headerFilter))
 			if err != nil {
-				log.Fatal().Str("filter", r.Header.Get(p.headerFilter)).Msg("Failed to parse container filter")
+				log.Warn().Err(err).Str("filter", r.Header.Get(p.headerFilter)).Msg("Failed to parse container filter")
+				http.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest)
+				return
 			}
 			userRoles := All
 			if strings.TrimSpace(r.Header.Get(p.headerRoles)) != "" {

internal/auth/proxy_test.go

@@ -0,0 +1,56 @@
+package auth
+
+import (
+	"net/http"
+	"net/http/httptest"
+	"testing"
+
+	"github.com/go-chi/jwtauth/v5"
+	"github.com/stretchr/testify/require"
+)
+
+func TestForwardProxyAuthRejectsInvalidFilter(t *testing.T) {
+	auth := NewForwardProxyAuth("Remote-User", "Remote-Email", "Remote-Name", "Remote-Filter", "Remote-Roles")
+	called := false
+	handler := auth.AuthMiddleware(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		called = true
+		w.WriteHeader(http.StatusOK)
+	}))
+
+	req := httptest.NewRequest(http.MethodGet, "/", nil)
+	req.Header.Set("Remote-User", "alice")
+	req.Header.Set("Remote-Filter", "invalid-filter")
+
+	resp := httptest.NewRecorder()
+	handler.ServeHTTP(resp, req)
+
+	require.Equal(t, http.StatusBadRequest, resp.Code)
+	require.False(t, called)
+}
+
+func TestUserFromContextInvalidFilterReturnsNil(t *testing.T) {
+	tokenAuth := jwtauth.New("HS256", []byte("secret"), nil)
+	_, tokenString, err := tokenAuth.Encode(map[string]interface{}{
+		"username": "alice",
+		"email":    "alice@example.com",
+		"name":     "Alice",
+		"filter":   "invalid-filter",
+	})
+	require.NoError(t, err)
+
+	handler := jwtauth.Verifier(tokenAuth)(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		if UserFromContext(r.Context()) == nil {
+			w.WriteHeader(http.StatusUnauthorized)
+			return
+		}
+		w.WriteHeader(http.StatusOK)
+	}))
+
+	req := httptest.NewRequest(http.MethodGet, "/", nil)
+	req.Header.Set("Authorization", "Bearer "+tokenString)
+
+	resp := httptest.NewRecorder()
+	handler.ServeHTTP(resp, req)
+
+	require.Equal(t, http.StatusUnauthorized, resp.Code)
+}

internal/auth/users.go

@@ -212,7 +212,8 @@ func UserFromContext(ctx context.Context) *User {
 			if filter, ok := claims["filter"].(string); ok {
 				containerFilter, err = container.ParseContainerFilter(filter)
 				if err != nil {
-					log.Fatal().Err(err).Str("filter", filter).Msg("Failed to parse container filter")
+					log.Warn().Err(err).Str("filter", filter).Msg("Failed to parse container filter")
+					return nil
 				}
 			}
 			roles := None