Skip to content

Commit 4269e32

Browse files
aktechaktech
authored
Merge pull request #3 from pmeier/x-forwarded-headers
add user data to proxied request
2 parents 8f30869 + d3f8a99 commit 4269e32

File tree

1 file changed

+46
-9
lines changed

1 file changed

+46
-9
lines changed

pkg/auth/oauth.go

Lines changed: 46 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -100,15 +100,32 @@ func (m *OAuthMiddleware) Wrap(next http.Handler) http.Handler {
100100
return
101101
}
102102

103-
header := r.Header.Get(m.headerName)
104-
if m.validateToken(header) {
105-
next.ServeHTTP(w, r)
103+
maybeProxy := func(token string) bool {
104+
if token == "" {
105+
return false
106+
}
107+
108+
user, err := m.getUser(token)
109+
if err != nil {
110+
return false
111+
}
112+
113+
pr := new(http.Request)
114+
*pr = *r
115+
116+
userData, _ := json.Marshal(user)
117+
pr.Header.Set("X-Forwarded-User-Data", string(userData))
118+
119+
next.ServeHTTP(w, pr)
120+
return true
121+
}
122+
123+
if maybeProxy(r.Header.Get(m.headerName)) {
106124
return
107125
}
108126

109127
cookie, err := r.Cookie(m.cookieName)
110-
if err == nil && m.validateToken(cookie.Value) {
111-
next.ServeHTTP(w, r)
128+
if err == nil && maybeProxy(cookie.Value) {
112129
return
113130
}
114131

@@ -117,17 +134,37 @@ func (m *OAuthMiddleware) Wrap(next http.Handler) http.Handler {
117134
})
118135
}
119136

120-
func (m *OAuthMiddleware) validateToken(token string) bool {
121-
req, _ := http.NewRequest("GET", m.apiURL+"/user", nil)
137+
type User struct {
138+
Name string `json:"name"`
139+
Admin bool `json:"admin"`
140+
Roles []string `json:"roles"`
141+
Groups []string `json:"groups"`
142+
Scopes []string `json:"scopes"`
143+
}
144+
145+
func (m *OAuthMiddleware) getUser(token string) (*User, error) {
146+
req, err := http.NewRequest("GET", m.apiURL+"/user", nil)
147+
if err != nil {
148+
return nil, err
149+
}
122150
req.Header.Set("Authorization", "token "+token)
123151

124152
resp, err := http.DefaultClient.Do(req)
125153
if err != nil {
126-
return false
154+
return nil, err
127155
}
128156
defer resp.Body.Close()
129157

130-
return resp.StatusCode == http.StatusOK
158+
if resp.StatusCode != http.StatusOK {
159+
return nil, fmt.Errorf("request to %s returned status %d", req.URL.String(), resp.StatusCode)
160+
}
161+
162+
var u User
163+
if err := json.NewDecoder(resp.Body).Decode(&u); err != nil {
164+
return nil, err
165+
}
166+
167+
return &u, nil
131168
}
132169

133170
func (m *OAuthMiddleware) redirectToLogin(w http.ResponseWriter, r *http.Request) {

0 commit comments

Comments
 (0)