mirror of
https://github.com/fosrl/badger.git
synced 2026-02-08 05:56:46 +00:00
refactor to support resource session cookies at base domain
This commit is contained in:
Milo Schwartz
86
main.go
86
main.go
@@ -6,6 +6,7 @@ import (
|
|||||||
"encoding/json"
|
"encoding/json"
|
||||||
"fmt"
|
"fmt"
|
||||||
"net/http"
|
"net/http"
|
||||||
|
"strings"
|
||||||
)
|
)
|
||||||
|
|
||||||
type Config struct {
|
type Config struct {
|
||||||
@@ -15,19 +16,14 @@ type Config struct {
|
|||||||
ResourceSessionCookieName string `json:"resourceSessionCookieName"`
|
ResourceSessionCookieName string `json:"resourceSessionCookieName"`
|
||||||
}
|
}
|
||||||
|
|
||||||
type SessionData struct {
|
|
||||||
Session *string `json:"session"`
|
|
||||||
ResourceSession *string `json:"resource_session"`
|
|
||||||
}
|
|
||||||
|
|
||||||
type VerifyBody struct {
|
type VerifyBody struct {
|
||||||
Sessions SessionData `json:"sessions"`
|
Sessions map[string]string `json:"sessions"`
|
||||||
OriginalRequestURL string `json:"originalRequestURL"`
|
OriginalRequestURL string `json:"originalRequestURL"`
|
||||||
RequestScheme *string `json:"scheme"`
|
RequestScheme *string `json:"scheme"`
|
||||||
RequestHost *string `json:"host"`
|
RequestHost *string `json:"host"`
|
||||||
RequestPath *string `json:"path"`
|
RequestPath *string `json:"path"`
|
||||||
RequestMethod *string `json:"method"`
|
RequestMethod *string `json:"method"`
|
||||||
TLS bool `json:"tls"`
|
TLS bool `json:"tls"`
|
||||||
}
|
}
|
||||||
|
|
||||||
type VerifyResponse struct {
|
type VerifyResponse struct {
|
||||||
@@ -62,42 +58,13 @@ func New(ctx context.Context, next http.Handler, config *Config, name string) (h
|
|||||||
}
|
}
|
||||||
|
|
||||||
func (p *Badger) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
|
func (p *Badger) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
|
||||||
fmt.Println("config values are: ", p.apiBaseUrl, p.resourceSessionCookieName, p.sessionQueryParameter, p.userSessionCookieName)
|
|
||||||
|
|
||||||
sess := req.URL.Query().Get(p.sessionQueryParameter)
|
|
||||||
if sess != "" {
|
|
||||||
http.SetCookie(rw, &http.Cookie{
|
|
||||||
Name: p.resourceSessionCookieName,
|
|
||||||
Value: sess,
|
|
||||||
Path: "/",
|
|
||||||
Domain: req.Host,
|
|
||||||
})
|
|
||||||
|
|
||||||
query := req.URL.Query()
|
|
||||||
query.Del(p.sessionQueryParameter)
|
|
||||||
req.URL.RawQuery = query.Encode()
|
|
||||||
}
|
|
||||||
|
|
||||||
fmt.Println("checked for session param")
|
|
||||||
|
|
||||||
cookies := p.extractCookies(req)
|
cookies := p.extractCookies(req)
|
||||||
if sess != "" {
|
|
||||||
cookies.Session = &sess
|
|
||||||
}
|
|
||||||
|
|
||||||
fmt.Println("extracted cookies")
|
|
||||||
|
|
||||||
verifyURL := fmt.Sprintf("%s/badger/verify-session", p.apiBaseUrl)
|
verifyURL := fmt.Sprintf("%s/badger/verify-session", p.apiBaseUrl)
|
||||||
|
|
||||||
fmt.Println("verify url is", verifyURL)
|
|
||||||
|
|
||||||
originalRequestURL := fmt.Sprintf("%s://%s%s", p.getScheme(req), req.Host, req.URL.RequestURI())
|
originalRequestURL := fmt.Sprintf("%s://%s%s", p.getScheme(req), req.Host, req.URL.RequestURI())
|
||||||
|
|
||||||
cookieData := VerifyBody{
|
cookieData := VerifyBody{
|
||||||
Sessions: SessionData{
|
Sessions: cookies,
|
||||||
Session: cookies.Session,
|
|
||||||
ResourceSession: cookies.ResourceSession,
|
|
||||||
},
|
|
||||||
OriginalRequestURL: originalRequestURL,
|
OriginalRequestURL: originalRequestURL,
|
||||||
RequestScheme: &req.URL.Scheme,
|
RequestScheme: &req.URL.Scheme,
|
||||||
RequestHost: &req.Host,
|
RequestHost: &req.Host,
|
||||||
@@ -106,15 +73,13 @@ func (p *Badger) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
|
|||||||
TLS: req.TLS != nil,
|
TLS: req.TLS != nil,
|
||||||
}
|
}
|
||||||
|
|
||||||
fmt.Println("built verify body")
|
|
||||||
|
|
||||||
jsonData, err := json.Marshal(cookieData)
|
jsonData, err := json.Marshal(cookieData)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
http.Error(rw, "Internal Server Error", http.StatusInternalServerError) // TODO: redirect to error page
|
http.Error(rw, "Internal Server Error", http.StatusInternalServerError) // TODO: redirect to error page
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
fmt.Println("JSON data:", string(jsonData))
|
fmt.Println("verify request", string(jsonData))
|
||||||
|
|
||||||
resp, err := http.Post(verifyURL, "application/json", bytes.NewBuffer(jsonData))
|
resp, err := http.Post(verifyURL, "application/json", bytes.NewBuffer(jsonData))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
@@ -123,15 +88,11 @@ func (p *Badger) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
|
|||||||
}
|
}
|
||||||
defer resp.Body.Close()
|
defer resp.Body.Close()
|
||||||
|
|
||||||
fmt.Println("response status code:", resp.StatusCode)
|
|
||||||
|
|
||||||
if resp.StatusCode != http.StatusOK {
|
if resp.StatusCode != http.StatusOK {
|
||||||
http.Error(rw, "Internal Server Error", http.StatusInternalServerError)
|
http.Error(rw, "Internal Server Error", http.StatusInternalServerError)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
fmt.Println("de marshalling response")
|
|
||||||
|
|
||||||
var result VerifyResponse
|
var result VerifyResponse
|
||||||
err = json.NewDecoder(resp.Body).Decode(&result)
|
err = json.NewDecoder(resp.Body).Decode(&result)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
@@ -139,19 +100,12 @@ func (p *Badger) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
|
|||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
fmt.Println("handling response")
|
if result.Data.RedirectURL != nil && *result.Data.RedirectURL != "" {
|
||||||
|
http.Redirect(rw, req, *result.Data.RedirectURL, http.StatusFound)
|
||||||
if result.Valid {
|
|
||||||
p.next.ServeHTTP(rw, req)
|
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
if result.RedirectURL != nil && *result.RedirectURL != "" {
|
if !result.Data.Valid { // only do this if for some reason the API doesn't return a redirect and it's not valid
|
||||||
http.Redirect(rw, req, *result.RedirectURL, http.StatusFound)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
if !result.Valid { // only do this if for some reason the API doesn't return a redirect and it's not valid
|
|
||||||
http.Error(rw, "Unauthorized", http.StatusUnauthorized)
|
http.Error(rw, "Unauthorized", http.StatusUnauthorized)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
@@ -161,15 +115,13 @@ func (p *Badger) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
|
|||||||
p.next.ServeHTTP(rw, req)
|
p.next.ServeHTTP(rw, req)
|
||||||
}
|
}
|
||||||
|
|
||||||
func (p *Badger) extractCookies(req *http.Request) SessionData {
|
func (p *Badger) extractCookies(req *http.Request) map[string]string {
|
||||||
var cookies SessionData
|
cookies := make(map[string]string)
|
||||||
|
|
||||||
if appSSOSessionCookie, err := req.Cookie(p.userSessionCookieName); err == nil {
|
for _, cookie := range req.Cookies() {
|
||||||
cookies.Session = &appSSOSessionCookie.Value
|
if strings.HasPrefix(cookie.Name, p.userSessionCookieName) || strings.HasPrefix(cookie.Name, p.resourceSessionCookieName) {
|
||||||
}
|
cookies[cookie.Name] = cookie.Value
|
||||||
|
}
|
||||||
if resourceSessionCookie, err := req.Cookie(p.resourceSessionCookieName); err == nil {
|
|
||||||
cookies.ResourceSession = &resourceSessionCookie.Value
|
|
||||||
}
|
}
|
||||||
|
|
||||||
return cookies
|
return cookies
|
||||||
|
|||||||
Reference in New Issue
Block a user