Merge pull request #7 from pyrho/feat/auth-headers

feat: add auth headers to request

.traefik.yml

@@ -8,5 +8,4 @@ summary: Middleware auth bouncer for Pangolin
 testData:
     apiBaseUrl: "http://localhost:3001/api/v1"
     userSessionCookieName: "p_session_token"
-    accessTokenQueryParam: "p_token"
     resourceSessionRequestParam: "p_session_request"

README.md

@@ -17,7 +17,6 @@ Badger requires the following configuration parameters to be specified in your [
 ```yaml
 apiBaseUrl: "http://localhost:3001/api/v1"
 userSessionCookieName: "p_session_token"
-accessTokenQueryParam: "p_token"
 resourceSessionRequestParam: "p_session_request"
 ```
 

main.go

@@ -12,7 +12,6 @@ import (
 type Config struct {
 	APIBaseUrl                  string `json:"apiBaseUrl"`
 	UserSessionCookieName       string `json:"userSessionCookieName"`
-	AccessTokenQueryParam       string `json:"accessTokenQueryParam"`
 	ResourceSessionRequestParam string `json:"resourceSessionRequestParam"`
 }
 
@@ -21,7 +20,6 @@ type Badger struct {
 	name                        string
 	apiBaseUrl                  string
 	userSessionCookieName       string
-	accessTokenQueryParam       string
 	resourceSessionRequestParam string
 }
 
@@ -32,15 +30,20 @@ type VerifyBody struct {
 	RequestHost        *string           `json:"host"`
 	RequestPath        *string           `json:"path"`
 	RequestMethod      *string           `json:"method"`
-	AccessToken        *string           `json:"accessToken,omitempty"`
 	TLS                bool              `json:"tls"`
 	RequestIP          *string           `json:"requestIp,omitempty"`
+	Headers            map[string]string `json:"headers,omitempty"`
+	Query              map[string]string `json:"query,omitempty"`
 }
 
 type VerifyResponse struct {
 	Data struct {
-		Valid       bool    `json:"valid"`
-		RedirectURL *string `json:"redirectUrl"`
+		Valid           bool              `json:"valid"`
+		RedirectURL     *string           `json:"redirectUrl"`
+		Username        *string           `json:"username,omitempty"`
+		Email           *string           `json:"email,omitempty"`
+		Name            *string           `json:"name,omitempty"`
+		ResponseHeaders map[string]string `json:"responseHeaders,omitempty"`
 	} `json:"data"`
 }
 
@@ -52,8 +55,9 @@ type ExchangeSessionBody struct {
 
 type ExchangeSessionResponse struct {
 	Data struct {
-		Valid  bool    `json:"valid"`
-		Cookie *string `json:"cookie"`
+		Valid           bool              `json:"valid"`
+		Cookie          *string           `json:"cookie"`
+		ResponseHeaders map[string]string `json:"responseHeaders,omitempty"`
 	} `json:"data"`
 }
 
@@ -67,7 +71,6 @@ func New(ctx context.Context, next http.Handler, config *Config, name string) (h
 		name:                        name,
 		apiBaseUrl:                  config.APIBaseUrl,
 		userSessionCookieName:       config.UserSessionCookieName,
-		accessTokenQueryParam:       config.AccessTokenQueryParam,
 		resourceSessionRequestParam: config.ResourceSessionRequestParam,
 	}, nil
 }
@@ -75,7 +78,6 @@ func New(ctx context.Context, next http.Handler, config *Config, name string) (h
 func (p *Badger) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
 	cookies := p.extractCookies(req)
 
-	var accessToken *string
 	queryValues := req.URL.Query()
 
 	if sessionRequestValue := queryValues.Get(p.resourceSessionRequestParam); sessionRequestValue != "" {
@@ -116,17 +118,18 @@ func (p *Badger) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
 				originalRequestURL = fmt.Sprintf("%s?%s", originalRequestURL, cleanedQuery)
 			}
 
+			if result.Data.ResponseHeaders != nil {
+				for key, value := range result.Data.ResponseHeaders {
+					rw.Header().Add(key, value)
+				}
+			}
+
 			fmt.Println("Got exchange token, redirecting to", originalRequestURL)
 			http.Redirect(rw, req, originalRequestURL, http.StatusFound)
 			return
 		}
 	}
 
-	if token := queryValues.Get(p.accessTokenQueryParam); token != "" {
-		accessToken = &token
-		queryValues.Del(p.accessTokenQueryParam)
-	}
-
 	cleanedQuery := queryValues.Encode()
 	originalRequestURL := fmt.Sprintf("%s://%s%s", p.getScheme(req), req.Host, req.URL.Path)
 	if cleanedQuery != "" {
@@ -135,6 +138,20 @@ func (p *Badger) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
 
 	verifyURL := fmt.Sprintf("%s/badger/verify-session", p.apiBaseUrl)
 
+	headers := make(map[string]string)
+	for name, values := range req.Header {
+		if len(values) > 0 {
+			headers[name] = values[0] // Send only the first value for simplicity
+		}
+	}
+
+	queryParams := make(map[string]string)
+	for key, values := range queryValues {
+		if len(values) > 0 {
+			queryParams[key] = values[0]
+		}
+	}
+
 	cookieData := VerifyBody{
 		Sessions:           cookies,
 		OriginalRequestURL: originalRequestURL,
@@ -142,9 +159,10 @@ func (p *Badger) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
 		RequestHost:        &req.Host,
 		RequestPath:        &req.URL.Path,
 		RequestMethod:      &req.Method,
-		AccessToken:        accessToken,
 		TLS:                req.TLS != nil,
 		RequestIP:          &req.RemoteAddr,
+		Headers:            headers,
+		Query:              queryParams,
 	}
 
 	jsonData, err := json.Marshal(cookieData)
@@ -176,6 +194,12 @@ func (p *Badger) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
 		return
 	}
 
+	if result.Data.ResponseHeaders != nil {
+		for key, value := range result.Data.ResponseHeaders {
+			rw.Header().Add(key, value)
+		}
+	}
+
 	if result.Data.RedirectURL != nil && *result.Data.RedirectURL != "" {
 		fmt.Println("Badger: Redirecting to", *result.Data.RedirectURL)
 		http.Redirect(rw, req, *result.Data.RedirectURL, http.StatusFound)
@@ -183,6 +207,19 @@ func (p *Badger) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
 	}
 
 	if result.Data.Valid {
+
+		if result.Data.Username != nil {
+			req.Header.Add("Remote-User", *result.Data.Username)
+		}
+
+		if result.Data.Email != nil {
+			req.Header.Add("Remote-Email", *result.Data.Email)
+		}
+
+		if result.Data.Name != nil {
+			req.Header.Add("Remote-Name", *result.Data.Name)
+		}
+
 		fmt.Println("Badger: Valid session")
 		p.next.ServeHTTP(rw, req)
 		return