fosrl/badger
1
0
Fork 0
mirror of https://github.com/fosrl/badger.git synced 2025-05-12 21:30:42 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

remove explicit access token check and pass query params and headers in verify session

Browse source
This commit is contained in:
miloschwartz 2025-04-05 22:31:23 -04:00
parent 3a180988be
commit e951e42b4d
No known key found for this signature in database
3 changed files with 36 additions and 17 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
.traefik.yml
View file

@ -8,5 +8,4 @@ summary: Middleware auth bouncer for Pangolin
testData: testData:
apiBaseUrl: "http://localhost:3001/api/v1" apiBaseUrl: "http://localhost:3001/api/v1"
userSessionCookieName: "p_session_token" userSessionCookieName: "p_session_token"
accessTokenQueryParam: "p_token"
resourceSessionRequestParam: "p_session_request" resourceSessionRequestParam: "p_session_request"

1
README.md
View file

@ -17,7 +17,6 @@ Badger requires the following configuration parameters to be specified in your [
```yaml ```yaml
apiBaseUrl: "http://localhost:3001/api/v1" apiBaseUrl: "http://localhost:3001/api/v1"
userSessionCookieName: "p_session_token" userSessionCookieName: "p_session_token"
accessTokenQueryParam: "p_token"
resourceSessionRequestParam: "p_session_request" resourceSessionRequestParam: "p_session_request"
``` ```

51
main.go
View file

@ -12,7 +12,6 @@ import (
type Config struct { type Config struct {
APIBaseUrl string `json:"apiBaseUrl"` APIBaseUrl string `json:"apiBaseUrl"`
UserSessionCookieName string `json:"userSessionCookieName"` UserSessionCookieName string `json:"userSessionCookieName"`
AccessTokenQueryParam string `json:"accessTokenQueryParam"`
ResourceSessionRequestParam string `json:"resourceSessionRequestParam"` ResourceSessionRequestParam string `json:"resourceSessionRequestParam"`
} }
@ -21,7 +20,6 @@ type Badger struct {
name string name string
apiBaseUrl string apiBaseUrl string
userSessionCookieName string userSessionCookieName string
accessTokenQueryParam string
resourceSessionRequestParam string resourceSessionRequestParam string
} }
@ -32,15 +30,17 @@ type VerifyBody struct {
RequestHost *string `json:"host"` RequestHost *string `json:"host"`
RequestPath *string `json:"path"` RequestPath *string `json:"path"`
RequestMethod *string `json:"method"` RequestMethod *string `json:"method"`
AccessToken *string `json:"accessToken,omitempty"`
TLS bool `json:"tls"` TLS bool `json:"tls"`
RequestIP *string `json:"requestIp,omitempty"` RequestIP *string `json:"requestIp,omitempty"`
Headers map[string]string `json:"headers,omitempty"`
Query map[string]string `json:"query,omitempty"`
} }
type VerifyResponse struct { type VerifyResponse struct {
Data struct { Data struct {
Valid bool `json:"valid"` Valid bool `json:"valid"`
RedirectURL *string `json:"redirectUrl"` RedirectURL *string `json:"redirectUrl"`
ResponseHeaders map[string]string `json:"responseHeaders,omitempty"`
} `json:"data"` } `json:"data"`
} }
@ -52,8 +52,9 @@ type ExchangeSessionBody struct {
type ExchangeSessionResponse struct { type ExchangeSessionResponse struct {
Data struct { Data struct {
Valid bool `json:"valid"` Valid bool `json:"valid"`
Cookie *string `json:"cookie"` Cookie *string `json:"cookie"`
ResponseHeaders map[string]string `json:"responseHeaders,omitempty"`
} `json:"data"` } `json:"data"`
} }
@ -67,7 +68,6 @@ func New(ctx context.Context, next http.Handler, config *Config, name string) (h
name: name, name: name,
apiBaseUrl: config.APIBaseUrl, apiBaseUrl: config.APIBaseUrl,
userSessionCookieName: config.UserSessionCookieName, userSessionCookieName: config.UserSessionCookieName,
accessTokenQueryParam: config.AccessTokenQueryParam,
resourceSessionRequestParam: config.ResourceSessionRequestParam, resourceSessionRequestParam: config.ResourceSessionRequestParam,
}, nil }, nil
} }
@ -75,7 +75,6 @@ func New(ctx context.Context, next http.Handler, config *Config, name string) (h
func (p *Badger) ServeHTTP(rw http.ResponseWriter, req *http.Request) { func (p *Badger) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
cookies := p.extractCookies(req) cookies := p.extractCookies(req)
var accessToken *string
queryValues := req.URL.Query() queryValues := req.URL.Query()
if sessionRequestValue := queryValues.Get(p.resourceSessionRequestParam); sessionRequestValue != "" { if sessionRequestValue := queryValues.Get(p.resourceSessionRequestParam); sessionRequestValue != "" {
@ -116,17 +115,18 @@ func (p *Badger) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
originalRequestURL = fmt.Sprintf("%s?%s", originalRequestURL, cleanedQuery) originalRequestURL = fmt.Sprintf("%s?%s", originalRequestURL, cleanedQuery)
} }
if result.Data.ResponseHeaders != nil {
for key, value := range result.Data.ResponseHeaders {
rw.Header().Add(key, value)
}
}
fmt.Println("Got exchange token, redirecting to", originalRequestURL) fmt.Println("Got exchange token, redirecting to", originalRequestURL)
http.Redirect(rw, req, originalRequestURL, http.StatusFound) http.Redirect(rw, req, originalRequestURL, http.StatusFound)
return return
} }
} }
if token := queryValues.Get(p.accessTokenQueryParam); token != "" {
accessToken = &token
queryValues.Del(p.accessTokenQueryParam)
}
cleanedQuery := queryValues.Encode() cleanedQuery := queryValues.Encode()
originalRequestURL := fmt.Sprintf("%s://%s%s", p.getScheme(req), req.Host, req.URL.Path) originalRequestURL := fmt.Sprintf("%s://%s%s", p.getScheme(req), req.Host, req.URL.Path)
if cleanedQuery != "" { if cleanedQuery != "" {
@ -135,6 +135,20 @@ func (p *Badger) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
verifyURL := fmt.Sprintf("%s/badger/verify-session", p.apiBaseUrl) verifyURL := fmt.Sprintf("%s/badger/verify-session", p.apiBaseUrl)
headers := make(map[string]string)
for name, values := range req.Header {
if len(values) > 0 {
headers[name] = values[0] // Send only the first value for simplicity
}
}
queryParams := make(map[string]string)
for key, values := range queryValues {
if len(values) > 0 {
queryParams[key] = values[0]
}
}
cookieData := VerifyBody{ cookieData := VerifyBody{
Sessions: cookies, Sessions: cookies,
OriginalRequestURL: originalRequestURL, OriginalRequestURL: originalRequestURL,
@ -142,9 +156,10 @@ func (p *Badger) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
RequestHost: &req.Host, RequestHost: &req.Host,
RequestPath: &req.URL.Path, RequestPath: &req.URL.Path,
RequestMethod: &req.Method, RequestMethod: &req.Method,
AccessToken: accessToken,
TLS: req.TLS != nil, TLS: req.TLS != nil,
RequestIP: &req.RemoteAddr, RequestIP: &req.RemoteAddr,
Headers: headers,
Query: queryParams,
} }
jsonData, err := json.Marshal(cookieData) jsonData, err := json.Marshal(cookieData)
@ -176,6 +191,12 @@ func (p *Badger) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
return return
} }
if result.Data.ResponseHeaders != nil {
for key, value := range result.Data.ResponseHeaders {
rw.Header().Add(key, value)
}
}
if result.Data.RedirectURL != nil && *result.Data.RedirectURL != "" { if result.Data.RedirectURL != nil && *result.Data.RedirectURL != "" {
fmt.Println("Badger: Redirecting to", *result.Data.RedirectURL) fmt.Println("Badger: Redirecting to", *result.Data.RedirectURL)
http.Redirect(rw, req, *result.Data.RedirectURL, http.StatusFound) http.Redirect(rw, req, *result.Data.RedirectURL, http.StatusFound)