package authn import ( "net/http" "forge.cadoles.com/Cadoles/go-proxy" "forge.cadoles.com/Cadoles/go-proxy/wildcard" "forge.cadoles.com/cadoles/bouncer/internal/proxy/director" "forge.cadoles.com/cadoles/bouncer/internal/store" "github.com/pkg/errors" "gitlab.com/wpetit/goweb/logger" ) type Layer struct { layerType store.LayerType auth Authenticator } func (l *Layer) Middleware(layer *store.Layer) proxy.Middleware { return func(next http.Handler) http.Handler { fn := func(w http.ResponseWriter, r *http.Request) { ctx := r.Context() options, err := fromStoreOptions(layer.Options) if err != nil { logger.Error(ctx, "could not parse layer options", logger.E(errors.WithStack(err))) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) return } if preAuth, ok := l.auth.(PreAuthentication); ok { if err := preAuth.PreAuthentication(w, r, layer); err != nil { if errors.Is(err, ErrSkipRequest) { return } logger.Error(ctx, "could not execute pre-auth hook", logger.E(errors.WithStack(err))) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) return } } matches := wildcard.MatchAny(r.URL.String(), options.MatchURLs...) if !matches { next.ServeHTTP(w, r) return } user, err := l.auth.Authenticate(w, r, layer) if err != nil { if errors.Is(err, ErrSkipRequest) { return } logger.Error(ctx, "could not authenticate user", logger.E(errors.WithStack(err))) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) return } if err := l.injectHeaders(r, options, user); err != nil { logger.Error(ctx, "could not inject headers", logger.E(errors.WithStack(err))) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) return } if postAuth, ok := l.auth.(PostAuthentication); ok { if err := postAuth.PostAuthentication(w, r, layer, user); err != nil { if errors.Is(err, ErrSkipRequest) { return } logger.Error(ctx, "could not execute post-auth hook", logger.E(errors.WithStack(err))) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) return } } next.ServeHTTP(w, r) } return http.HandlerFunc(fn) } } // LayerType implements director.MiddlewareLayer func (l *Layer) LayerType() store.LayerType { return l.layerType } func NewLayer(layerType store.LayerType, auth Authenticator) *Layer { return &Layer{ layerType: layerType, auth: auth, } } var _ director.MiddlewareLayer = &Layer{}