enable fake TLS termination

internal/hydra/consent.go

@@ -13,18 +13,19 @@ import (
 
 // ConsentReqDoer fetches information on the OAuth2 request and then accept or reject the requested authentication process.
 type ConsentReqDoer struct {
-	hydraURL    string
-	rememberFor int
+	hydraURL           string
+	fakeTlsTermination bool
+	rememberFor        int
 }
 
 // NewConsentReqDoer creates a ConsentRequest.
-func NewConsentReqDoer(hydraURL string, rememberFor int) *ConsentReqDoer {
-	return &ConsentReqDoer{hydraURL: hydraURL, rememberFor: rememberFor}
+func NewConsentReqDoer(hydraURL string, fakeTlsTermination bool, rememberFor int) *ConsentReqDoer {
+	return &ConsentReqDoer{hydraURL: hydraURL, fakeTlsTermination: fakeTlsTermination, rememberFor: rememberFor}
 }
 
 // InitiateRequest fetches information on the OAuth2 request.
 func (crd *ConsentReqDoer) InitiateRequest(challenge string) (*ReqInfo, error) {
-	ri, err := initiateRequest(consent, crd.hydraURL, challenge)
+	ri, err := initiateRequest(consent, crd.hydraURL, crd.fakeTlsTermination, challenge)
 	return ri, errors.Wrap(err, "failed to initiate consent request")
 }
 

internal/hydra/hydra.go

@@ -44,7 +44,7 @@ type ReqInfo struct {
 	Subject         string   `json:"subject"`
 }
 
-func initiateRequest(typ reqType, hydraURL, challenge string) (*ReqInfo, error) {
+func initiateRequest(typ reqType, hydraURL string, fakeTlsTermination bool, challenge string) (*ReqInfo, error) {
 	if challenge == "" {
 		return nil, ErrChallengeMissed
 	}
@@ -58,7 +58,16 @@ func initiateRequest(typ reqType, hydraURL, challenge string) (*ReqInfo, error)
 	}
 	u = u.ResolveReference(ref)
 
-	resp, err := http.Get(u.String())
+	req, err := http.NewRequest("GET", u.String(), nil)
+	if err != nil {
+		return nil, err
+	}
+	if fakeTlsTermination {
+		req.Header.Add("X-Forwarded-Proto", "https")
+	}
+
+	client := &http.Client{}
+	resp, err := client.Do(req)
 	if err != nil {
 		return nil, err
 	}

internal/hydra/login.go

@@ -13,18 +13,19 @@ import (
 
 // LoginReqDoer fetches information on the OAuth2 request and then accept or reject the requested authentication process.
 type LoginReqDoer struct {
-	hydraURL    string
-	rememberFor int
+	hydraURL           string
+	fakeTlsTermination bool
+	rememberFor        int
 }
 
 // NewLoginReqDoer creates a LoginRequest.
-func NewLoginReqDoer(hydraURL string, rememberFor int) *LoginReqDoer {
-	return &LoginReqDoer{hydraURL: hydraURL, rememberFor: rememberFor}
+func NewLoginReqDoer(hydraURL string, fakeTlsTermination bool, rememberFor int) *LoginReqDoer {
+	return &LoginReqDoer{hydraURL: hydraURL, fakeTlsTermination: fakeTlsTermination, rememberFor: rememberFor}
 }
 
 // InitiateRequest fetches information on the OAuth2 request.
 func (lrd *LoginReqDoer) InitiateRequest(challenge string) (*ReqInfo, error) {
-	ri, err := initiateRequest(login, lrd.hydraURL, challenge)
+	ri, err := initiateRequest(login, lrd.hydraURL, lrd.fakeTlsTermination, challenge)
 	return ri, errors.Wrap(err, "failed to initiate login request")
 }
 

internal/hydra/logout.go

@@ -13,17 +13,18 @@ import (
 
 // LogoutReqDoer fetches information on the OAuth2 request and then accepts or rejects the requested logout process.
 type LogoutReqDoer struct {
-	hydraURL string
+	hydraURL           string
+	fakeTlsTermination bool
 }
 
 // NewLogoutReqDoer creates a LogoutRequest.
-func NewLogoutReqDoer(hydraURL string) *LogoutReqDoer {
-	return &LogoutReqDoer{hydraURL: hydraURL}
+func NewLogoutReqDoer(hydraURL string, fakeTlsTermination bool) *LogoutReqDoer {
+	return &LogoutReqDoer{hydraURL: hydraURL, fakeTlsTermination: fakeTlsTermination}
 }
 
 // InitiateRequest fetches information on the OAuth2 request.
 func (lrd *LogoutReqDoer) InitiateRequest(challenge string) (*ReqInfo, error) {
-	ri, err := initiateRequest(logout, lrd.hydraURL, challenge)
+	ri, err := initiateRequest(logout, lrd.hydraURL, lrd.fakeTlsTermination, challenge)
 	return ri, errors.Wrap(err, "failed to initiate logout request")
 }