Add "fake ssl termination" capability to the hydra client

Replicating de "--fake-ssl-termination" option of the official hydra
client

cmd/server/container.go

@@ -3,7 +3,6 @@ package main
 import (
 	"log"
 	"net/http"
-	"time"
 
 	"gitlab.com/wpetit/goweb/cqrs"
 	"gitlab.com/wpetit/goweb/template/html"
@@ -104,7 +103,14 @@ func getServiceContainer(conf *config.Config) (*service.Container, error) {
 	// Create and expose config service provider
 	ctn.Provide(config.ServiceName, config.ServiceProvider(conf))
 
-	ctn.Provide(hydra.ServiceName, hydra.ServiceProvider(conf.Hydra.BaseURL, 30*time.Second))
+	ctn.Provide(
+		hydra.ServiceName,
+		hydra.ServiceProvider(
+			conf.Hydra.BaseURL,
+			conf.Hydra.FakeSSLTermination,
+			conf.Hydra.HTTPClientTimeout,
+		),
+	)
 
 	ctn.Provide(mail.ServiceName, mail.ServiceProvider(
 		mail.WithServer(conf.SMTP.Host, conf.SMTP.Port),

internal/config/config.go

@@ -60,6 +60,11 @@ type SMTPConfig struct {
 
 type HydraConfig struct {
 	BaseURL string `yaml:"baseURL" env:"HYDRA_BASE_URL"`
+	// Fake upstream SSL termination adding the "X-Forwarded-Proto: https" to the OIDC client
+	// HTTP request headers.
+	// Required by ory/hydra in some networks topologies
+	FakeSSLTermination bool          `yaml:"fakeSSLTermination" env:"HYDRA_FAKE_SSL_TERMINATION"`
+	HTTPClientTimeout  time.Duration `yaml:"httpClientTimeout" env:"HYDRA_HTTP_CLIENT_TIMEOUT"`
 }
 
 func NewDumpDefault() *Config {
@@ -90,7 +95,9 @@ func NewDefault() *Config {
 			SenderName:    "noreply",
 		},
 		Hydra: HydraConfig{
-			BaseURL: "http://localhost:4445/",
+			BaseURL:            "http://localhost:4445/",
+			FakeSSLTermination: false,
+			HTTPClientTimeout:  time.Second * 30, //nolint: gomnb
 		},
 	}
 }

internal/hydra/client.go

@@ -188,11 +188,26 @@ func fromURL(url url.URL, path string, query url.Values) string {
 	return url.String()
 }
 
-func NewClient(baseURL *url.URL, httpTimeout time.Duration) *Client {
+type fakeSSLTerminationTransport struct {
+	T http.RoundTripper
+}
+
+func (t *fakeSSLTerminationTransport) RoundTrip(req *http.Request) (*http.Response, error) {
+	req.Header.Add("X-Forwarded-Proto", "https")
+	return t.T.RoundTrip(req)
+}
+
+func NewClient(baseURL *url.URL, fakeSSLTermination bool, httpTimeout time.Duration) *Client {
+	httpClient := &http.Client{
+		Timeout: httpTimeout,
+	}
+
+	if fakeSSLTermination {
+		httpClient.Transport = &fakeSSLTerminationTransport{http.DefaultTransport}
+	}
+
 	return &Client{
 		baseURL: baseURL,
-		http: &http.Client{
+		http:    httpClient,
-			Timeout: 30 * time.Second,
-		},
 	}
 }

internal/hydra/provider.go

@@ -8,7 +8,7 @@ import (
 	"gitlab.com/wpetit/goweb/service"
 )
 
-func ServiceProvider(rawBaseURL string, httpTimeout time.Duration) service.Provider {
+func ServiceProvider(rawBaseURL string, fakeSSLTermination bool, httpTimeout time.Duration) service.Provider {
 	var (
 		baseURL *url.URL
 		err     error
@@ -19,7 +19,7 @@ func ServiceProvider(rawBaseURL string, httpTimeout time.Duration) service.Provi
 		err = errors.Wrap(err, "could not parse base url")
 	}
 
-	client := NewClient(baseURL, httpTimeout)
+	client := NewClient(baseURL, fakeSSLTermination, httpTimeout)
 
 	return func(ctn *service.Container) (interface{}, error) {
 		if err != nil {