claim transformation

handler/reverseproxy/modifiers.go

@@ -0,0 +1,39 @@
+package reverseproxy
+
+import (
+	"context"
+	"errors"
+	"github.com/osstotalsoft/bifrost/abstraction"
+	"net/http"
+)
+
+//ClearCorsHeaders deletes cors headers from upstream service
+func ClearCorsHeaders(response *http.Response) error {
+	//hack when upstream service has cors enabled; cors will be handled by the gateway
+	response.Header.Del("Access-Control-Allow-Origin")
+	response.Header.Del("Access-Control-Allow-Credentials")
+	response.Header.Del("Access-Control-Allow-Methods")
+	response.Header.Del("Access-Control-Allow-Headers")
+	return nil
+}
+
+//AddUserIdToHeader puts userId claim to request header
+func AddUserIdToHeader(req *http.Request) error {
+	claims, err := getClaims(req.Context())
+	if err == nil {
+		if sub, ok := claims["sub"]; ok {
+			req.Header.Add(abstraction.HttpUserIdHeader, sub.(string))
+		}
+	}
+	return nil
+}
+
+//getClaims get the claims map stored in the context
+func getClaims(context context.Context) (map[string]interface{}, error) {
+	claims, ok := context.Value(abstraction.ContextClaimsKey).(map[string]interface{})
+	if !ok {
+		return nil, errors.New("claims not present or not authenticated")
+	}
+
+	return claims, nil
+}

handler/reverseproxy/reverseproxy.go

@@ -1,8 +1,6 @@
 package reverseproxy
 
 import (
-	"context"
-	"errors"
 	"fmt"
 	"github.com/osstotalsoft/bifrost/abstraction"
 	"github.com/osstotalsoft/bifrost/handler"
@@ -16,41 +14,36 @@ import (
 	"strings"
 )
 
+type RequestModifier func(r *http.Request) error
+type ResponseModifier func(r *http.Response) error
+
 //NewReverseProxy create a new reverproxy http.Handler for each endpoint
-func NewReverseProxy(transport http.RoundTripper) handler.Func {
+func NewReverseProxy(transport http.RoundTripper, requestModifier RequestModifier, responseModifier ResponseModifier) handler.Func {
 	return func(endPoint abstraction.Endpoint, loggerFactory log.Factory) http.Handler {
 		//https://github.com/golang/go/issues/16012
 		//http.DefaultTransport.(*http.Transport).MaxIdleConnsPerHost = 100
 
 		return &httputil.ReverseProxy{
-			Director:       getDirector(endPoint.UpstreamURL, endPoint.UpstreamPath, endPoint.UpstreamPathPrefix, loggerFactory),
-			ModifyResponse: modifyResponse,
+			Director:       getDirector(endPoint.UpstreamURL, endPoint.UpstreamPath, endPoint.UpstreamPathPrefix, loggerFactory, requestModifier),
+			ModifyResponse: responseModifier,
 			Transport:      transport,
 		}
 	}
 }
 
-func modifyResponse(response *http.Response) error {
-	//hack when upstream service has cors enabled; cors will be handled by the gateway
-	response.Header.Del("Access-Control-Allow-Origin")
-	response.Header.Del("Access-Control-Allow-Credentials")
-	response.Header.Del("Access-Control-Allow-Methods")
-	response.Header.Del("Access-Control-Allow-Headers")
-	return nil
-}
-
-func getDirector(targetUrl, targetUrlPath, targetUrlPrefix string, loggerFactory log.Factory) func(req *http.Request) {
+func getDirector(targetUrl, targetUrlPath, targetUrlPrefix string, loggerFactory log.Factory, requestModifier RequestModifier) func(req *http.Request) {
 	return func(req *http.Request) {
 		logger := loggerFactory(req.Context())
 		routeContext, ok := router.GetRouteContextFromRequestContext(req.Context())
 		if !ok {
 			logger.Panic("routeContext not found")
 		}
 
-		claims, err := getClaims(req.Context())
-		if err == nil {
-			if sub, ok := claims["sub"]; ok {
-				req.Header.Add(abstraction.HttpUserIdHeader, sub.(string))
+		if requestModifier != nil {
+			err := requestModifier(req)
+			if err != nil {
+				logger.Panic("Error when calling requestModifier", zap.Error(err))
+				return
 			}
 		}
 
@@ -90,16 +83,6 @@ func getDirector(targetUrl, targetUrlPath, targetUrlPrefix string, loggerFactory
 	}
 }
 
-//getClaims get the claims map stored in the context
-func getClaims(context context.Context) (map[string]interface{}, error) {
-	claims, ok := context.Value(abstraction.ContextClaimsKey).(map[string]interface{})
-	if !ok {
-		return nil, errors.New("claims not present or not authenticated")
-	}
-
-	return claims, nil
-}
-
 func replaceVarsInTarget(targetUrl string, vars map[string]string) string {
 	for key, val := range vars {
 		targetUrl = strings.Replace(targetUrl, "{"+key+"}", val, 1)