github/wonderwall
1
0
Fork 0
mirror of https://github.com/nais/wonderwall.git synced 2026-05-09 01:47:03 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
5a50ba7c3af62cb6bf2098f991afb07c45fda62b
wonderwall/pkg/handler/handler_default.go
Trong Huu Nguyen 5a50ba7c3a feat: support multiple ingresses 
Replace hardcoded callback URLs with dynamic generation
of URLs based on incoming requests. These are validated against
a pre-registered list of ingresses for which Wonderwall is considered
authorative for.

We also preserve the cookie behaviour; the most specific ingress path
and domain is used for the cookies.

The `url` package has been moved to the `handler` package, and its
implementation refactored slightly for readability and DRY.
2022-08-17 20:43:56 +02:00

55 lines
1.5 KiB
Go
Raw Blame History

package handler
import (
"net/http"
"github.com/nais/wonderwall/pkg/handler/url"
mw "github.com/nais/wonderwall/pkg/middleware"
)
// Default proxies all requests upstream.
func (h *Handler) Default(w http.ResponseWriter, r *http.Request) {
logger := mw.LogEntry(r).WithField("request_path", r.URL.Path)
isAuthenticated := false
accessToken, ok := h.accessToken(w, r)
if ok {
// add authentication if session cookie and token checks out
isAuthenticated = true
// force new authentication if loginstatus is enabled and cookie isn't set
if h.Loginstatus.NeedsLogin(r) {
isAuthenticated = false
logger.Info("default: loginstatus was enabled, but no matching cookie was found; state is now unauthenticated")
}
}
if h.AutoLogin.NeedsLogin(r, isAuthenticated) {
logger.Debug("default: auto-login is enabled; request does not match any configured ignorable paths")
redirectTarget := r.URL.String()
path := h.Path(r)
loginUrl := url.LoginURL(path, redirectTarget)
http.Redirect(w, r, loginUrl, http.StatusTemporaryRedirect)
return
}
ctx := r.Context()
if isAuthenticated {
ctx = mw.WithAccessToken(ctx, accessToken)
}
h.ReverseProxy.ServeHTTP(w, r.WithContext(ctx))
}
func (h *Handler) accessToken(w http.ResponseWriter, r *http.Request) (string, bool) {
sessionData, err := h.getSessionFromCookie(w, r)
if err != nil || sessionData == nil || len(sessionData.AccessToken) == 0 {
return "", false
}
return sessionData.AccessToken, true
}
Reference in New Issue View Git Blame Copy Permalink