mirror of
https://github.com/nais/wonderwall.git
synced 2026-05-09 09:56:48 +00:00
10e71a7bb5
The use of these headers in upstreams may be risky, espeically if Wonderwall is accidentally misconfigured or disabled, or requests are performed directly to the upstream circumventing Wonderwall. We should prefer using a signed token or similar that can be verified by the upstreams.
56 lines
1.3 KiB
Go
56 lines
1.3 KiB
Go
package middleware
|
|
|
|
import (
|
|
"context"
|
|
"net/http"
|
|
|
|
"github.com/nais/wonderwall/pkg/ingress"
|
|
)
|
|
|
|
type contextKey string
|
|
|
|
const (
|
|
ctxAccessToken = contextKey("AccessToken")
|
|
ctxIngress = contextKey("Ingress")
|
|
ctxPath = contextKey("Path")
|
|
)
|
|
|
|
func AccessTokenFrom(ctx context.Context) (string, bool) {
|
|
accessToken, ok := ctx.Value(ctxAccessToken).(string)
|
|
return accessToken, ok
|
|
}
|
|
|
|
func WithAccessToken(ctx context.Context, accessToken string) context.Context {
|
|
return context.WithValue(ctx, ctxAccessToken, accessToken)
|
|
}
|
|
|
|
func IngressFrom(ctx context.Context) (ingress.Ingress, bool) {
|
|
i, ok := ctx.Value(ctxIngress).(ingress.Ingress)
|
|
return i, ok
|
|
}
|
|
|
|
func WithIngress(ctx context.Context, ingress ingress.Ingress) context.Context {
|
|
return context.WithValue(ctx, ctxIngress, ingress)
|
|
}
|
|
|
|
func RequestWithIngress(r *http.Request, ing ingress.Ingress) *http.Request {
|
|
ctx := r.Context()
|
|
ctx = WithIngress(ctx, ing)
|
|
return r.WithContext(ctx)
|
|
}
|
|
|
|
func PathFrom(ctx context.Context) (string, bool) {
|
|
path, ok := ctx.Value(ctxPath).(string)
|
|
return path, ok
|
|
}
|
|
|
|
func WithPath(ctx context.Context, path string) context.Context {
|
|
return context.WithValue(ctx, ctxPath, path)
|
|
}
|
|
|
|
func RequestWithPath(r *http.Request, path string) *http.Request {
|
|
ctx := r.Context()
|
|
ctx = WithPath(ctx, path)
|
|
return r.WithContext(ctx)
|
|
}
|