forked from zalando/skipper
-
Notifications
You must be signed in to change notification settings - Fork 0
/
webhook.go
84 lines (70 loc) · 1.8 KB
/
webhook.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
package auth
import (
"net/http"
"time"
"github.com/zalando/skipper/filters"
)
const (
WebhookName = "webhook"
)
type (
webhookSpec struct {
Timeout time.Duration
}
webhookFilter struct {
authClient *authClient
}
)
// NewWebhook creates a new auth filter specification
// to validate authorization for requests.
func NewWebhook(d time.Duration) filters.Spec {
return &webhookSpec{Timeout: d}
}
func (*webhookSpec) Name() string {
return WebhookName
}
// CreateFilter creates an auth filter. The first argument is an URL
// string.
//
// s.CreateFilter("https://my-auth-service.example.org/auth")
//
func (ws *webhookSpec) CreateFilter(args []interface{}) (filters.Filter, error) {
if l := len(args); l == 0 || l > 2 {
return nil, filters.ErrInvalidFilterParameters
}
s, ok := args[0].(string)
if !ok {
return nil, filters.ErrInvalidFilterParameters
}
ac, err := newAuthClient(s, ws.Timeout)
if err != nil {
return nil, filters.ErrInvalidFilterParameters
}
return &webhookFilter{authClient: ac}, nil
}
func copyHeader(to, from http.Header) {
for k, v := range from {
to[http.CanonicalHeaderKey(k)] = v
}
}
func (f *webhookFilter) Request(ctx filters.FilterContext) {
statusCode, err := f.authClient.getWebhook(ctx.Request())
if err != nil {
unauthorized(ctx, WebhookName, authServiceAccess, f.authClient.url.Hostname())
}
// redirects, auth errors, webhook errors
if statusCode >= 300 {
unauthorized(ctx, WebhookName, invalidAccess, f.authClient.url.Hostname())
}
authorized(ctx, WebhookName)
}
func (*webhookFilter) Response(filters.FilterContext) {}
// Close cleans-up the quit channel used for this filter
func (f *webhookFilter) Close() {
f.authClient.mu.Lock()
if f.authClient.quit != nil {
close(f.authClient.quit)
f.authClient.quit = nil
}
f.authClient.mu.Unlock()
}