forked from kyma-project/kyma
-
Notifications
You must be signed in to change notification settings - Fork 0
/
proxy.go
136 lines (113 loc) · 4 KB
/
proxy.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
package proxy
import (
"context"
"encoding/json"
"net/http"
"time"
"github.com/kyma-project/kyma/components/gateway/internal/apperrors"
"github.com/kyma-project/kyma/components/gateway/internal/httpconsts"
"github.com/kyma-project/kyma/components/gateway/internal/httperrors"
"github.com/kyma-project/kyma/components/gateway/internal/k8sconsts"
"github.com/kyma-project/kyma/components/gateway/internal/metadata"
"github.com/kyma-project/kyma/components/gateway/internal/metadata/serviceapi"
"github.com/kyma-project/kyma/components/gateway/internal/proxy/proxycache"
log "github.com/sirupsen/logrus"
)
type proxy struct {
nameResolver k8sconsts.NameResolver
serviceDefService metadata.ServiceDefinitionService
oauthClient OAuthClient
httpProxyCache proxycache.HTTPProxyCache
skipVerify bool
proxyTimeout int
}
// New creates proxy for handling user's services calls
func New(nameResolver k8sconsts.NameResolver, serviceDefService metadata.ServiceDefinitionService,
oauthClient OAuthClient, httpProxyCache proxycache.HTTPProxyCache, skipVerify bool, proxyTimeout int) http.Handler {
return &proxy{
nameResolver: nameResolver,
serviceDefService: serviceDefService,
oauthClient: oauthClient,
httpProxyCache: httpProxyCache,
skipVerify: skipVerify,
proxyTimeout: proxyTimeout,
}
}
// NewInvalidStateHandler creates handler always returning 500 response
func NewInvalidStateHandler(message string) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
handleErrors(w, apperrors.Internal(message))
})
}
func (p *proxy) ServeHTTP(w http.ResponseWriter, r *http.Request) {
id := p.nameResolver.ExtractServiceId(r.Host)
cacheObj, found := p.httpProxyCache.Get(id)
var err apperrors.AppError
if !found {
cacheObj, err = p.createAndCacheProxy(id)
if err != nil {
handleErrors(w, err)
return
}
}
kymaAuthorization := r.Header.Get(httpconsts.HeaderAccessToken)
if kymaAuthorization != "" {
r.Header.Del(httpconsts.HeaderAccessToken)
r.Header.Set(httpconsts.HeaderAuthorization, kymaAuthorization)
} else if cacheObj.OauthUrl != "" {
err = p.addCredentials(r, cacheObj.OauthUrl, cacheObj.ClientId, cacheObj.ClientSecret)
if err != nil {
handleErrors(w, err)
return
}
}
ctx, cancel := context.WithTimeout(context.Background(), time.Duration(p.proxyTimeout)*time.Second)
defer cancel()
requestWithContext := r.WithContext(ctx)
cacheObj.Proxy.ServeHTTP(w, requestWithContext)
}
func (p *proxy) createAndCacheProxy(id string) (*proxycache.Proxy, apperrors.AppError) {
serviceApi, err := p.serviceDefService.GetAPI(id)
if err != nil {
return nil, err
}
proxy, err := makeProxy(serviceApi.TargetUrl, id, p.skipVerify)
if oauthCredentialsProvided(serviceApi.Credentials) {
return p.httpProxyCache.Add(
id,
serviceApi.Credentials.Oauth.URL,
serviceApi.Credentials.Oauth.ClientID,
serviceApi.Credentials.Oauth.ClientSecret,
proxy,
), nil
}
return p.httpProxyCache.Add(
id,
"",
"",
"",
proxy,
), nil
}
func (p *proxy) addCredentials(r *http.Request, oauthUrl, clientId, clientSecret string) apperrors.AppError {
token, err := p.oauthClient.GetToken(clientId, clientSecret, oauthUrl)
if err != nil {
log.Errorf("failed to get token : '%s'", err)
return err
}
r.Header.Set(httpconsts.HeaderAuthorization, token)
log.Infof("OAuth token fecthed. Adding Authorization header: %s", r.Header.Get("Authorization"))
return nil
}
func respondWithBody(w http.ResponseWriter, code int, body httperrors.ErrorResponse) {
w.Header().Set(httpconsts.HeaderContentType, httpconsts.ContentTypeApplicationJson)
w.WriteHeader(code)
json.NewEncoder(w).Encode(body)
}
func handleErrors(w http.ResponseWriter, apperr apperrors.AppError) {
code, body := httperrors.AppErrorToResponse(apperr)
respondWithBody(w, code, body)
}
func oauthCredentialsProvided(credentials *serviceapi.Credentials) bool {
return credentials != nil && credentials.Oauth.ClientID != "" && credentials.Oauth.ClientSecret != ""
}