-
Notifications
You must be signed in to change notification settings - Fork 343
/
forwardtoken.go
108 lines (92 loc) · 2.62 KB
/
forwardtoken.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
package auth
import (
"encoding/json"
"fmt"
"github.com/zalando/skipper/filters"
"golang.org/x/net/http/httpguts"
)
const (
// Deprecated, use filters.ForwardTokenName instead
ForwardTokenName = filters.ForwardTokenName
)
type (
forwardTokenSpec struct{}
forwardTokenFilter struct {
HeaderName string
RetainJsonKeys []string
}
)
// NewForwardToken creates a filter to forward the result of token info or
// token introspection to the backend server.
func NewForwardToken() filters.Spec {
return &forwardTokenSpec{}
}
func (s *forwardTokenSpec) Name() string {
return filters.ForwardTokenName
}
func (*forwardTokenSpec) CreateFilter(args []interface{}) (filters.Filter, error) {
if len(args) < 1 {
return nil, filters.ErrInvalidFilterParameters
}
headerName, ok := args[0].(string)
if !ok {
return nil, filters.ErrInvalidFilterParameters
}
valid := httpguts.ValidHeaderFieldName(headerName)
if !valid {
return nil, fmt.Errorf("header name %s in invalid", headerName)
}
remainingArgs := args[1:]
stringifiedRemainingArgs := make([]string, len(remainingArgs))
for i, v := range remainingArgs {
maskedKeyName, ok := v.(string)
if !ok {
return nil, filters.ErrInvalidFilterParameters
}
stringifiedRemainingArgs[i] = maskedKeyName
}
return &forwardTokenFilter{HeaderName: headerName, RetainJsonKeys: stringifiedRemainingArgs}, nil
}
func getTokenPayload(ctx filters.FilterContext, cacheKey string) interface{} {
cachedValue, ok := ctx.StateBag()[cacheKey]
if !ok {
return nil
}
return cachedValue
}
func (f *forwardTokenFilter) Request(ctx filters.FilterContext) {
tiMap := getTokenPayload(ctx, tokeninfoCacheKey)
if tiMap == nil {
tiMap = getTokenPayload(ctx, tokenintrospectionCacheKey)
}
if tiMap == nil {
return
}
if len(f.RetainJsonKeys) > 0 {
switch typedTiMap := tiMap.(type) {
case map[string]interface{}:
tiMap = retainKeys(typedTiMap, f.RetainJsonKeys)
case tokenIntrospectionInfo:
tiMap = retainKeys(typedTiMap, f.RetainJsonKeys)
default:
ctx.Logger().Errorf("Unexpected input type[%T] for `forwardToken` filter. Unable to apply mask", typedTiMap)
}
}
payload, err := json.Marshal(tiMap)
if err != nil {
ctx.Logger().Errorf("Error while marshaling token: %v.", err)
return
}
request := ctx.Request()
request.Header.Set(f.HeaderName, string(payload))
}
func (*forwardTokenFilter) Response(filters.FilterContext) {}
func retainKeys(data map[string]interface{}, keys []string) map[string]interface{} {
whitelistedKeys := make(map[string]interface{})
for _, v := range keys {
if val, ok := data[v]; ok {
whitelistedKeys[v] = val
}
}
return whitelistedKeys
}