providers/proxy: fix Host/:Authority not being modified
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
parent
6c880e0e62
commit
7088a6b0e6
|
@ -76,16 +76,19 @@ func (a *Application) proxyModifyRequest(ou *url.URL) func(req *http.Request) {
|
||||||
claims, _ := a.getClaims(r)
|
claims, _ := a.getClaims(r)
|
||||||
r.URL.Scheme = ou.Scheme
|
r.URL.Scheme = ou.Scheme
|
||||||
r.URL.Host = ou.Host
|
r.URL.Host = ou.Host
|
||||||
if claims.Proxy != nil && claims.Proxy.BackendOverride != "" {
|
r.Host = ou.Host
|
||||||
|
if claims != nil && claims.Proxy != nil && claims.Proxy.BackendOverride != "" {
|
||||||
u, err := url.Parse(claims.Proxy.BackendOverride)
|
u, err := url.Parse(claims.Proxy.BackendOverride)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
a.log.WithField("backend_override", claims.Proxy.BackendOverride).WithError(err).Warning("failed parse user backend override")
|
a.log.WithField("backend_override", claims.Proxy.BackendOverride).WithError(err).Warning("failed parse user backend override")
|
||||||
return
|
} else {
|
||||||
}
|
|
||||||
r.URL.Scheme = u.Scheme
|
r.URL.Scheme = u.Scheme
|
||||||
r.URL.Host = u.Host
|
r.URL.Host = u.Host
|
||||||
|
r.Host = u.Host
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
a.log.WithField("upstream_url", r.URL.String()).Trace("final upstream url")
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func (a *Application) proxyModifyResponse(res *http.Response) error {
|
func (a *Application) proxyModifyResponse(res *http.Response) error {
|
||||||
|
|
|
@ -0,0 +1,81 @@
|
||||||
|
package application
|
||||||
|
|
||||||
|
import (
|
||||||
|
"net/http"
|
||||||
|
"net/http/httptest"
|
||||||
|
"net/url"
|
||||||
|
"testing"
|
||||||
|
|
||||||
|
"github.com/stretchr/testify/assert"
|
||||||
|
"goauthentik.io/internal/outpost/proxyv2/constants"
|
||||||
|
)
|
||||||
|
|
||||||
|
func TestProxy_ModifyRequest(t *testing.T) {
|
||||||
|
a := newTestApplication()
|
||||||
|
req, _ := http.NewRequest("GET", "http://frontend/foo", nil)
|
||||||
|
u, err := url.Parse("http://backend:8012")
|
||||||
|
if err != nil {
|
||||||
|
panic(err)
|
||||||
|
}
|
||||||
|
a.proxyModifyRequest(u)(req)
|
||||||
|
|
||||||
|
assert.Equal(t, "/foo", req.URL.Path)
|
||||||
|
assert.Equal(t, "backend:8012", req.URL.Host)
|
||||||
|
assert.Equal(t, "backend:8012", req.Host)
|
||||||
|
}
|
||||||
|
|
||||||
|
func TestProxy_ModifyRequest_Claims(t *testing.T) {
|
||||||
|
a := newTestApplication()
|
||||||
|
req, _ := http.NewRequest("GET", "http://frontend/foo", nil)
|
||||||
|
u, err := url.Parse("http://backend:8012")
|
||||||
|
if err != nil {
|
||||||
|
panic(err)
|
||||||
|
}
|
||||||
|
rr := httptest.NewRecorder()
|
||||||
|
|
||||||
|
s, _ := a.sessions.Get(req, constants.SeesionName)
|
||||||
|
s.Values[constants.SessionClaims] = Claims{
|
||||||
|
Sub: "foo",
|
||||||
|
Proxy: &ProxyClaims{
|
||||||
|
BackendOverride: "http://other-backend:8123",
|
||||||
|
},
|
||||||
|
}
|
||||||
|
err = a.sessions.Save(req, rr, s)
|
||||||
|
if err != nil {
|
||||||
|
panic(err)
|
||||||
|
}
|
||||||
|
|
||||||
|
a.proxyModifyRequest(u)(req)
|
||||||
|
|
||||||
|
assert.Equal(t, "/foo", req.URL.Path)
|
||||||
|
assert.Equal(t, "other-backend:8123", req.URL.Host)
|
||||||
|
assert.Equal(t, "other-backend:8123", req.Host)
|
||||||
|
}
|
||||||
|
|
||||||
|
func TestProxy_ModifyRequest_Claims_Invalid(t *testing.T) {
|
||||||
|
a := newTestApplication()
|
||||||
|
req, _ := http.NewRequest("GET", "http://frontend/foo", nil)
|
||||||
|
u, err := url.Parse("http://backend:8012")
|
||||||
|
if err != nil {
|
||||||
|
panic(err)
|
||||||
|
}
|
||||||
|
rr := httptest.NewRecorder()
|
||||||
|
|
||||||
|
s, _ := a.sessions.Get(req, constants.SeesionName)
|
||||||
|
s.Values[constants.SessionClaims] = Claims{
|
||||||
|
Sub: "foo",
|
||||||
|
Proxy: &ProxyClaims{
|
||||||
|
BackendOverride: ":qewr",
|
||||||
|
},
|
||||||
|
}
|
||||||
|
err = a.sessions.Save(req, rr, s)
|
||||||
|
if err != nil {
|
||||||
|
panic(err)
|
||||||
|
}
|
||||||
|
|
||||||
|
a.proxyModifyRequest(u)(req)
|
||||||
|
|
||||||
|
assert.Equal(t, "/foo", req.URL.Path)
|
||||||
|
assert.Equal(t, "backend:8012", req.URL.Host)
|
||||||
|
assert.Equal(t, "backend:8012", req.Host)
|
||||||
|
}
|
Reference in New Issue