1
0
Fork 0

Add option to preserve request method in forwardAuth

This commit is contained in:
Shivam Saxena 2025-01-23 18:58:04 +05:30 committed by GitHub
parent 2b6a04bc1d
commit 2afa03b55c
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
15 changed files with 139 additions and 5 deletions

View file

@ -57,6 +57,7 @@ type forwardAuth struct {
forwardBody bool
maxBodySize int64
preserveLocationHeader bool
preserveRequestMethod bool
}
// NewForward creates a forward auth middleware.
@ -81,6 +82,7 @@ func NewForward(ctx context.Context, next http.Handler, config dynamic.ForwardAu
forwardBody: config.ForwardBody,
maxBodySize: dynamic.ForwardAuthDefaultMaxBodySize,
preserveLocationHeader: config.PreserveLocationHeader,
preserveRequestMethod: config.PreserveRequestMethod,
}
if config.MaxBodySize != nil {
@ -135,7 +137,12 @@ func (fa *forwardAuth) GetTracingInformation() (string, string, trace.SpanKind)
func (fa *forwardAuth) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
logger := middlewares.GetLogger(req.Context(), fa.name, typeNameForward)
forwardReq, err := http.NewRequestWithContext(req.Context(), http.MethodGet, fa.address, nil)
forwardReqMethod := http.MethodGet
if fa.preserveRequestMethod {
forwardReqMethod = req.Method
}
forwardReq, err := http.NewRequestWithContext(req.Context(), forwardReqMethod, fa.address, nil)
if err != nil {
logger.Debug().Err(err).Msgf("Error calling %s", fa.address)
observability.SetStatusErrorf(req.Context(), "Error calling %s. Cause %s", fa.address, err)

View file

@ -739,6 +739,63 @@ func TestForwardAuthPreserveLocationHeader(t *testing.T) {
assert.Equal(t, relativeURL, res.Header.Get("Location"))
}
func TestForwardAuthPreserveRequestMethod(t *testing.T) {
testCases := []struct {
name string
preserveRequestMethod bool
originalReqMethod string
expectedReqMethodInAuthServer string
}{
{
name: "preserve request method",
preserveRequestMethod: true,
originalReqMethod: http.MethodPost,
expectedReqMethodInAuthServer: http.MethodPost,
},
{
name: "do not preserve request method",
preserveRequestMethod: false,
originalReqMethod: http.MethodPost,
expectedReqMethodInAuthServer: http.MethodGet,
},
}
for _, test := range testCases {
t.Run(test.name, func(t *testing.T) {
reqReachesAuthServer := false
authServer := httptest.NewServer(http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) {
reqReachesAuthServer = true
assert.Equal(t, test.expectedReqMethodInAuthServer, req.Method)
}))
t.Cleanup(authServer.Close)
reqReachesNextServer := false
next := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
reqReachesNextServer = true
assert.Equal(t, test.originalReqMethod, r.Method)
})
auth := dynamic.ForwardAuth{
Address: authServer.URL,
PreserveRequestMethod: test.preserveRequestMethod,
}
middleware, err := NewForward(context.Background(), next, auth, "authTest")
require.NoError(t, err)
ts := httptest.NewServer(middleware)
t.Cleanup(ts.Close)
req := testhelpers.MustNewRequest(test.originalReqMethod, ts.URL, nil)
res, err := http.DefaultClient.Do(req)
require.NoError(t, err)
assert.Equal(t, http.StatusOK, res.StatusCode)
assert.True(t, reqReachesAuthServer)
assert.True(t, reqReachesNextServer)
})
}
}
type mockTracer struct {
embedded.Tracer