Add option to preserve request method in forwardAuth

2025-01-23 18:58:04 +05:30 · 2025-01-23 18:58:04 +05:30 · 2afa03b55c
commit 2afa03b55c
parent 2b6a04bc1d
15 changed files with 139 additions and 5 deletions
--- a/pkg/middlewares/auth/forward.go
+++ b/pkg/middlewares/auth/forward.go
@ -57,6 +57,7 @@ type forwardAuth struct {
 	forwardBody              bool
 	maxBodySize              int64
 	preserveLocationHeader   bool
+	preserveRequestMethod    bool
 }

 // NewForward creates a forward auth middleware.
@ -81,6 +82,7 @@ func NewForward(ctx context.Context, next http.Handler, config dynamic.ForwardAu
 		forwardBody:              config.ForwardBody,
 		maxBodySize:              dynamic.ForwardAuthDefaultMaxBodySize,
 		preserveLocationHeader:   config.PreserveLocationHeader,
+		preserveRequestMethod:    config.PreserveRequestMethod,
 	}

 	if config.MaxBodySize != nil {
@ -135,7 +137,12 @@ func (fa *forwardAuth) GetTracingInformation() (string, string, trace.SpanKind)
 func (fa *forwardAuth) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
 	logger := middlewares.GetLogger(req.Context(), fa.name, typeNameForward)

-	forwardReq, err := http.NewRequestWithContext(req.Context(), http.MethodGet, fa.address, nil)
+	forwardReqMethod := http.MethodGet
+	if fa.preserveRequestMethod {
+		forwardReqMethod = req.Method
+	}
+
+	forwardReq, err := http.NewRequestWithContext(req.Context(), forwardReqMethod, fa.address, nil)
 	if err != nil {
 		logger.Debug().Err(err).Msgf("Error calling %s", fa.address)
 		observability.SetStatusErrorf(req.Context(), "Error calling %s. Cause %s", fa.address, err)
--- a/pkg/middlewares/auth/forward_test.go
+++ b/pkg/middlewares/auth/forward_test.go
@ -739,6 +739,63 @@ func TestForwardAuthPreserveLocationHeader(t *testing.T) {
 	assert.Equal(t, relativeURL, res.Header.Get("Location"))
 }

+func TestForwardAuthPreserveRequestMethod(t *testing.T) {
+	testCases := []struct {
+		name                          string
+		preserveRequestMethod         bool
+		originalReqMethod             string
+		expectedReqMethodInAuthServer string
+	}{
+		{
+			name:                          "preserve request method",
+			preserveRequestMethod:         true,
+			originalReqMethod:             http.MethodPost,
+			expectedReqMethodInAuthServer: http.MethodPost,
+		},
+		{
+			name:                          "do not preserve request method",
+			preserveRequestMethod:         false,
+			originalReqMethod:             http.MethodPost,
+			expectedReqMethodInAuthServer: http.MethodGet,
+		},
+	}
+	for _, test := range testCases {
+		t.Run(test.name, func(t *testing.T) {
+			reqReachesAuthServer := false
+			authServer := httptest.NewServer(http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) {
+				reqReachesAuthServer = true
+				assert.Equal(t, test.expectedReqMethodInAuthServer, req.Method)
+			}))
+			t.Cleanup(authServer.Close)
+
+			reqReachesNextServer := false
+			next := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+				reqReachesNextServer = true
+				assert.Equal(t, test.originalReqMethod, r.Method)
+			})
+
+			auth := dynamic.ForwardAuth{
+				Address:               authServer.URL,
+				PreserveRequestMethod: test.preserveRequestMethod,
+			}
+
+			middleware, err := NewForward(context.Background(), next, auth, "authTest")
+			require.NoError(t, err)
+
+			ts := httptest.NewServer(middleware)
+			t.Cleanup(ts.Close)
+
+			req := testhelpers.MustNewRequest(test.originalReqMethod, ts.URL, nil)
+			res, err := http.DefaultClient.Do(req)
+			require.NoError(t, err)
+
+			assert.Equal(t, http.StatusOK, res.StatusCode)
+			assert.True(t, reqReachesAuthServer)
+			assert.True(t, reqReachesNextServer)
+		})
+	}
+}
+
 type mockTracer struct {
 	embedded.Tracer