Remove GAP-Auth header usage

2025-06-17 00:17:40 +02:00 · 2020-10-04 17:08:47 +01:00
parent 2e72d151e2
commit b845867cd1
6 changed files with 10 additions and 23 deletions
--- a/logging_handler.go
+++ b/logging_handler.go
@ -40,9 +40,12 @@ func extractMetadata(rw http.ResponseWriter, req *http.Request) (string, string)
 	scope := middleware.GetRequestScope(req)
 	upstream := scope.Upstream

-	authInfo := rw.Header().Get("GAP-Auth")
-	if authInfo != "" {
-		rw.Header().Del("GAP-Auth")
+	var authInfo string
+	if scope.Session != nil {
+		authInfo = scope.Session.Email
+		if authInfo == "" {
+			authInfo = scope.Session.User
+		}
 	}

 	return authInfo, upstream
--- a/oauthproxy.go
+++ b/oauthproxy.go
@ -871,14 +871,13 @@ func (p *OAuthProxy) OAuthCallback(rw http.ResponseWriter, req *http.Request) {

 // AuthenticateOnly checks whether the user is currently logged in
 func (p *OAuthProxy) AuthenticateOnly(rw http.ResponseWriter, req *http.Request) {
-	session, err := p.getAuthenticatedSession(rw, req)
+	_, err := p.getAuthenticatedSession(rw, req)
 	if err != nil {
 		http.Error(rw, "unauthorized request", http.StatusUnauthorized)
 		return
 	}

 	// we are authenticated
-	p.addHeadersForProxying(rw, req, session)
 	p.headersChain.Then(http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) {
 		rw.WriteHeader(http.StatusAccepted)
 	})).ServeHTTP(rw, req)
@ -892,11 +891,10 @@ func (p *OAuthProxy) SkipAuthProxy(rw http.ResponseWriter, req *http.Request) {
 // Proxy proxies the user request if the user is authenticated else it prompts
 // them to authenticate
 func (p *OAuthProxy) Proxy(rw http.ResponseWriter, req *http.Request) {
-	session, err := p.getAuthenticatedSession(rw, req)
+	_, err := p.getAuthenticatedSession(rw, req)
 	switch err {
 	case nil:
 		// we are authenticated
-		p.addHeadersForProxying(rw, req, session)
 		p.headersChain.Then(p.serveMux).ServeHTTP(rw, req)
 	case ErrNeedsLogin:
 		// we need to send the user to a login screen
@ -952,15 +950,6 @@ func (p *OAuthProxy) getAuthenticatedSession(rw http.ResponseWriter, req *http.R
 	return session, nil
 }

-// addHeadersForProxying adds the appropriate headers the request / response for proxying
-func (p *OAuthProxy) addHeadersForProxying(rw http.ResponseWriter, req *http.Request, session *sessionsapi.SessionState) {
-	if session.Email == "" {
-		rw.Header().Set("GAP-Auth", session.User)
-	} else {
-		rw.Header().Set("GAP-Auth", session.Email)
-	}
-}
-
 // isAjax checks if a request is an ajax request
 func isAjax(req *http.Request) bool {
 	acceptValues := req.Header.Values("Accept")
--- a/pkg/upstream/http.go
+++ b/pkg/upstream/http.go
@ -36,7 +36,6 @@ var SignatureHeaders = []string{
 	"X-Forwarded-Preferred-User",
 	"X-Forwarded-Access-Token",
 	"Cookie",
-	"Gap-Auth",
 }

 // newHTTPUpstreamProxy creates a new httpUpstreamProxy that can serve requests
@ -85,7 +84,6 @@ func (h *httpUpstreamProxy) ServeHTTP(rw http.ResponseWriter, req *http.Request)
 	scope.Upstream = h.upstream

 	if h.auth != nil {
-		req.Header.Set("GAP-Auth", rw.Header().Get("GAP-Auth"))
 		h.auth.SignRequest(req)
 	}
 	if h.wsHandler != nil && strings.EqualFold(req.Header.Get("Connection"), "upgrade") && req.Header.Get("Upgrade") == "websocket" {
--- a/pkg/upstream/http_test.go
+++ b/pkg/upstream/http_test.go
@ -226,8 +226,7 @@ var _ = Describe("HTTP Upstream Suite", func() {
 					Method: "GET",
 					URL:    "http://example.localhost/withSignature",
 					Header: map[string][]string{
-						gapAuth:      {""},
-						gapSignature: {"sha256 osMWI8Rr0Zr5HgNq6wakrgJITVJQMmFN1fXCesrqrmM="},
+						gapSignature: {"sha256 md39qRfodR3ya5kMZxDS5nMXtG3BZoh4DUTkrXqLtow="},
 					},
 					Body:       []byte{},
 					Host:       "example.localhost",
--- a/pkg/upstream/proxy_test.go
+++ b/pkg/upstream/proxy_test.go
@ -123,8 +123,7 @@ var _ = Describe("Proxy Suite", func() {
 					Method: "GET",
 					URL:    "http://example.localhost/http/1234",
 					Header: map[string][]string{
-						"Gap-Auth":      {""},
-						"Gap-Signature": {"sha256 ofB1u6+FhEUbFLc3/uGbJVkl7GaN4egFqVvyO3+2I1w="},
+						"Gap-Signature": {"sha256 yu9y53XTRAnczM51Nv6LAbeU2mI577iUPeK8zHuY9MM="},
 					},
 					Body:       []byte{},
 					Host:       "example.localhost",
--- a/pkg/upstream/upstream_suite_test.go
+++ b/pkg/upstream/upstream_suite_test.go
@ -58,7 +58,6 @@ const (
 	acceptEncoding  = "Accept-Encoding"
 	applicationJSON = "application/json"
 	textPlainUTF8   = "text/plain; charset=utf-8"
-	gapAuth         = "Gap-Auth"
 	gapSignature    = "Gap-Signature"
 )