traefik/middlewares/auth/forward.go

package auth

import (
	"io/ioutil"
	"net"
	"net/http"
	"strings"

	"github.com/containous/traefik/log"
	"github.com/containous/traefik/types"
	"github.com/vulcand/oxy/forward"
	"github.com/vulcand/oxy/utils"
)

// Forward the authentication to a external server
func Forward(config *types.Forward, w http.ResponseWriter, r *http.Request, next http.HandlerFunc) {
	httpClient := http.Client{}

	if config.TLS != nil {
		tlsConfig, err := config.TLS.CreateTLSConfig()
		if err != nil {
			log.Debugf("Impossible to configure TLS to call %s. Cause %s", config.Address, err)
			w.WriteHeader(http.StatusInternalServerError)
			return
		}
		httpClient.Transport = &http.Transport{
			TLSClientConfig: tlsConfig,
		}
	}

	forwardReq, err := http.NewRequest(http.MethodGet, config.Address, nil)
	if err != nil {
		log.Debugf("Error calling %s. Cause %s", config.Address, err)
		w.WriteHeader(http.StatusInternalServerError)
		return
	}

	writeHeader(r, forwardReq, config.TrustForwardHeader)

	forwardResponse, forwardErr := httpClient.Do(forwardReq)
	if forwardErr != nil {
		log.Debugf("Error calling %s. Cause: %s", config.Address, forwardErr)
		w.WriteHeader(http.StatusInternalServerError)
		return
	}

	body, readError := ioutil.ReadAll(forwardResponse.Body)
	if readError != nil {
		log.Debugf("Error reading body %s. Cause: %s", config.Address, readError)
		w.WriteHeader(http.StatusInternalServerError)
		return
	}
	defer forwardResponse.Body.Close()

	if forwardResponse.StatusCode < http.StatusOK || forwardResponse.StatusCode >= http.StatusMultipleChoices {
		log.Debugf("Remote error %s. StatusCode: %d", config.Address, forwardResponse.StatusCode)
		w.WriteHeader(forwardResponse.StatusCode)
		w.Write(body)
		return
	}

	r.RequestURI = r.URL.RequestURI()
	next(w, r)
}

func writeHeader(req *http.Request, forwardReq *http.Request, trustForwardHeader bool) {
	utils.CopyHeaders(forwardReq.Header, req.Header)

	if clientIP, _, err := net.SplitHostPort(req.RemoteAddr); err == nil {
		if trustForwardHeader {
			if prior, ok := req.Header[forward.XForwardedFor]; ok {
				clientIP = strings.Join(prior, ", ") + ", " + clientIP
			}
		}
		forwardReq.Header.Set(forward.XForwardedFor, clientIP)
	}

	if xfp := req.Header.Get(forward.XForwardedProto); xfp != "" && trustForwardHeader {
		forwardReq.Header.Set(forward.XForwardedProto, xfp)
	} else if req.TLS != nil {
		forwardReq.Header.Set(forward.XForwardedProto, "https")
	} else {
		forwardReq.Header.Set(forward.XForwardedProto, "http")
	}

	if xfp := req.Header.Get(forward.XForwardedPort); xfp != "" && trustForwardHeader {
		forwardReq.Header.Set(forward.XForwardedPort, xfp)
	}

	if xfh := req.Header.Get(forward.XForwardedHost); xfh != "" && trustForwardHeader {
		forwardReq.Header.Set(forward.XForwardedHost, xfh)
	} else if req.Host != "" {
		forwardReq.Header.Set(forward.XForwardedHost, req.Host)
	} else {
		forwardReq.Header.Del(forward.XForwardedHost)
	}
}
Manage Headers for the Authentication forwarding. 2017-09-18 15:48:07 +00:00			`package auth`

			`import (`
			`"io/ioutil"`
			`"net"`
			`"net/http"`
			`"strings"`

			`"github.com/containous/traefik/log"`
			`"github.com/containous/traefik/types"`
			`"github.com/vulcand/oxy/forward"`
			`"github.com/vulcand/oxy/utils"`
			`)`

			`// Forward the authentication to a external server`
			`func Forward(config types.Forward, w http.ResponseWriter, r http.Request, next http.HandlerFunc) {`
			`httpClient := http.Client{}`

			`if config.TLS != nil {`
			`tlsConfig, err := config.TLS.CreateTLSConfig()`
			`if err != nil {`
			`log.Debugf("Impossible to configure TLS to call %s. Cause %s", config.Address, err)`
			`w.WriteHeader(http.StatusInternalServerError)`
			`return`
			`}`
			`httpClient.Transport = &http.Transport{`
			`TLSClientConfig: tlsConfig,`
			`}`
			`}`

			`forwardReq, err := http.NewRequest(http.MethodGet, config.Address, nil)`
			`if err != nil {`
			`log.Debugf("Error calling %s. Cause %s", config.Address, err)`
			`w.WriteHeader(http.StatusInternalServerError)`
			`return`
			`}`

			`writeHeader(r, forwardReq, config.TrustForwardHeader)`

			`forwardResponse, forwardErr := httpClient.Do(forwardReq)`
			`if forwardErr != nil {`
			`log.Debugf("Error calling %s. Cause: %s", config.Address, forwardErr)`
			`w.WriteHeader(http.StatusInternalServerError)`
			`return`
			`}`

			`body, readError := ioutil.ReadAll(forwardResponse.Body)`
			`if readError != nil {`
			`log.Debugf("Error reading body %s. Cause: %s", config.Address, readError)`
			`w.WriteHeader(http.StatusInternalServerError)`
			`return`
			`}`
			`defer forwardResponse.Body.Close()`

			`if forwardResponse.StatusCode < http.StatusOK \|\| forwardResponse.StatusCode >= http.StatusMultipleChoices {`
			`log.Debugf("Remote error %s. StatusCode: %d", config.Address, forwardResponse.StatusCode)`
			`w.WriteHeader(forwardResponse.StatusCode)`
			`w.Write(body)`
			`return`
			`}`

			`r.RequestURI = r.URL.RequestURI()`
			`next(w, r)`
			`}`

			`func writeHeader(req http.Request, forwardReq http.Request, trustForwardHeader bool) {`
			`utils.CopyHeaders(forwardReq.Header, req.Header)`

			`if clientIP, _, err := net.SplitHostPort(req.RemoteAddr); err == nil {`
			`if trustForwardHeader {`
			`if prior, ok := req.Header[forward.XForwardedFor]; ok {`
			`clientIP = strings.Join(prior, ", ") + ", " + clientIP`
			`}`
			`}`
			`forwardReq.Header.Set(forward.XForwardedFor, clientIP)`
			`}`

			`if xfp := req.Header.Get(forward.XForwardedProto); xfp != "" && trustForwardHeader {`
			`forwardReq.Header.Set(forward.XForwardedProto, xfp)`
			`} else if req.TLS != nil {`
			`forwardReq.Header.Set(forward.XForwardedProto, "https")`
			`} else {`
			`forwardReq.Header.Set(forward.XForwardedProto, "http")`
			`}`

			`if xfp := req.Header.Get(forward.XForwardedPort); xfp != "" && trustForwardHeader {`
			`forwardReq.Header.Set(forward.XForwardedPort, xfp)`
			`}`

			`if xfh := req.Header.Get(forward.XForwardedHost); xfh != "" && trustForwardHeader {`
			`forwardReq.Header.Set(forward.XForwardedHost, xfh)`
			`} else if req.Host != "" {`
			`forwardReq.Header.Set(forward.XForwardedHost, req.Host)`
			`} else {`
			`forwardReq.Header.Del(forward.XForwardedHost)`
			`}`
			`}`