39d87841d0
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
63 lines
2 KiB
Go
63 lines
2 KiB
Go
package application
|
|
|
|
import (
|
|
"encoding/base64"
|
|
"fmt"
|
|
"net/http"
|
|
"strings"
|
|
)
|
|
|
|
func (a *Application) addHeaders(r *http.Request, c *Claims) {
|
|
// https://goauthentik.io/docs/providers/proxy/proxy
|
|
|
|
// Legacy headers, remove after 2022.1
|
|
r.Header.Set("X-Auth-Username", c.PreferredUsername)
|
|
r.Header.Set("X-Auth-Groups", strings.Join(c.Groups, "|"))
|
|
r.Header.Set("X-Forwarded-Email", c.Email)
|
|
r.Header.Set("X-Forwarded-Preferred-Username", c.PreferredUsername)
|
|
r.Header.Set("X-Forwarded-User", c.Sub)
|
|
|
|
// New headers, unique prefix
|
|
r.Header.Set("X-authentik-username", c.PreferredUsername)
|
|
r.Header.Set("X-authentik-groups", strings.Join(c.Groups, "|"))
|
|
r.Header.Set("X-authentik-email", c.Email)
|
|
r.Header.Set("X-authentik-name", c.Name)
|
|
r.Header.Set("X-authentik-uid", c.Sub)
|
|
|
|
userAttributes := c.Proxy.UserAttributes
|
|
// Attempt to set basic auth based on user's attributes
|
|
if *a.proxyConfig.BasicAuthEnabled {
|
|
var ok bool
|
|
var password string
|
|
if password, ok = userAttributes[*a.proxyConfig.BasicAuthPasswordAttribute].(string); !ok {
|
|
password = ""
|
|
}
|
|
// Check if we should use email or a custom attribute as username
|
|
var username string
|
|
if username, ok = userAttributes[*a.proxyConfig.BasicAuthUserAttribute].(string); !ok {
|
|
username = c.Email
|
|
}
|
|
authVal := base64.StdEncoding.EncodeToString([]byte(username + ":" + password))
|
|
a.log.WithField("username", username).Trace("setting http basic auth")
|
|
r.Header["Authorization"] = []string{fmt.Sprintf("Basic %s", authVal)}
|
|
}
|
|
// Check if user has additional headers set that we should sent
|
|
if additionalHeaders, ok := userAttributes["additionalHeaders"].(map[string]interface{}); ok {
|
|
a.log.WithField("headers", additionalHeaders).Trace("setting additional headers")
|
|
if additionalHeaders == nil {
|
|
return
|
|
}
|
|
for key, value := range additionalHeaders {
|
|
r.Header.Set(key, toString(value))
|
|
}
|
|
}
|
|
}
|
|
|
|
func copyHeadersToResponse(rw http.ResponseWriter, r *http.Request) {
|
|
for headerKey, headers := range r.Header {
|
|
for _, value := range headers {
|
|
rw.Header().Set(headerKey, value)
|
|
}
|
|
}
|
|
}
|