Browse Source

adds support for external proxy with auth

deiu 6 years ago
parent
commit
268fc6d0c4
5 changed files with 29 additions and 21 deletions
  1. 0 7
      acl.go
  2. 7 0
      auth.go
  3. 13 11
      server.go
  4. 3 0
      server/daemon.go
  5. 6 3
      server_config.go

+ 0 - 7
acl.go

@@ -19,13 +19,6 @@ type WAC struct {
 
 // NewWAC creates a new WAC object
 func NewWAC(req *httpRequest, srv *Server, w http.ResponseWriter, user string, key string) *WAC {
-	if len(req.Header.Get("On-Behalf-Of")) > 0 {
-		delegator := debrack(req.Header.Get("On-Behalf-Of"))
-		if verifyDelegator(delegator, user) {
-			srv.debug.Println("Request User ID (delegation):", user)
-			user = delegator
-		}
-	}
 	return &WAC{req: req, srv: srv, w: w, user: user, key: key}
 }
 

+ 7 - 0
auth.go

@@ -45,6 +45,13 @@ func (req *httpRequest) authn(w http.ResponseWriter) string {
 	}
 	if len(user) > 0 {
 		req.Server.debug.Println("WebID-TLS auth OK for User: " + user)
+		if len(req.Header.Get("On-Behalf-Of")) > 0 {
+			delegator := debrack(req.Header.Get("On-Behalf-Of"))
+			if verifyDelegator(delegator, user) {
+				req.Server.debug.Println("Request User ID (delegation):", user)
+				user = delegator
+			}
+		}
 		req.Server.userCookieSet(w, user)
 		return user
 	}

+ 13 - 11
server.go

@@ -200,17 +200,6 @@ func (s *Server) ServeHTTP(w http.ResponseWriter, req *http.Request) {
 		w.Header().Set("Access-Control-Allow-Origin", "*")
 	}
 
-	if ProxyPath != "" && strings.HasPrefix(req.URL.Path, "/"+ProxyPath) {
-		uri, err := url.Parse(req.FormValue("uri"))
-		if err != nil {
-			s.debug.Println(req.RequestURI, err.Error())
-		}
-		req.URL = uri
-		req.Host = uri.Host
-		req.RequestURI = uri.RequestURI()
-		proxy.ServeHTTP(w, req)
-		return
-	}
 	if websocketUpgrade(req) {
 		websocketServe(w, req)
 		return
@@ -274,6 +263,19 @@ func (s *Server) handle(w http.ResponseWriter, req *httpRequest) (r *response) {
 		return r.respond(resp.Status, resp.Body)
 	}
 
+	if ProxyPath != "" && strings.HasPrefix(req.URL.Path, "/"+ProxyPath) {
+		uri, err := url.Parse(s.Config.ProxyTemplate + req.FormValue("uri"))
+		if err != nil {
+			s.debug.Println(req.RequestURI, err.Error())
+		}
+		req.URL = uri
+		req.Host = uri.Host
+		req.RequestURI = uri.RequestURI()
+		req.Header.Set("User", user)
+		proxy.ServeHTTP(w, req.Request)
+		return
+	}
+
 	resource, _ := req.pathInfo(req.BaseURI())
 	s.debug.Println(req.RemoteAddr + " requested resource URI: " + req.URL.String())
 	s.debug.Println(req.RemoteAddr + " requested resource Path: " + resource.File)

+ 3 - 0
server/daemon.go

@@ -33,6 +33,8 @@ var (
 	metaSuffix = flag.String("metaSuffix", ",meta", "default suffix for meta files")
 	aclSuffix  = flag.String("aclSuffix", ",acl", "default suffix for ACL files")
 
+	proxy = flag.String("proxy", "", "URL of the proxy service used for WebID-TLS delegation")
+
 	tokenT = flag.Int64("tokenAge", 5, "recovery token lifetime (in minutes)")
 
 	emailName     = flag.String("emailName", "", "remote SMTP server account name")
@@ -107,6 +109,7 @@ func main() {
 		config.NoHTTP = *nohttp
 		config.MetaSuffix = *metaSuffix
 		config.ACLSuffix = *aclSuffix
+		config.ProxyTemplate = *proxy
 		if len(*emailName) > 0 && len(*emailAddr) > 0 && len(*emailUser) > 0 &&
 			len(*emailPass) > 0 && len(*emailServ) > 0 && len(*emailPort) > 0 {
 			ep, _ := strconv.Atoi(*emailPort)

+ 6 - 3
server_config.go

@@ -58,6 +58,9 @@ type ServerConfig struct {
 	// SignUpApp points to the app used for creating new accounts
 	SignUpApp string
 
+	// ProxyTemplate is the URL of the service that handles WebID-TLS delegation
+	ProxyTemplate string
+
 	// DirIndex contains the default index file name
 	DirIndex []string
 
@@ -75,10 +78,10 @@ func NewServerConfig() *ServerConfig {
 		TokenAge:   5,
 		MetaSuffix: ".meta",
 		ACLSuffix:  ".acl",
-		DataApp:   "tabulator",
+		DataApp:    "tabulator",
 		DirIndex:   []string{"index.html", "index.htm"},
-		DirApp:    "http://linkeddata.github.io/warp/#list/",
-		SignUpApp: "https://solid.github.io/solid-signup/?domain=",
+		DirApp:     "http://linkeddata.github.io/warp/#list/",
+		SignUpApp:  "https://solid.github.io/solid-signup/?domain=",
 		DiskLimit:  100000000, // 100MB
 		DataRoot:   serverDefaultRoot(),
 	}