github.com/craicoverflow/tyk@v2.9.6-rc3+incompatible/gateway/mw_strip_auth.go

github.com/craicoverflow/tyk@v2.9.6-rc3+incompatible/gateway/mw_strip_auth.go (about)

     1  package gateway
     2  
     3  import (
     4  	"net/http"
     5  	"net/url"
     6  	"strings"
     7  
     8  	"github.com/sirupsen/logrus"
     9  
    10  	"github.com/TykTechnologies/tyk/apidef"
    11  )
    12  
    13  type StripAuth struct {
    14  	BaseMiddleware
    15  }
    16  
    17  func (sa *StripAuth) Name() string {
    18  	return "StripAuth"
    19  }
    20  
    21  func (sa *StripAuth) EnabledForSpec() bool {
    22  	return sa.Spec.StripAuthData
    23  }
    24  
    25  func (sa *StripAuth) ProcessRequest(w http.ResponseWriter, r *http.Request, _ interface{}) (error, int) {
    26  
    27  	strip := func(typ string, config *apidef.AuthConfig) {
    28  		log.WithFields(logrus.Fields{
    29  			"prefix": sa.Name(),
    30  		}).Debugf("%s: %+v\n", typ, config)
    31  
    32  		if config.UseParam {
    33  			sa.stripFromParams(r, config)
    34  		}
    35  		sa.stripFromHeaders(r, config)
    36  	}
    37  
    38  	for typ, config := range sa.Spec.AuthConfigs {
    39  		strip(typ, &config)
    40  	}
    41  
    42  	// For backward compatibility
    43  	if len(sa.Spec.AuthConfigs) == 0 {
    44  		strip(authTokenType, &sa.Spec.Auth)
    45  	}
    46  
    47  	return nil, http.StatusOK
    48  }
    49  
    50  // strips auth from query string params
    51  func (sa *StripAuth) stripFromParams(r *http.Request, config *apidef.AuthConfig) {
    52  
    53  	reqUrlPtr, _ := url.Parse(r.URL.String())
    54  
    55  	authParamName := "Authorization"
    56  
    57  	if config.ParamName != "" {
    58  		authParamName = config.ParamName
    59  	} else if config.AuthHeaderName != "" {
    60  		authParamName = config.AuthHeaderName
    61  	}
    62  
    63  	queryStringValues := reqUrlPtr.Query()
    64  
    65  	queryStringValues.Del(authParamName)
    66  
    67  	reqUrlPtr.RawQuery = queryStringValues.Encode()
    68  
    69  	r.URL, _ = r.URL.Parse(reqUrlPtr.String())
    70  }
    71  
    72  // strips auth key from headers
    73  func (sa *StripAuth) stripFromHeaders(r *http.Request, config *apidef.AuthConfig) {
    74  
    75  	authHeaderName := "Authorization"
    76  	if config.AuthHeaderName != "" {
    77  		authHeaderName = config.AuthHeaderName
    78  	}
    79  
    80  	r.Header.Del(authHeaderName)
    81  
    82  	// Strip Authorization from Cookie Header
    83  	cookieName := "Cookie"
    84  	if config.CookieName != "" {
    85  		cookieName = config.CookieName
    86  	}
    87  
    88  	cookieValue := r.Header.Get(cookieName)
    89  
    90  	cookies := strings.Split(r.Header.Get(cookieName), ";")
    91  	for i, c := range cookies {
    92  		if strings.HasPrefix(c, authHeaderName) {
    93  			cookies = append(cookies[:i], cookies[i+1:]...)
    94  			cookieValue = strings.Join(cookies, ";")
    95  			r.Header.Set(cookieName, cookieValue)
    96  			break
    97  		}
    98  
    99  	}
   100  }