github.com/craicoverflow/tyk@v2.9.6-rc3+incompatible/gateway/mw_strip_auth.go (about) 1 package gateway 2 3 import ( 4 "net/http" 5 "net/url" 6 "strings" 7 8 "github.com/sirupsen/logrus" 9 10 "github.com/TykTechnologies/tyk/apidef" 11 ) 12 13 type StripAuth struct { 14 BaseMiddleware 15 } 16 17 func (sa *StripAuth) Name() string { 18 return "StripAuth" 19 } 20 21 func (sa *StripAuth) EnabledForSpec() bool { 22 return sa.Spec.StripAuthData 23 } 24 25 func (sa *StripAuth) ProcessRequest(w http.ResponseWriter, r *http.Request, _ interface{}) (error, int) { 26 27 strip := func(typ string, config *apidef.AuthConfig) { 28 log.WithFields(logrus.Fields{ 29 "prefix": sa.Name(), 30 }).Debugf("%s: %+v\n", typ, config) 31 32 if config.UseParam { 33 sa.stripFromParams(r, config) 34 } 35 sa.stripFromHeaders(r, config) 36 } 37 38 for typ, config := range sa.Spec.AuthConfigs { 39 strip(typ, &config) 40 } 41 42 // For backward compatibility 43 if len(sa.Spec.AuthConfigs) == 0 { 44 strip(authTokenType, &sa.Spec.Auth) 45 } 46 47 return nil, http.StatusOK 48 } 49 50 // strips auth from query string params 51 func (sa *StripAuth) stripFromParams(r *http.Request, config *apidef.AuthConfig) { 52 53 reqUrlPtr, _ := url.Parse(r.URL.String()) 54 55 authParamName := "Authorization" 56 57 if config.ParamName != "" { 58 authParamName = config.ParamName 59 } else if config.AuthHeaderName != "" { 60 authParamName = config.AuthHeaderName 61 } 62 63 queryStringValues := reqUrlPtr.Query() 64 65 queryStringValues.Del(authParamName) 66 67 reqUrlPtr.RawQuery = queryStringValues.Encode() 68 69 r.URL, _ = r.URL.Parse(reqUrlPtr.String()) 70 } 71 72 // strips auth key from headers 73 func (sa *StripAuth) stripFromHeaders(r *http.Request, config *apidef.AuthConfig) { 74 75 authHeaderName := "Authorization" 76 if config.AuthHeaderName != "" { 77 authHeaderName = config.AuthHeaderName 78 } 79 80 r.Header.Del(authHeaderName) 81 82 // Strip Authorization from Cookie Header 83 cookieName := "Cookie" 84 if config.CookieName != "" { 85 cookieName = config.CookieName 86 } 87 88 cookieValue := r.Header.Get(cookieName) 89 90 cookies := strings.Split(r.Header.Get(cookieName), ";") 91 for i, c := range cookies { 92 if strings.HasPrefix(c, authHeaderName) { 93 cookies = append(cookies[:i], cookies[i+1:]...) 94 cookieValue = strings.Join(cookies, ";") 95 r.Header.Set(cookieName, cookieValue) 96 break 97 } 98 99 } 100 }