github.com/sap/cf-mta-plugin@v2.6.3+incompatible/clients/csrf/default_csrf_token_fetcher.go

github.com/sap/cf-mta-plugin@v2.6.3+incompatible/clients/csrf/default_csrf_token_fetcher.go (about)

     1  package csrf
     2  
     3  import (
     4  	"net/http"
     5  	"os"
     6  
     7  	"github.com/cloudfoundry-incubator/multiapps-cli-plugin/clients/csrf/csrf_parameters"
     8  	"github.com/cloudfoundry-incubator/multiapps-cli-plugin/log"
     9  	"github.com/cloudfoundry/cli/plugin"
    10  )
    11  
    12  const CsrfTokenHeaderFetchValue = "Fetch"
    13  const CsrfTokensApi = "/api/v1/csrf-token"
    14  const ContentTypeHeader = "Content-Type"
    15  const AuthorizationHeader = "Authorization"
    16  const ApplicationJsonContentType = "application/json"
    17  const CookieHeader = "Cookie"
    18  
    19  type DefaultCsrfTokenFetcher struct {
    20  	transport *Transport
    21  }
    22  
    23  func NewDefaultCsrfTokenFetcher(transport *Transport) *DefaultCsrfTokenFetcher {
    24  	return &DefaultCsrfTokenFetcher{transport: transport}
    25  }
    26  
    27  func (c *DefaultCsrfTokenFetcher) FetchCsrfToken(url string, currentRequest *http.Request) (*csrf_parameters.CsrfRequestHeader, error) {
    28  
    29  	fetchTokenRequest, err := http.NewRequest(http.MethodGet, url, nil)
    30  	if err != nil {
    31  		return nil, err
    32  	}
    33  	fetchTokenRequest.Header.Set(XCsrfToken, CsrfTokenHeaderFetchValue)
    34  	fetchTokenRequest.Header.Set(ContentTypeHeader, ApplicationJsonContentType)
    35  
    36  	cliConnection := plugin.NewCliConnection(os.Args[1])
    37  	token, err := cliConnection.AccessToken()
    38  	if err != nil {
    39  		return nil, err
    40  	}
    41  	fetchTokenRequest.Header.Set(AuthorizationHeader, token)
    42  	UpdateCookiesIfNeeded(currentRequest.Cookies(), fetchTokenRequest)
    43  
    44  	response, err := c.transport.OriginalTransport.RoundTrip(fetchTokenRequest)
    45  	if err != nil {
    46  		return nil, err
    47  	}
    48  	// if there are set-cookie headers present in response - persist them in Transport
    49  	if len(response.Cookies()) != 0 {
    50  		log.Tracef("Set-Cookie headers present in response, updating current with '" + prettyPrintCookies(response.Cookies()) + "'\n")
    51  
    52  		c.transport.Cookies.Cookies = response.Cookies()
    53  	}
    54  
    55  	log.Tracef("New CSRF Token fetched '" + response.Header.Get(XCsrfToken) + "'\n")
    56  	return &csrf_parameters.CsrfRequestHeader{response.Header.Get(XCsrfHeader), response.Header.Get(XCsrfToken)}, nil
    57  }
    58  
    59  func getCsrfTokenUrl(req *http.Request) string {
    60  	return req.URL.Scheme + "://" + req.URL.Host + CsrfTokensApi
    61  }