Fixup proxy.

No-Issue Signed-off-by: James Tanner <tanner.jc@gmail.com>
ansible · May 28, 2024 · fff6402 · fff6402
1 parent fcf28d5
commit fff6402
Showing 1 changed file with 37 additions and 8 deletions.
diff --git a/profiles/dab_jwt/proxy/proxy.go b/profiles/dab_jwt/proxy/proxy.go
@@ -91,41 +91,59 @@ func getEnv(key string, fallback string) string {
 	return fallback
 }
 
+func pathHasPrefix(path string, prefixes []string) bool {
+	for _, prefix := range prefixes {
+		if strings.HasPrefix(path, prefix) {
+			return true
+		}
+	}
+	return false
+}
+
 // BasicAuth middleware
 func BasicAuth(next http.Handler, users map[string]User) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		prefixes := []string{"/v2", "/token"}
+
+		path := r.URL.Path
 		auth := r.Header.Get("Authorization")
-		if auth == "" {
-			w.Header().Set("WWW-Authenticate", `Basic realm="Restricted"`)
-			http.Error(w, "Unauthorized1", http.StatusUnauthorized)
-			return
-		}
+		log.Printf("Authorization: %s", auth)
 
 		lowerAuth := strings.ToLower(auth)
-		if strings.HasPrefix(lowerAuth, "token") {
-			// token auth should go straight to the downstream ...
-		} else {
+		/*
+			if auth == "" || strings.HasPrefix(lowerAuth, "token") || strings.HasPrefix(lowerAuth, "bearer"){
+				// no auth OR token auth should go straight to the downstream ...
+			    log.Printf("skip jwt generation")
+			} else {
+		*/
+
+		if strings.HasPrefix(lowerAuth, "basic") && !pathHasPrefix(path, prefixes) {
+
 			const basicPrefix = "Basic "
 			if !strings.HasPrefix(auth, basicPrefix) {
+				log.Printf("Unauthorized2")
 				http.Error(w, "Unauthorized2", http.StatusUnauthorized)
 				return
 			}
 
 			decoded, err := base64.StdEncoding.DecodeString(auth[len(basicPrefix):])
 			if err != nil {
+				log.Printf("Unauthorized3")
 				http.Error(w, "Unauthorized3", http.StatusUnauthorized)
 				return
 			}
 
 			credentials := strings.SplitN(string(decoded), ":", 2)
 			fmt.Printf("credentials %s\n", credentials)
 			if len(credentials) != 2 {
+				log.Printf("Unauthorized4")
 				http.Error(w, "Unauthorized4", http.StatusUnauthorized)
 				return
 			}
 
 			user, exists := users[credentials[0]]
 			if !exists || user.Password != credentials[1] {
+				log.Printf("Unauthorized5")
 				http.Error(w, "Unauthorized5", http.StatusUnauthorized)
 				return
 			}
@@ -203,6 +221,17 @@ func main() {
 			Teams:           []string{},
 			IsSystemAuditor: true,
 		},
+		"notifications_admin": {
+			Username:        "notifications_admin",
+			Password:        "redhat",
+			FirstName:       "notifications",
+			LastName:        "admin",
+			IsSuperuser:     true,
+			Email:           "notifications_admin@example.com",
+			Organizations:   map[string]interface{}{},
+			Teams:           []string{},
+			IsSystemAuditor: true,
+		},
 		"jdoe": {
 			Username:    "jdoe",
 			Password:    "redhat",