passthrough (#40)

* Fix(auth): use crypto/subtle to compare strings Related: #37 Signed-off-by: till <till@php.net> * Update(gateway): support passthrough For: #36 Signed-off-by: till <till@php.net> * Update gateway/middleware.go --------- Signed-off-by: till <till@php.net> Co-authored-by: Friedrich Gonzalez <1517449+friedrichg@users.noreply.github.com>
cortexproject · Jun 10, 2024 · 2c53fa7 · 2c53fa7
1 parent 68bed96
commit 2c53fa7
Show file tree

Hide file tree

Showing 3 changed files with 35 additions and 1 deletion.
diff --git a/gateway/config.go b/gateway/config.go
@@ -40,6 +40,7 @@ type Tenant struct {
 	Username       string `yaml:"username"`
 	Password       string `yaml:"password"`
 	ID             string `yaml:"id"`
+	Passthrough    bool   `yaml:"passthrough"`
 }
 
 func Init(filePath string) (Config, error) {

diff --git a/gateway/gateway_test.go b/gateway/gateway_test.go
@@ -69,6 +69,7 @@ func TestStartGateway(t *testing.T) {
 	testCases := []struct {
 		name           string
 		authHeader     string
+		orgID          string
 		config         *Config
 		paths          []string
 		expectedStatus int
@@ -220,6 +221,31 @@ func TestStartGateway(t *testing.T) {
 			authHeader:     "Basic " + base64.StdEncoding.EncodeToString([]byte("username:password")),
 			expectedStatus: http.StatusOK,
 		},
+		{
+			name: "passthrough config",
+			config: &Config{
+				Tenants: []Tenant{
+					{
+						Authentication: "basic",
+						Username:       "username",
+						Password:       "password",
+						Passthrough:    true,
+					},
+				},
+				Distributor: Upstream{
+					URL: distributorServer.URL,
+					Paths: []string{
+						"/test/distributor",
+					},
+				},
+			},
+			paths: []string{
+				"/test/distributor",
+			},
+			authHeader:     "Basic " + base64.StdEncoding.EncodeToString([]byte("username:password")),
+			orgID:          "orgID",
+			expectedStatus: http.StatusOK,
+		},
 		{
 			name: "not found route",
 			config: &Config{
@@ -348,6 +374,11 @@ func TestStartGateway(t *testing.T) {
 			for _, path := range tc.paths {
 				req, _ := http.NewRequest("GET", mockServer.URL+path, nil)
 				req.Header.Set("Authorization", tc.authHeader)
+
+				if tc.orgID != "" {
+					req.Header.Set("X-Scope-OrgID", tc.orgID)
+				}
+
 				resp, err := client.Do(req)
 				if err != nil {
 					t.Fatal(err)

diff --git a/gateway/middleware.go b/gateway/middleware.go
@@ -58,7 +58,9 @@ func (tenant *Tenant) basicAuth(w http.ResponseWriter, r *http.Request) bool {
 		return false
 	}
 
-	r.Header.Set("X-Scope-OrgID", tenant.ID)
+	if !tenant.Passthrough {
+		r.Header.Set("X-Scope-OrgID", tenant.ID)
+	}
 	return true
 }