From 2c53fa7289dd17bebffa555a5922e018479e102f Mon Sep 17 00:00:00 2001
From: Till! <till@users.noreply.github.com>
Date: Mon, 10 Jun 2024 08:31:20 +0200
Subject: [PATCH] passthrough (#40)

* Fix(auth): use crypto/subtle to compare strings

Related: #37
Signed-off-by: till <till@php.net>

* Update(gateway): support passthrough

For: #36
Signed-off-by: till <till@php.net>

* Update gateway/middleware.go

---------

Signed-off-by: till <till@php.net>
Co-authored-by: Friedrich Gonzalez <1517449+friedrichg@users.noreply.github.com>
---
 gateway/config.go       |  1 +
 gateway/gateway_test.go | 31 +++++++++++++++++++++++++++++++
 gateway/middleware.go   |  4 +++-
 3 files changed, 35 insertions(+), 1 deletion(-)

diff --git a/gateway/config.go b/gateway/config.go
index 4b9f0a7..aa23c5c 100644
--- a/gateway/config.go
+++ b/gateway/config.go
@@ -40,6 +40,7 @@ type Tenant struct {
 	Username       string `yaml:"username"`
 	Password       string `yaml:"password"`
 	ID             string `yaml:"id"`
+	Passthrough    bool   `yaml:"passthrough"`
 }
 
 func Init(filePath string) (Config, error) {
diff --git a/gateway/gateway_test.go b/gateway/gateway_test.go
index 866c15e..7c2dd1b 100644
--- a/gateway/gateway_test.go
+++ b/gateway/gateway_test.go
@@ -69,6 +69,7 @@ func TestStartGateway(t *testing.T) {
 	testCases := []struct {
 		name           string
 		authHeader     string
+		orgID          string
 		config         *Config
 		paths          []string
 		expectedStatus int
@@ -220,6 +221,31 @@ func TestStartGateway(t *testing.T) {
 			authHeader:     "Basic " + base64.StdEncoding.EncodeToString([]byte("username:password")),
 			expectedStatus: http.StatusOK,
 		},
+		{
+			name: "passthrough config",
+			config: &Config{
+				Tenants: []Tenant{
+					{
+						Authentication: "basic",
+						Username:       "username",
+						Password:       "password",
+						Passthrough:    true,
+					},
+				},
+				Distributor: Upstream{
+					URL: distributorServer.URL,
+					Paths: []string{
+						"/test/distributor",
+					},
+				},
+			},
+			paths: []string{
+				"/test/distributor",
+			},
+			authHeader:     "Basic " + base64.StdEncoding.EncodeToString([]byte("username:password")),
+			orgID:          "orgID",
+			expectedStatus: http.StatusOK,
+		},
 		{
 			name: "not found route",
 			config: &Config{
@@ -348,6 +374,11 @@ func TestStartGateway(t *testing.T) {
 			for _, path := range tc.paths {
 				req, _ := http.NewRequest("GET", mockServer.URL+path, nil)
 				req.Header.Set("Authorization", tc.authHeader)
+
+				if tc.orgID != "" {
+					req.Header.Set("X-Scope-OrgID", tc.orgID)
+				}
+
 				resp, err := client.Do(req)
 				if err != nil {
 					t.Fatal(err)
diff --git a/gateway/middleware.go b/gateway/middleware.go
index f4fcbc6..b46db5f 100644
--- a/gateway/middleware.go
+++ b/gateway/middleware.go
@@ -58,7 +58,9 @@ func (tenant *Tenant) basicAuth(w http.ResponseWriter, r *http.Request) bool {
 		return false
 	}
 
-	r.Header.Set("X-Scope-OrgID", tenant.ID)
+	if !tenant.Passthrough {
+		r.Header.Set("X-Scope-OrgID", tenant.ID)
+	}
 	return true
 }