Added proxy mode to furby

Author: dpattmann

.github/workflows/default.yml

@@ -20,6 +20,8 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
       - name: Setup go env
         uses: actions/setup-go@v2.1.4
         with:

.goreleaser.yml

@@ -1,24 +1,30 @@
 before:
   hooks:
     - go mod tidy
+
 builds:
-  -
-    main: ./cmd/furby
+  - main: ./cmd/furby
     env:
       - CGO_ENABLED=0
     goos:
       - linux
+
 archives:
   - replacements:
       linux: Linux
       amd64: x86_64
+
 checksum:
   name_template: 'checksums.txt'
+
 snapshot:
   name_template: "{{ incpatch .Version }}-next"
+
 changelog:
+  use: git
   sort: asc
   filters:
     exclude:
       - '^docs:'
       - '^test:'
+      - '^build(deps):'

cmd/furby/furby.go

@@ -3,6 +3,7 @@ package main
 import (
 	"log"
 	"net/http"
+	"net/url"
 
 	"github.com/dpattmann/furby/internal/auth"
 	"github.com/dpattmann/furby/internal/config"
@@ -48,9 +49,17 @@ func main() {
 			authorizer = auth.NewNoOpAuthorizer()
 		}
 
-		tokenHandler := handler.NewStoreHandler(tokenStore, authorizer)
-
-		m.Handle(s.Path, tokenHandler)
+		if s.Target != "" {
+			target, err := url.Parse("https://www.google.de")
+			if err != nil {
+				log.Fatalf("Can't parse url. Error: %v", err)
+			}
+			proxyHandler := handler.NewProxyHandler(target, tokenStore, authorizer)
+			m.Handle(s.Path, proxyHandler)
+		} else {
+			tokenHandler := handler.NewStoreHandler(tokenStore, authorizer)
+			m.Handle(s.Path, tokenHandler)
+		}
 	}
 
 	m.Handle("/metrics", promhttp.HandlerFor(metrics.PrometheusRegister, promhttp.HandlerOpts{}))

examples/config.json

@@ -1,20 +1,36 @@
 {
-    "auth" : {
+  "server": {
+    "tls": false
+  },
+  "stores": [
+    {
+      "interval": 5,
+      "path": "/",
+      "target": "https://api.gateway",
+      "credentials": {
+        "id": "integration-tests",
+        "scopes": [],
+        "secret": "secret",
+        "url": "http://localhost:4444/oauth2/token"
+      },
+      "auth": {
         "type": "noop",
         "user-agents": []
+      }
     },
-    "credentials" : {
-        "id": "ClientId",
+    {
+      "interval": 5,
+      "path": "/_cache",
+      "credentials": {
+        "id": "integration-tests",
         "scopes": [],
-        "secret": "ClientSecret",
-        "url": "https://oauth.server/oauth2/token"
-    },
-    "store": {
-        "interval": 5
-    },
-    "server": {
-        "cert": "",
-        "key": "",
-        "tls": false
+        "secret": "secret",
+        "url": "http://localhost:4444/oauth2/token"
+      },
+      "auth": {
+        "type": "noop",
+        "user-agents": []
+      }
     }
+  ]
 }

examples/config.yaml

@@ -1,19 +1,26 @@
 ---
-
-auth:
-    type: "noop"
-    user-agents: []
-
-credentials:
-    id: "ClientId"
-    scopes: []
-    secret: "ClientSecret"
-    url: "https://oauth.server/oauth2/token"
-
-store:
-    interval: 5
+stores:
+  - interval: 1
+    path: /
+    target: "https://api.gateway"
+    auth:
+      type: "noop"
+      user-agents: [ ]
+    credentials:
+      id: "ClientId"
+      scopes: [ ]
+      secret: "ClientSecret"
+      url: "https://oauth.server/oauth2/token"
+  - interval: 1
+    path: /_cache
+    auth:
+      type: "noop"
+      user-agents: [ ]
+    credentials:
+      id: "ClientId"
+      scopes: [ ]
+      secret: "ClientSecret"
+      url: "https://oauth.server/oauth2/token"
 
 server:
-    cert: ""
-    key: ""
-    tls: false
+  tls: false

integration/config.yaml

@@ -9,4 +9,7 @@ stores:
         - scope1
       url: http://localhost:4444/oauth2/token
     auth:
-      type: noop
+      type: noop
+
+server:
+  tls: false

internal/config/config.go

@@ -19,6 +19,7 @@ type Config struct {
 }
 
 type Store struct {
+	Target      string      `koanf:"target" validate:"omitempty,url"`
 	Path        string      `koanf:"path" validate:"required"`
 	Interval    int         `koanf:"interval" validate:"required"`
 	Auth        Auth        `koanf:"auth" validate:"required"`

internal/handler/error-messages.go

@@ -5,4 +5,5 @@ const (
 	JsonParseError  = "Error parsing JSON"
 	TeapotMessage   = "I'm a teapot"
 	Unauthorized    = "Not authorized"
+	ProxyError      = "Proxy error"
 )

internal/handler/proxy.go

@@ -0,0 +1,80 @@
+package handler
+
+import (
+	"net/http"
+	"net/http/httputil"
+	"net/url"
+
+	"github.com/dpattmann/furby/internal/auth"
+	"github.com/dpattmann/furby/internal/metrics"
+	"github.com/dpattmann/furby/internal/store"
+
+	"github.com/prometheus/client_golang/prometheus"
+)
+
+type ProxyHandler struct {
+	target *url.URL
+	store  store.Store
+	auth   auth.Authorizer
+}
+
+func NewProxyHandler(target *url.URL, store store.Store, auth auth.Authorizer) ProxyHandler {
+	return ProxyHandler{
+		target: target,
+		store:  store,
+		auth:   auth,
+	}
+}
+
+func (t ProxyHandler) ServeHTTP(w http.ResponseWriter, req *http.Request) {
+	metrics.ReceivedRequests.Inc()
+
+	timer := prometheus.NewTimer(metrics.RequestTime)
+	defer timer.ObserveDuration()
+
+	if req.Method != http.MethodGet {
+		http.Error(w, TeapotMessage, http.StatusTeapot)
+		return
+	}
+
+	if !t.auth.IsAuthorized(req) {
+		http.Error(w, Unauthorized, http.StatusUnauthorized)
+		return
+	}
+
+	token, err := t.store.GetToken()
+
+	if err != nil {
+		metrics.Http500Errors.Inc()
+		http.Error(w, TokenStoreError, http.StatusInternalServerError)
+		return
+	}
+
+	targetQuery := t.target.RawQuery
+
+	proxy := &httputil.ReverseProxy{
+		Director: func(proxyRequest *http.Request) {
+			proxyRequest.Header.Add("X-Forwarded-Host", proxyRequest.Host)
+			proxyRequest.Header.Add("X-Origin-Host", t.target.Host)
+			proxyRequest.Header.Add("Bearer", token.AccessToken)
+
+			proxyRequest.URL.Scheme = t.target.Scheme
+			proxyRequest.URL.Host = t.target.Host
+			proxyRequest.Host = t.target.Host
+
+			if targetQuery == "" || proxyRequest.URL.RawQuery == "" {
+				proxyRequest.URL.RawQuery = targetQuery + proxyRequest.URL.RawQuery
+			} else {
+				proxyRequest.URL.RawQuery = targetQuery + "&" + proxyRequest.URL.RawQuery
+			}
+
+		},
+		ErrorHandler: func(rw http.ResponseWriter, r *http.Request, err error) {
+			http.Error(rw, ProxyError, http.StatusInternalServerError)
+		},
+	}
+
+	proxy.ServeHTTP(w, req)
+
+	return
+}