Mercurial > gemma
changeset 421:c37457f12b8e
Differ between internal and external proxies.
author | Sascha L. Teichmann <sascha.teichmann@intevation.de> |
---|---|
date | Thu, 16 Aug 2018 15:17:21 +0200 |
parents | be38eec5cc25 |
children | 9869bc03155e 42e64da55095 |
files | pkg/config/config.go pkg/controllers/proxy.go pkg/controllers/routes.go |
diffstat | 3 files changed, 72 insertions(+), 67 deletions(-) [+] |
line wrap: on
line diff
--- a/pkg/config/config.go Thu Aug 16 13:47:30 2018 +0200 +++ b/pkg/config/config.go Thu Aug 16 15:17:21 2018 +0200 @@ -42,7 +42,7 @@ func AllowedOrigins() []string { return viper.GetStringSlice("allowed-origins") } -func ExternalWFSs() map[string]interface{} { return viper.GetStringMap("external-wfs") } +func Proxies(key string) map[string]interface{} { return viper.GetStringMap(key) } func GeoServerURL() string { return viper.GetString("geoserver-url") } func GeoServerUser() string { return viper.GetString("geoserver-user") }
--- a/pkg/controllers/proxy.go Thu Aug 16 13:47:30 2018 +0200 +++ b/pkg/controllers/proxy.go Thu Aug 16 15:17:21 2018 +0200 @@ -35,77 +35,82 @@ "http://schemas.opengis.net/gml": struct{}{}, } -func findEntry(entry string) (string, bool) { - external := config.ExternalWFSs() - if external == nil || len(external) == 0 { - return "", false - } - alias, found := external[entry] - if !found { - return "", false +func findProxy(key string) func(string) (string, bool) { + entries := config.Proxies(key) + return func(entry string) (string, bool) { + if entries == nil || len(entries) == 0 { + return "", false + } + alias, found := entries[entry] + if !found { + return "", false + } + data, ok := alias.(map[string]interface{}) + if !ok { + return "", false + } + urlS, found := data["url"] + if !found { + return "", false + } + url, ok := urlS.(string) + return url, ok } - data, ok := alias.(map[string]interface{}) - if !ok { - return "", false - } - urlS, found := data["url"] - if !found { - return "", false - } - url, ok := urlS.(string) - return url, ok } -func proxyDirector(req *http.Request) { - - log.Printf("proxyDirector: %s\n", req.RequestURI) +func proxyDirector(lookup func(string) (string, bool)) func(*http.Request) { - abort := func(format string, args ...interface{}) { - log.Printf(format, args...) - panic(http.ErrAbortHandler) - } - - vars := mux.Vars(req) - - var s string + return func(req *http.Request) { - if entry, found := vars["entry"]; found { - if s, found = findEntry(entry); !found { - abort("Cannot find entry '%s'\n", entry) - } - } else { - expectedMAC, err := base64.URLEncoding.DecodeString(vars["hash"]) - if err != nil { - abort("Cannot base64 decode hash: %v\n", err) - } - url, err := base64.URLEncoding.DecodeString(vars["url"]) - if err != nil { - abort("Cannot base64 decode url: %v\n", err) + log.Printf("proxyDirector: %s\n", req.RequestURI) + + abort := func(format string, args ...interface{}) { + log.Printf(format, args...) + panic(http.ErrAbortHandler) } - mac := hmac.New(sha256.New, config.ProxyKey()) - mac.Write(url) - messageMAC := mac.Sum(nil) + vars := mux.Vars(req) + + var s string - s = string(url) - - if !hmac.Equal(messageMAC, expectedMAC) { - abort("HMAC of URL %s failed.\n", s) - } - } + if entry, found := vars["entry"]; found { + if s, found = lookup(entry); !found { + abort("Cannot find entry '%s'\n", entry) + } + } else { + expectedMAC, err := base64.URLEncoding.DecodeString(vars["hash"]) + if err != nil { + abort("Cannot base64 decode hash: %v\n", err) + } + url, err := base64.URLEncoding.DecodeString(vars["url"]) + if err != nil { + abort("Cannot base64 decode url: %v\n", err) + } - nURL := s + "?" + req.URL.RawQuery - //log.Printf("%v\n", nURL) + mac := hmac.New(sha256.New, config.ProxyKey()) + mac.Write(url) + messageMAC := mac.Sum(nil) + + s = string(url) + + if !hmac.Equal(messageMAC, expectedMAC) { + abort("HMAC of URL %s failed.\n", s) + } + } - u, err := url.Parse(nURL) - if err != nil { - abort("Invalid url: %v\n", err) + nURL := s + "?" + req.URL.RawQuery + //log.Printf("%v\n", nURL) + + u, err := url.Parse(nURL) + if err != nil { + abort("Invalid url: %v\n", err) + } + req.URL = u + + req.Host = u.Host + //req.Header.Del("If-None-Match") + //log.Printf("headers: %v\n", req.Header) } - req.URL = u - - req.Host = u.Host - //req.Header.Del("If-None-Match") - //log.Printf("headers: %v\n", req.Header) } type nopCloser struct {
--- a/pkg/controllers/routes.go Thu Aug 16 13:47:30 2018 +0200 +++ b/pkg/controllers/routes.go Thu Aug 16 15:17:21 2018 +0200 @@ -54,24 +54,24 @@ // Proxy for external WFSs. proxy := &httputil.ReverseProxy{ - Director: proxyDirector, - ModifyResponse: proxyModifyResponse("/api/proxy/"), + Director: proxyDirector(findProxy("external")), + ModifyResponse: proxyModifyResponse("/api/external/"), } - api.Handle("/proxy/{hash}/{url}", proxy). + api.Handle("/external/{hash}/{url}", proxy). Methods( http.MethodGet, http.MethodPost, http.MethodPut, http.MethodDelete) - api.Handle("/proxy/{entry}", proxy). + api.Handle("/external/{entry}", proxy). Methods( http.MethodGet, http.MethodPost, http.MethodPut, http.MethodDelete) // Proxy for external WFSs. internal := &httputil.ReverseProxy{ - Director: proxyDirector, - ModifyResponse: proxyModifyResponse("/api/internal"), + Director: proxyDirector(findProxy("internal")), + ModifyResponse: proxyModifyResponse("/api/internal/"), } internalAuth := all(