diff options
| author | mo khan <mo@mokhan.ca> | 2025-03-13 16:43:47 -0600 |
|---|---|---|
| committer | mo khan <mo@mokhan.ca> | 2025-03-13 16:43:47 -0600 |
| commit | c9f394fe7fa0a5a6504b5b80ae7019cffdf4bb14 (patch) | |
| tree | da1ef1c59264221c2c483ddd76401ee19cd1015c /pkg/prxy/prxy.go | |
| parent | b55a6617971fa50bb064480f78343e6c0bc59dbe (diff) | |
refactor: extract authz interface to test out different PaC libraries
Diffstat (limited to 'pkg/prxy/prxy.go')
| -rw-r--r-- | pkg/prxy/prxy.go | 31 |
1 files changed, 15 insertions, 16 deletions
diff --git a/pkg/prxy/prxy.go b/pkg/prxy/prxy.go index 54aad00c..0e6e8c31 100644 --- a/pkg/prxy/prxy.go +++ b/pkg/prxy/prxy.go @@ -3,33 +3,32 @@ package prxy import ( "fmt" "log" + "net" "net/http" "net/http/httputil" - "strings" + "net/url" - "github.com/casbin/casbin/v2" "github.com/xlgmokha/x/pkg/x" ) func New(routes map[string]string) http.Handler { - authz := x.Must(casbin.NewEnforcer("model.conf", "policy.csv")) + mapped := map[string]*url.URL{} + for source, destination := range routes { + mapped[source] = x.Must(url.Parse(destination)) + } return &httputil.ReverseProxy{ Director: func(r *http.Request) { - segments := strings.SplitN(r.Host, ":", 2) - host := segments[0] - destinationHost := routes[host] - - log.Printf("%v (from: %v to: %v)\n", r.URL, host, destinationHost) - - subject := "71cbc18e-bd41-4229-9ad2-749546a2a4a7" // TODO:: unpack sub claim in JWT - if x.Must(authz.Enforce(subject, host, r.Method, r.URL.Path)) { - r.URL.Scheme = "http" // TODO:: use TLS - r.Host = destinationHost - r.URL.Host = destinationHost - } else { - log.Println("UNAUTHORIZED") // TODO:: Return forbidden, unauthorized or not found status code + host, _, err := net.SplitHostPort(r.Host) + if err != nil { + fmt.Printf("%v\n", err) + return } + + destination := mapped[host] + r.URL.Scheme = destination.Scheme + r.Host = destination.Host + r.URL.Host = destination.Host }, Transport: http.DefaultTransport, FlushInterval: -1, |