refactor: extract proxy package

author: mo khan <mo@mokhan.ca> 2025-03-13 09:19:45 -0600
committer: mo khan <mo@mokhan.ca> 2025-03-13 09:19:45 -0600
commit: 52ca752eb2f55f858a9b943441bdc0e6353dc128 (patch)
tree: 47e756739c567ff628b29b894ea6aa27690aa7a1 /pkg
parent: fa141110137caafd40ab62d33fe8acc3048d4c84 (diff)
1 files changed, 45 insertions, 0 deletions
diff --git a/pkg/prxy/prxy.go b/pkg/prxy/prxy.go
new file mode 100644
index 00000000..54aad00c
--- /dev/null
+++ b/pkg/prxy/prxy.go
@@ -0,0 +1,45 @@
+package prxy
+
+import (
+	"fmt"
+	"log"
+	"net/http"
+	"net/http/httputil"
+	"strings"
+
+	"github.com/casbin/casbin/v2"
+	"github.com/xlgmokha/x/pkg/x"
+)
+
+func New(routes map[string]string) http.Handler {
+	authz := x.Must(casbin.NewEnforcer("model.conf", "policy.csv"))
+
+	return &httputil.ReverseProxy{
+		Director: func(r *http.Request) {
+			segments := strings.SplitN(r.Host, ":", 2)
+			host := segments[0]
+			destinationHost := routes[host]
+
+			log.Printf("%v (from: %v to: %v)\n", r.URL, host, destinationHost)
+
+			subject := "71cbc18e-bd41-4229-9ad2-749546a2a4a7" // TODO:: unpack sub claim in JWT
+			if x.Must(authz.Enforce(subject, host, r.Method, r.URL.Path)) {
+				r.URL.Scheme = "http" // TODO:: use TLS
+				r.Host = destinationHost
+				r.URL.Host = destinationHost
+			} else {
+				log.Println("UNAUTHORIZED") // TODO:: Return forbidden, unauthorized or not found status code
+			}
+		},
+		Transport:     http.DefaultTransport,
+		FlushInterval: -1,
+		ErrorLog:      nil,
+		ModifyResponse: func(r *http.Response) error {
+			r.Header.Add("Via", fmt.Sprintf("%v gtwy", r.Proto))
+			return nil
+		},
+		ErrorHandler: func(w http.ResponseWriter, r *http.Request, err error) {
+			log.Println(err)
+		},
+	}
+}
author	mo khan <mo@mokhan.ca>	2025-03-13 09:19:45 -0600
committer	mo khan <mo@mokhan.ca>	2025-03-13 09:19:45 -0600
commit	52ca752eb2f55f858a9b943441bdc0e6353dc128 (patch)
tree	47e756739c567ff628b29b894ea6aa27690aa7a1 /pkg
parent	fa141110137caafd40ab62d33fe8acc3048d4c84 (diff)