diff options
Diffstat (limited to 'pkg/prxy')
| -rw-r--r-- | pkg/prxy/prxy.go | 45 |
1 files changed, 45 insertions, 0 deletions
diff --git a/pkg/prxy/prxy.go b/pkg/prxy/prxy.go new file mode 100644 index 00000000..54aad00c --- /dev/null +++ b/pkg/prxy/prxy.go @@ -0,0 +1,45 @@ +package prxy + +import ( + "fmt" + "log" + "net/http" + "net/http/httputil" + "strings" + + "github.com/casbin/casbin/v2" + "github.com/xlgmokha/x/pkg/x" +) + +func New(routes map[string]string) http.Handler { + authz := x.Must(casbin.NewEnforcer("model.conf", "policy.csv")) + + return &httputil.ReverseProxy{ + Director: func(r *http.Request) { + segments := strings.SplitN(r.Host, ":", 2) + host := segments[0] + destinationHost := routes[host] + + log.Printf("%v (from: %v to: %v)\n", r.URL, host, destinationHost) + + subject := "71cbc18e-bd41-4229-9ad2-749546a2a4a7" // TODO:: unpack sub claim in JWT + if x.Must(authz.Enforce(subject, host, r.Method, r.URL.Path)) { + r.URL.Scheme = "http" // TODO:: use TLS + r.Host = destinationHost + r.URL.Host = destinationHost + } else { + log.Println("UNAUTHORIZED") // TODO:: Return forbidden, unauthorized or not found status code + } + }, + Transport: http.DefaultTransport, + FlushInterval: -1, + ErrorLog: nil, + ModifyResponse: func(r *http.Response) error { + r.Header.Add("Via", fmt.Sprintf("%v gtwy", r.Proto)) + return nil + }, + ErrorHandler: func(w http.ResponseWriter, r *http.Request, err error) { + log.Println(err) + }, + } +} |