refactor: extract authz interface to test out different PaC libraries

author: mo khan <mo@mokhan.ca> 2025-03-13 16:43:47 -0600
committer: mo khan <mo@mokhan.ca> 2025-03-13 16:43:47 -0600
commit: c9f394fe7fa0a5a6504b5b80ae7019cffdf4bb14 (patch)
tree: da1ef1c59264221c2c483ddd76401ee19cd1015c /pkg/prxy
parent: b55a6617971fa50bb064480f78343e6c0bc59dbe (diff)
2 files changed, 64 insertions, 16 deletions
diff --git a/pkg/prxy/prxy.go b/pkg/prxy/prxy.go
index 54aad00..0e6e8c3 100644
--- a/pkg/prxy/prxy.go
+++ b/pkg/prxy/prxy.go
@@ -3,33 +3,32 @@ package prxy
 import (
 	"fmt"
 	"log"
+	"net"
 	"net/http"
 	"net/http/httputil"
-	"strings"
+	"net/url"
 
-	"github.com/casbin/casbin/v2"
 	"github.com/xlgmokha/x/pkg/x"
 )
 
 func New(routes map[string]string) http.Handler {
-	authz := x.Must(casbin.NewEnforcer("model.conf", "policy.csv"))
+	mapped := map[string]*url.URL{}
+	for source, destination := range routes {
+		mapped[source] = x.Must(url.Parse(destination))
+	}
 
 	return &httputil.ReverseProxy{
 		Director: func(r *http.Request) {
-			segments := strings.SplitN(r.Host, ":", 2)
-			host := segments[0]
-			destinationHost := routes[host]
-
-			log.Printf("%v (from: %v to: %v)\n", r.URL, host, destinationHost)
-
-			subject := "71cbc18e-bd41-4229-9ad2-749546a2a4a7" // TODO:: unpack sub claim in JWT
-			if x.Must(authz.Enforce(subject, host, r.Method, r.URL.Path)) {
-				r.URL.Scheme = "http" // TODO:: use TLS
-				r.Host = destinationHost
-				r.URL.Host = destinationHost
-			} else {
-				log.Println("UNAUTHORIZED") // TODO:: Return forbidden, unauthorized or not found status code
+			host, _, err := net.SplitHostPort(r.Host)
+			if err != nil {
+				fmt.Printf("%v\n", err)
+				return
 			}
+
+			destination := mapped[host]
+			r.URL.Scheme = destination.Scheme
+			r.Host = destination.Host
+			r.URL.Host = destination.Host
 		},
 		Transport:     http.DefaultTransport,
 		FlushInterval: -1,
diff --git a/pkg/prxy/prxy_test.go b/pkg/prxy/prxy_test.go
new file mode 100644
index 0000000..6f37974
--- /dev/null
+++ b/pkg/prxy/prxy_test.go
@@ -0,0 +1,49 @@
+package prxy
+
+import (
+	"net/http"
+	"net/http/httptest"
+	"net/url"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+	"github.com/xlgmokha/x/pkg/x"
+	"gitlab.com/mokhax/spike/pkg/test"
+)
+
+func TestProxy(t *testing.T) {
+	t.Run("http://idp.test", func(t *testing.T) {
+		var lastIdPRequest *http.Request
+		var lastUiRequest *http.Request
+
+		idp := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+			lastIdPRequest = r
+			w.WriteHeader(http.StatusOK)
+		}))
+		defer idp.Close()
+
+		ui := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+			lastUiRequest = r
+			w.WriteHeader(http.StatusTeapot)
+		}))
+		defer ui.Close()
+
+		subject := New(map[string]string{
+			"idp.test": idp.URL,
+			"ui.test":  ui.URL,
+		})
+
+		r, w := test.RequestResponse("GET", "http://idp.test:8080/saml/new")
+
+		subject.ServeHTTP(w, r)
+
+		url := x.Must(url.Parse(idp.URL))
+
+		assert.Nil(t, lastUiRequest)
+		assert.Equal(t, http.StatusOK, w.Code)
+
+		require.NotNil(t, lastIdPRequest)
+		assert.Equal(t, url.Host, lastIdPRequest.Host)
+	})
+}
author	mo khan <mo@mokhan.ca>	2025-03-13 16:43:47 -0600
committer	mo khan <mo@mokhan.ca>	2025-03-13 16:43:47 -0600
commit	c9f394fe7fa0a5a6504b5b80ae7019cffdf4bb14 (patch)
tree	da1ef1c59264221c2c483ddd76401ee19cd1015c /pkg/prxy
parent	b55a6617971fa50bb064480f78343e6c0bc59dbe (diff)