commit dd213159a7a44ae9b35524de154f6ca6ccd568f3
author gio <gio@v1.dodo.cloud> Fri Sep 27 11:26:59 2024 +0200
committer gio <gio@v1.dodo.cloud> Thu Oct 03 12:43:25 2024 +0400
tree 6ccf5807dbc42331bca84e4081023b58fae9bfa6
parent dcd9fefca814cd6cb997d2da9b00b4356589aee3

Auth: Add page to change password.

Configure launcher as a default return to address.

Use standard X-Forwarded-User instead of custom X-User header.
Add X-Forwarded-UserId header holding user unique identificator.

Change-Id: Ib2e6329ba9fb91d2cc9a86b0c5fc78898769e3b8

core/auth/proxy/main.go

diff --git a/core/auth/proxy/main.go b/core/auth/proxy/main.go
index 2c10258..8c98d20 100644
--- a/core/auth/proxy/main.go
+++ b/core/auth/proxy/main.go
@@ -44,6 +44,7 @@
 
 type user struct {
 	Identity struct {
+		Id     string `json:"id"`
 		Traits struct {
 			Username string `json:"username"`
 		} `json:"traits"`
@@ -95,7 +96,8 @@
 func handle(w http.ResponseWriter, r *http.Request) {
 	reqAuth := true
 	for _, p := range strings.Split(*noAuthPathPrefixes, ",") {
-		if strings.HasPrefix(r.URL.Path, p) {
+		t := strings.TrimSpace(p)
+		if len(t) > 0 && strings.HasPrefix(r.URL.Path, t) {
 			reqAuth = false
 			break
 		}
@@ -104,6 +106,7 @@
 	if reqAuth {
 		var err error
 		user, err = queryWhoAmI(r.Cookies())
+		fmt.Printf("--- %+v\n", user)
 		if err != nil {
 			http.Error(w, err.Error(), http.StatusInternalServerError)
 			return
@@ -142,11 +145,10 @@
 			}
 		}
 	}
+	fmt.Printf("%+v\n", user)
 	rc := r.Clone(context.Background())
-	if user != nil {
-		// TODO(gio): Rename to X-Forwarded-User
-		rc.Header.Add("X-User", user.Identity.Traits.Username)
-	}
+	rc.Header.Add("X-Forwarded-User", user.Identity.Traits.Username)
+	rc.Header.Add("X-Forwarded-UserId", user.Identity.Id)
 	ru, err := url.Parse(fmt.Sprintf("http://%s%s", *upstream, r.URL.RequestURI()))
 	if err != nil {
 		http.Error(w, err.Error(), http.StatusInternalServerError)