authorize: build full URL from gRPC request

authorize/grpc.go

@@ -4,6 +4,7 @@ package authorize
 
 import (
 	"context"
+	"net/url"
 
 	"github.com/pomerium/pomerium/authorize/evaluator"
 	"github.com/pomerium/pomerium/internal/grpc/authorize"
@@ -22,7 +23,7 @@ func (a *Authorize) IsAuthorized(ctx context.Context, in *authorize.IsAuthorized
 		Method:     in.GetRequestMethod(),
 		RequestURI: in.GetRequestRequestUri(),
 		RemoteAddr: in.GetRequestRemoteAddr(),
-		URL:        in.GetRequestUrl(),
+		URL:        getFullURL(in.GetRequestUrl(), in.GetRequestHost()),
 	}
 	return a.pe.IsAuthorized(ctx, req)
 }
@@ -38,3 +39,17 @@ func cloneHeaders(in protoHeader) map[string][]string {
 	}
 	return out
 }
+
+func getFullURL(rawurl, host string) string {
+	u, err := url.Parse(rawurl)
+	if err != nil {
+		u = &url.URL{Path: rawurl}
+	}
+	if u.Host == "" {
+		u.Host = host
+	}
+	if u.Scheme == "" {
+		u.Scheme = "http"
+	}
+	return u.String()
+}

authorize/grpc_test.go

@@ -47,3 +47,19 @@ func TestAuthorize_IsAuthorized(t *testing.T) {
 		})
 	}
 }
+
+func Test_getFullURL(t *testing.T) {
+	tests := []struct {
+		rawurl, host, expect string
+	}{
+		{"https://www.example.com/admin", "", "https://www.example.com/admin"},
+		{"https://www.example.com/admin", "example.com", "https://www.example.com/admin"},
+		{"/admin", "example.com", "http://example.com/admin"},
+	}
+	for _, tt := range tests {
+		actual := getFullURL(tt.rawurl, tt.host)
+		if actual != tt.expect {
+			t.Errorf("expected getFullURL(%s, %s) to be %s, but got %s", tt.rawurl, tt.host, tt.expect, actual)
+		}
+	}
+}