proxy: use middleware to manage request flow

proxy: remove duplicate error handling in New proxy: remove routeConfigs in favor of using gorilla/mux proxy: add proxy specific middleware proxy: no longer need to use middleware / handler to check if valid route. Can use build in 404 mux. internal/middleware: add cors bypass middleware Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
2025-05-10 15:47:36 +02:00 · 2019-09-24 18:56:35 -07:00 · 2019-09-24 18:56:35 -07:00 · 782ffbeb3e
commit 782ffbeb3e
parent 70c5553d3c
17 changed files with 834 additions and 839 deletions
--- a/internal/middleware/middleware.go
+++ b/internal/middleware/middleware.go
@ -6,6 +6,7 @@ import (
 	"net/http"
 	"net/url"
 	"strings"
+	"time"

 	"github.com/pomerium/pomerium/internal/cryptutil"
 	"github.com/pomerium/pomerium/internal/httputil"
@ -121,22 +122,6 @@ func ValidateSignature(sharedSecret string) func(next http.Handler) http.Handler
 	}
 }

-// ValidateHost ensures that each request's host is valid
-func ValidateHost(validHost func(host string) bool) func(next http.Handler) http.Handler {
-	return func(next http.Handler) http.Handler {
-		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-			ctx, span := trace.StartSpan(r.Context(), "middleware.ValidateHost")
-			defer span.End()
-
-			if !validHost(r.Host) {
-				httputil.ErrorResponse(w, r, httputil.Error("", http.StatusNotFound, nil))
-				return
-			}
-			next.ServeHTTP(w, r.WithContext(ctx))
-		})
-	}
-}
-
 // Healthcheck endpoint middleware useful to setting up a path like
 // `/ping` that load balancers or uptime testing external services
 // can make a request before hitting any routes. It's also convenient
@ -185,3 +170,33 @@ func ValidSignature(redirectURI, sigVal, timestamp, secret string) bool {
 	}
 	return cryptutil.CheckHMAC([]byte(fmt.Sprint(redirectURI, timestamp)), requestSig, secret)
 }
+
+// StripCookie strips the cookie from the downstram request.
+func StripCookie(cookieName string) func(next http.Handler) http.Handler {
+	return func(next http.Handler) http.Handler {
+		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+			ctx, span := trace.StartSpan(r.Context(), "middleware.StripCookie")
+			defer span.End()
+
+			headers := make([]string, 0, len(r.Cookies()))
+			for _, cookie := range r.Cookies() {
+				if !strings.HasPrefix(cookie.Name, cookieName) {
+					headers = append(headers, cookie.String())
+				}
+			}
+			r.Header.Set("Cookie", strings.Join(headers, ";"))
+			next.ServeHTTP(w, r.WithContext(ctx))
+		})
+	}
+}
+
+// TimeoutHandlerFunc wraps http.TimeoutHandler
+func TimeoutHandlerFunc(timeout time.Duration, timeoutError string) func(next http.Handler) http.Handler {
+	return func(next http.Handler) http.Handler {
+		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+			ctx, span := trace.StartSpan(r.Context(), "middleware.TimeoutHandlerFunc")
+			defer span.End()
+			http.TimeoutHandler(next, timeout, timeoutError).ServeHTTP(w, r.WithContext(ctx))
+		})
+	}
+}