| 216 | } |
| 217 | |
| 218 | func authFromHeader(req *http.Request, basicFunc func(user, passwd string) bool, bearerFunc func(token string) bool) error { |
| 219 | headerValue := req.Header.Get(ProxyAuthorizationHeader) |
| 220 | |
| 221 | if ProxyAuthorizationHeader != "Proxy-Authorization" && req.Header.Get("Proxy-Authorization") != "" { |
| 222 | return fmt.Errorf("407 `Proxy-Authorization` header is disabled, use `X-HOVERFLY-AUTHORIZATION` instead") |
| 223 | } |
| 224 | |
| 225 | authheader := strings.SplitN(headerValue, " ", 2) |
| 226 | req.Header.Del(ProxyAuthorizationHeader) |
| 227 | if len(authheader) != 2 { |
| 228 | return fmt.Errorf(errProxyAuthRequired) |
| 229 | } |
| 230 | if authheader[0] == "Basic" { |
| 231 | userpassraw, err := base64.StdEncoding.DecodeString(authheader[1]) |
| 232 | if err != nil { |
| 233 | return fmt.Errorf(errProxyAuthRequired) |
| 234 | } |
| 235 | userpass := strings.SplitN(string(userpassraw), ":", 2) |
| 236 | if len(userpass) != 2 { |
| 237 | return fmt.Errorf(errProxyAuthRequired) |
| 238 | } |
| 239 | result := basicFunc(userpass[0], userpass[1]) |
| 240 | if result == false { |
| 241 | return fmt.Errorf(errProxyAuthRequired) |
| 242 | } |
| 243 | } else if authheader[0] == "Bearer" { |
| 244 | result := bearerFunc(authheader[1]) |
| 245 | if result == false { |
| 246 | return fmt.Errorf(errProxyAuthRequired) |
| 247 | } |
| 248 | } else { |
| 249 | return fmt.Errorf("407 Unknown authentication type `%v`, only `Basic` or `Bearer` are supported", authheader[0]) |
| 250 | } |
| 251 | |
| 252 | return nil |
| 253 | } |
| 254 | |
| 255 | func matchesFilter(filter string) goproxy.ReqConditionFunc { |
| 256 | re := regexp.MustCompile(filter) |