GetAppInfo makes a request to the appURL and stops at the first redirect. The 302 location header will contain the auth domain
(reqURL *url.URL)
| 359 | // GetAppInfo makes a request to the appURL and stops at the first redirect. The 302 location header will contain the |
| 360 | // auth domain |
| 361 | func GetAppInfo(reqURL *url.URL) (*AppInfo, error) { |
| 362 | client := &http.Client{ |
| 363 | // do not follow redirects |
| 364 | CheckRedirect: func(req *http.Request, via []*http.Request) error { |
| 365 | // stop after hitting login endpoint since it will contain app path |
| 366 | if strings.Contains(via[len(via)-1].URL.Path, AccessLoginWorkerPath) { |
| 367 | return http.ErrUseLastResponse |
| 368 | } |
| 369 | return nil |
| 370 | }, |
| 371 | Timeout: time.Second * 7, |
| 372 | } |
| 373 | |
| 374 | appInfoReq, err := http.NewRequest("HEAD", reqURL.String(), nil) |
| 375 | if err != nil { |
| 376 | return nil, errors.Wrap(err, "failed to create app info request") |
| 377 | } |
| 378 | appInfoReq.Header.Add("User-Agent", userAgent) |
| 379 | resp, err := client.Do(appInfoReq) // nolint: gosec |
| 380 | if err != nil { |
| 381 | return nil, errors.Wrap(err, "failed to get app info") |
| 382 | } |
| 383 | _ = resp.Body.Close() |
| 384 | |
| 385 | var aud string |
| 386 | location := resp.Request.URL |
| 387 | if strings.Contains(location.Path, AccessLoginWorkerPath) { |
| 388 | aud = resp.Request.URL.Query().Get("kid") |
| 389 | if aud == "" { |
| 390 | return nil, errors.New("Empty app aud") |
| 391 | } |
| 392 | } else if audHeader := resp.Header.Get(appAUDHeader); audHeader != "" { |
| 393 | // 403/401 from the edge will have aud in a header |
| 394 | aud = audHeader |
| 395 | } else { |
| 396 | return nil, fmt.Errorf("failed to find Access application at %s", reqURL.String()) |
| 397 | } |
| 398 | |
| 399 | domain := resp.Header.Get(appDomainHeader) |
| 400 | if domain == "" { |
| 401 | return nil, errors.New("Empty app domain") |
| 402 | } |
| 403 | |
| 404 | return &AppInfo{location.Hostname(), aud, domain}, nil |
| 405 | } |
| 406 | |
| 407 | func handleRedirects(req *http.Request, via []*http.Request, orgToken string) error { |
| 408 | // attach org token to login request |
no test coverage detected