(next http.Handler)
| 95 | } |
| 96 | |
| 97 | func AuditRequestHttp(next http.Handler) http.Handler { |
| 98 | return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { |
| 99 | skip := func(method string) bool { |
| 100 | return skipEPs[r.URL.Path] |
| 101 | } |
| 102 | |
| 103 | if atomic.LoadUint32(&auditEnabled) == 0 || skip(r.URL.Path) { |
| 104 | next.ServeHTTP(w, r) |
| 105 | return |
| 106 | } |
| 107 | |
| 108 | // Websocket connection in graphQl happens differently. We only get access tokens and |
| 109 | // metadata in payload later once the connection is upgraded to correct protocol. |
| 110 | // Doc: https://github.com/apollographql/subscriptions-transport-ws/blob/v0.9.4/PROTOCOL.md |
| 111 | // |
| 112 | // Auditing for websocket connections will be handled by graphql/admin/http.go:154#Subscribe |
| 113 | for _, subprotocol := range websocket.Subprotocols(r) { |
| 114 | if subprotocol == "graphql-ws" { |
| 115 | next.ServeHTTP(w, r) |
| 116 | return |
| 117 | } |
| 118 | } |
| 119 | |
| 120 | rw := NewResponseWriter(w) |
| 121 | var buf bytes.Buffer |
| 122 | tee := io.TeeReader(r.Body, &buf) |
| 123 | r.Body = io.NopCloser(tee) |
| 124 | next.ServeHTTP(rw, r) |
| 125 | r.Body = io.NopCloser(bytes.NewReader(buf.Bytes())) |
| 126 | auditHttp(rw, r) |
| 127 | }) |
| 128 | } |
| 129 | |
| 130 | func AuditWebSockets(ctx context.Context, req *schema.Request) { |
| 131 | if atomic.LoadUint32(&auditEnabled) == 0 { |
no test coverage detected