WithServiceScope an HTTP filter that trims "/services/cache" prefix from the URL. for example: /services/cache/shards/amber/clusters/*/apis/apis.kcp.io/v1alpha1/apiexports is truncated to /shards/amber/clusters/*/apis/apis.kcp.io/v1alpha1/apiexports.
(handler http.Handler)
| 131 | // for example: /services/cache/shards/amber/clusters/*/apis/apis.kcp.io/v1alpha1/apiexports |
| 132 | // is truncated to /shards/amber/clusters/*/apis/apis.kcp.io/v1alpha1/apiexports. |
| 133 | func WithServiceScope(handler http.Handler) http.Handler { |
| 134 | return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) { |
| 135 | if path := req.URL.Path; strings.HasPrefix(path, "/services/cache") { |
| 136 | path = strings.TrimPrefix(path, "/services/cache") |
| 137 | req.URL.Path = path |
| 138 | newURL, err := url.Parse(req.URL.String()) |
| 139 | if err != nil { |
| 140 | responsewriters.ErrorNegotiated( |
| 141 | apierrors.NewInternalError(fmt.Errorf("unable to resolve %s, err %w", req.URL.Path, err)), |
| 142 | errorCodecs, schema.GroupVersion{}, |
| 143 | w, req) |
| 144 | return |
| 145 | } |
| 146 | req.URL = newURL |
| 147 | } |
| 148 | handler.ServeHTTP(w, req) |
| 149 | }) |
| 150 | } |
| 151 | |
| 152 | // WithCacheShardLevelPaths enforces that shard-level URLs (see |
| 153 | // pkg/authorization/shardpaths) are not reachable via a shard- or |