Add headers to allow for caching API backends that set HTTP basic auth.

This is part of 18F/api.data.gov#281 The bulk of this will be implemented (with tests) over in the router project, since that's where the caching stuff lives. But this allows us to distinguish between authorization headers we add due to api backend config versus externally sent authorization headers.
NREL · Sep 10, 2015 · fae65a0 · fae65a0
1 parent fab52f7
commit fae65a0
Showing 1 changed file with 4 additions and 1 deletion.
diff --git a/lib/gatekeeper/middleware/rewrite_request.js b/lib/gatekeeper/middleware/rewrite_request.js
@@ -86,7 +86,7 @@ _.extend(RewriteRequest.prototype, {
     }
 
     // Never pass along basic auth if it's how the api key was passed in
-    // (otherwise, we don't want to touch the basica auth and pass along
+    // (otherwise, we don't want to touch the basic auth and pass along
     // whatever it contains)..
     if(request.apiUmbrellaGatekeeper.user && request.basicAuthUsername === request.apiUmbrellaGatekeeper.apiKey) {
       delete request.headers.authorization;
@@ -147,6 +147,9 @@ _.extend(RewriteRequest.prototype, {
     if(auth) {
       var base64 = (new Buffer(auth, 'ascii')).toString('base64');
       request.headers.Authorization = 'Basic ' + base64;
+      request.headers['X-Api-Umbrella-Allow-Authorization-Caching'] = 'true';
+    } else {
+      delete request.headers['x-api-umbrella-allow-authorization-caching'];
     }
   },