From fae65a0afa2e78a796afd091575e4c47d60e1140 Mon Sep 17 00:00:00 2001 From: Nick Muerdter Date: Wed, 9 Sep 2015 22:17:34 -0600 Subject: [PATCH] Add headers to allow for caching API backends that set HTTP basic auth. This is part of https://github.com/18F/api.data.gov/issues/281 The bulk of this will be implemented (with tests) over in the router project, since that's where the caching stuff lives. But this allows us to distinguish between authorization headers we add due to api backend config versus externally sent authorization headers. --- lib/gatekeeper/middleware/rewrite_request.js | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/lib/gatekeeper/middleware/rewrite_request.js b/lib/gatekeeper/middleware/rewrite_request.js index 97007a2d..fe65d4e3 100644 --- a/lib/gatekeeper/middleware/rewrite_request.js +++ b/lib/gatekeeper/middleware/rewrite_request.js @@ -86,7 +86,7 @@ _.extend(RewriteRequest.prototype, { } // Never pass along basic auth if it's how the api key was passed in - // (otherwise, we don't want to touch the basica auth and pass along + // (otherwise, we don't want to touch the basic auth and pass along // whatever it contains).. if(request.apiUmbrellaGatekeeper.user && request.basicAuthUsername === request.apiUmbrellaGatekeeper.apiKey) { delete request.headers.authorization; @@ -147,6 +147,9 @@ _.extend(RewriteRequest.prototype, { if(auth) { var base64 = (new Buffer(auth, 'ascii')).toString('base64'); request.headers.Authorization = 'Basic ' + base64; + request.headers['X-Api-Umbrella-Allow-Authorization-Caching'] = 'true'; + } else { + delete request.headers['x-api-umbrella-allow-authorization-caching']; } },