feat: add request header in match context (#719)

Closes #512 Co-authored-by: hackerman <[email protected]>
ory · May 14, 2021 · 22b0dbe · 22b0dbe
1 parent ae1b979
commit 22b0dbe
Show file tree

Hide file tree

Showing 8 changed files with 30 additions and 8 deletions.
diff --git a/docs/docs/pipeline.md b/docs/docs/pipeline.md
@@ -81,6 +81,8 @@ type AuthenticationSession struct {
 type MatchContext struct {
 	RegexpCaptureGroups []string
 	URL                 *url.URL
+	Method              string
+	Header              http.Header
 }
 ```
 
@@ -94,6 +96,12 @@ To use the subject extract to the token
 { "config_field": "{{ print .subject }}" }
 ```
 
+To use any arbitrary header value from the request headers
+
+```json
+{ "config_field": "{{ .MatchContext.Header.Get \"some_header\" }}" }
+```
+
 To use an embedded value in the `Extra` map (most of the time, it's a JWT token
 claim)
 

diff --git a/driver/health/event_manager.go b/driver/health/event_manager.go
@@ -3,8 +3,9 @@ package health
 import (
 	"context"
 
-	"github.com/ory/x/healthx"
 	"github.com/pkg/errors"
+
+	"github.com/ory/x/healthx"
 )
 
 type EventManager interface {

diff --git a/driver/health/event_manager_default.go b/driver/health/event_manager_default.go
@@ -3,8 +3,9 @@ package health
 import (
 	"context"
 
-	"github.com/ory/x/healthx"
 	"github.com/pkg/errors"
+
+	"github.com/ory/x/healthx"
 )
 
 type DefaultHealthEventManager struct {

diff --git a/pipeline/authn/authenticator.go b/pipeline/authn/authenticator.go
@@ -47,9 +47,10 @@ type AuthenticationSession struct {
 }
 
 type MatchContext struct {
-	RegexpCaptureGroups []string `json:"regexp_capture_groups"`
-	URL                 *url.URL `json:"url"`
-	Method              string   `json:"method"`
+	RegexpCaptureGroups []string    `json:"regexp_capture_groups"`
+	URL                 *url.URL    `json:"url"`
+	Method              string      `json:"method"`
+	Header              http.Header `json:"header"`
 }
 
 func (a *AuthenticationSession) SetHeader(key, val string) {

diff --git a/pipeline/authn/authenticator_jwt.go b/pipeline/authn/authenticator_jwt.go
@@ -6,9 +6,10 @@ import (
 	"net/http"
 
 	"github.com/form3tech-oss/jwt-go"
+	"github.com/pkg/errors"
+
 	"github.com/ory/go-convenience/jwtx"
 	"github.com/ory/herodot"
-	"github.com/pkg/errors"
 
 	"github.com/ory/oathkeeper/credentials"
 	"github.com/ory/oathkeeper/driver/configuration"

diff --git a/proxy/request_handler.go b/proxy/request_handler.go
@@ -351,6 +351,7 @@ func (d *RequestHandler) InitializeAuthnSession(r *http.Request, rl *rule.Rule)
 			RegexpCaptureGroups: values,
 			URL:                 r.URL,
 			Method:              r.Method,
+			Header:              r.Header,
 		}
 	}
 

diff --git a/proxy/request_handler_test.go b/proxy/request_handler_test.go
@@ -43,8 +43,10 @@ import (
 	"github.com/ory/oathkeeper/rule"
 )
 
+var TestHeader = http.Header{"Test-Header": []string{"Test-Value"}}
+
 func newTestRequest(u string) *http.Request {
-	return &http.Request{URL: x.ParseURLOrPanic(u), Method: "GET"}
+	return &http.Request{URL: x.ParseURLOrPanic(u), Method: "GET", Header: TestHeader}
 }
 
 func TestHandleError(t *testing.T) {
@@ -478,6 +480,7 @@ func TestInitializeSession(t *testing.T) {
 				RegexpCaptureGroups: []string{},
 				URL:                 x.ParseURLOrPanic("http://localhost"),
 				Method:              "GET",
+				Header:              TestHeader,
 			},
 		},
 		{
@@ -491,6 +494,7 @@ func TestInitializeSession(t *testing.T) {
 				RegexpCaptureGroups: []string{"user"},
 				URL:                 x.ParseURLOrPanic("http://localhost/user"),
 				Method:              "GET",
+				Header:              TestHeader,
 			},
 		},
 		{
@@ -504,6 +508,7 @@ func TestInitializeSession(t *testing.T) {
 				RegexpCaptureGroups: []string{"user"},
 				URL:                 x.ParseURLOrPanic("http://localhost/user?param=test"),
 				Method:              "GET",
+				Header:              TestHeader,
 			},
 		},
 		{
@@ -517,6 +522,7 @@ func TestInitializeSession(t *testing.T) {
 				RegexpCaptureGroups: []string{"http", "user"},
 				URL:                 x.ParseURLOrPanic("http://localhost/user?param=test"),
 				Method:              "GET",
+				Header:              TestHeader,
 			},
 		},
 		{
@@ -530,6 +536,7 @@ func TestInitializeSession(t *testing.T) {
 				RegexpCaptureGroups: []string{},
 				URL:                 x.ParseURLOrPanic("http://localhost/user?param=test"),
 				Method:              "GET",
+				Header:              TestHeader,
 			},
 		},
 	} {
@@ -549,6 +556,7 @@ func TestInitializeSession(t *testing.T) {
 			session := reg.ProxyRequestHandler().InitializeAuthnSession(tc.r, &rule)
 
 			assert.NotNil(t, session)
+			assert.NotNil(t, session.MatchContext.Header)
 			assert.EqualValues(t, tc.expectContext, session.MatchContext)
 		})
 	}

diff --git a/rule/repository_test.go b/rule/repository_test.go
@@ -28,11 +28,12 @@ import (
 	"github.com/bxcodec/faker"
 	_ "github.com/go-sql-driver/mysql"
 	_ "github.com/lib/pq"
-	"github.com/ory/x/healthx"
 	"github.com/pkg/errors"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 
+	"github.com/ory/x/healthx"
+
 	"github.com/ory/x/logrusx"
 
 	"github.com/ory/x/sqlcon/dockertest"