Improve docker images

29e0a6a9 · Janne Mareike Koschinski · ce3ff1a2 · 29e0a6a9 · 29e0a6a9
Verified Commit 29e0a6a9 authored 5 years ago by Janne Mareike Koschinski
--- a/Dockerfile
+++ b/Dockerfile
 FROM golang:alpine as go_builder

-RUN apk add --no-cache curl git gcc musl-dev
-RUN curl https://glide.sh/get | sh
+RUN apk add --no-cache musl-dev

 WORKDIR /go/src/app
 COPY *.go go.* ./
 RUN go mod download
 RUN CGO_ENABLED=false go build -o app .

-FROM alpine:3.10
-RUN apk add --no-cache ca-certificates
+FROM gcr.io/distroless/static
 WORKDIR /
 COPY --from=go_builder /go/src/app/app /app
 COPY templates /templates

--- a/middleware.go
+++ b/middleware.go
@@ -97,6 +97,21 @@ func (r *oauthProxy) loggingMiddleware(next http.Handler) http.Handler {
 	})
 }

+// requestHeaderSanitizingMiddleware is responsible for sanitizing the request headers
+func (r *oauthProxy) requestHeaderSanitizingMiddleware() func(http.Handler) http.Handler {
+	return func(next http.Handler) http.Handler {
+		return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
+			for k := range req.Header {
+				if strings.HasPrefix(strings.ToLower(k), "x-auth") {
+					req.Header.Del(k)
+				}
+			}
+
+			next.ServeHTTP(w, req)
+		})
+	}
+}
+
 // authenticationMiddleware is responsible for verifying the access token
 func (r *oauthProxy) authenticationMiddleware(whitelisted bool) func(http.Handler) http.Handler {
 	return func(next http.Handler) http.Handler {