From 29e0a6a973478fbec7ec9d6d690c32380b8d8ec4 Mon Sep 17 00:00:00 2001 From: Janne Koschinski <janne@kuschku.de> Date: Tue, 12 Nov 2019 14:50:28 +0100 Subject: [PATCH] Improve docker images --- Dockerfile | 6 ++---- middleware.go | 15 +++++++++++++++ 2 files changed, 17 insertions(+), 4 deletions(-) diff --git a/Dockerfile b/Dockerfile index 2994417..1f5c5d0 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,15 +1,13 @@ FROM golang:alpine as go_builder -RUN apk add --no-cache curl git gcc musl-dev -RUN curl https://glide.sh/get | sh +RUN apk add --no-cache musl-dev WORKDIR /go/src/app COPY *.go go.* ./ RUN go mod download RUN CGO_ENABLED=false go build -o app . -FROM alpine:3.10 -RUN apk add --no-cache ca-certificates +FROM gcr.io/distroless/static WORKDIR / COPY --from=go_builder /go/src/app/app /app COPY templates /templates diff --git a/middleware.go b/middleware.go index 9b0d0ec..2ec0141 100644 --- a/middleware.go +++ b/middleware.go @@ -97,6 +97,21 @@ func (r *oauthProxy) loggingMiddleware(next http.Handler) http.Handler { }) } +// requestHeaderSanitizingMiddleware is responsible for sanitizing the request headers +func (r *oauthProxy) requestHeaderSanitizingMiddleware() func(http.Handler) http.Handler { + return func(next http.Handler) http.Handler { + return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) { + for k := range req.Header { + if strings.HasPrefix(strings.ToLower(k), "x-auth") { + req.Header.Del(k) + } + } + + next.ServeHTTP(w, req) + }) + } +} + // authenticationMiddleware is responsible for verifying the access token func (r *oauthProxy) authenticationMiddleware(whitelisted bool) func(http.Handler) http.Handler { return func(next http.Handler) http.Handler { -- GitLab