From 29e0a6a973478fbec7ec9d6d690c32380b8d8ec4 Mon Sep 17 00:00:00 2001
From: Janne Koschinski <janne@kuschku.de>
Date: Tue, 12 Nov 2019 14:50:28 +0100
Subject: [PATCH] Improve docker images

---
 Dockerfile    |  6 ++----
 middleware.go | 15 +++++++++++++++
 2 files changed, 17 insertions(+), 4 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 2994417..1f5c5d0 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,15 +1,13 @@
 FROM golang:alpine as go_builder
 
-RUN apk add --no-cache curl git gcc musl-dev
-RUN curl https://glide.sh/get | sh
+RUN apk add --no-cache musl-dev
 
 WORKDIR /go/src/app
 COPY *.go go.* ./
 RUN go mod download
 RUN CGO_ENABLED=false go build -o app .
 
-FROM alpine:3.10
-RUN apk add --no-cache ca-certificates
+FROM gcr.io/distroless/static
 WORKDIR /
 COPY --from=go_builder /go/src/app/app /app
 COPY templates /templates
diff --git a/middleware.go b/middleware.go
index 9b0d0ec..2ec0141 100644
--- a/middleware.go
+++ b/middleware.go
@@ -97,6 +97,21 @@ func (r *oauthProxy) loggingMiddleware(next http.Handler) http.Handler {
 	})
 }
 
+// requestHeaderSanitizingMiddleware is responsible for sanitizing the request headers
+func (r *oauthProxy) requestHeaderSanitizingMiddleware() func(http.Handler) http.Handler {
+	return func(next http.Handler) http.Handler {
+		return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
+			for k := range req.Header {
+				if strings.HasPrefix(strings.ToLower(k), "x-auth") {
+					req.Header.Del(k)
+				}
+			}
+
+			next.ServeHTTP(w, req)
+		})
+	}
+}
+
 // authenticationMiddleware is responsible for verifying the access token
 func (r *oauthProxy) authenticationMiddleware(whitelisted bool) func(http.Handler) http.Handler {
 	return func(next http.Handler) http.Handler {
-- 
GitLab