From 92d99e12be573089f0be38aa5b56535a5392047b Mon Sep 17 00:00:00 2001
From: Rohith <gambol99@gmail.com>
Date: Tue, 16 Jan 2018 18:14:39 +0000
Subject: [PATCH] Custom Authentication Prefix

- Adding the ability to change the prefix of the authentication headers prefix passed to upstream endpoint
---
 config.go      |  1 +
 doc.go         |  2 ++
 middleware.go  | 19 ++++++++++---------
 server_test.go |  1 +
 4 files changed, 14 insertions(+), 9 deletions(-)

diff --git a/config.go b/config.go
index d55e318..d220cfd 100644
--- a/config.go
+++ b/config.go
@@ -28,6 +28,7 @@ import (
 func newDefaultConfig() *Config {
 	return &Config{
 		AccessTokenDuration:         time.Duration(720) * time.Hour,
+		AuthHeaderPrefix:            "X-Auth-",
 		CookieAccessName:            "kc-access",
 		CookieRefreshName:           "kc-state",
 		EnableAuthorizationHeader:   true,
diff --git a/doc.go b/doc.go
index 868ef70..1d7c548 100644
--- a/doc.go
+++ b/doc.go
@@ -136,6 +136,8 @@ type Config struct {
 	Resources []*Resource `json:"resources" yaml:"resources" usage:"list of resources 'uri=/admin|methods=GET,PUT|roles=role1,role2'"`
 	// Headers permits adding customs headers across the board
 	Headers map[string]string `json:"headers" yaml:"headers" usage:"custom headers to the upstream request, key=value"`
+	// AuthHeaderPrefix is the authentication headers passed through to upstream endpoint
+	AuthHeaderPrefix string `json:"auth-header-prefix" yaml:"auth-header-prefix" usage:"the prefix added the authentication headers"`
 
 	// EnableEncryptedToken indicates the access token should be encoded
 	EnableEncryptedToken bool `json:"enable-encrypted-token" yaml:"enable-encrypted-token" usage:"enable encryption for the access tokens"`
diff --git a/middleware.go b/middleware.go
index e39c1b6..3787318 100644
--- a/middleware.go
+++ b/middleware.go
@@ -23,8 +23,9 @@ import (
 	"strings"
 	"time"
 
-	"github.com/PuerkitoBio/purell"
 	"github.com/gambol99/go-oidc/jose"
+
+	"github.com/PuerkitoBio/purell"
 	"github.com/go-chi/chi/middleware"
 	"github.com/prometheus/client_golang/prometheus"
 	"github.com/unrolled/secure"
@@ -334,17 +335,17 @@ func (r *oauthProxy) headersMiddleware(custom []string) func(http.Handler) http.
 			scope := req.Context().Value(contextScopeName).(*RequestScope)
 			if scope.Identity != nil {
 				user := scope.Identity
-				req.Header.Set("X-Auth-Email", user.email)
-				req.Header.Set("X-Auth-ExpiresIn", user.expiresAt.String())
-				req.Header.Set("X-Auth-Groups", strings.Join(user.groups, ","))
-				req.Header.Set("X-Auth-Roles", strings.Join(user.roles, ","))
-				req.Header.Set("X-Auth-Subject", user.id)
-				req.Header.Set("X-Auth-Userid", user.name)
-				req.Header.Set("X-Auth-Username", user.name)
+				req.Header.Set(fmt.Sprintf("%sEmail", r.config.AuthHeaderPrefix), user.email)
+				req.Header.Set(fmt.Sprintf("%sExpiresIn", r.config.AuthHeaderPrefix), user.expiresAt.String())
+				req.Header.Set(fmt.Sprintf("%sGroups", r.config.AuthHeaderPrefix), strings.Join(user.groups, ","))
+				req.Header.Set(fmt.Sprintf("%sRoles", r.config.AuthHeaderPrefix), strings.Join(user.roles, ","))
+				req.Header.Set(fmt.Sprintf("%sSubject", r.config.AuthHeaderPrefix), user.id)
+				req.Header.Set(fmt.Sprintf("%sUserid", r.config.AuthHeaderPrefix), user.name)
+				req.Header.Set(fmt.Sprintf("%sUsername", r.config.AuthHeaderPrefix), user.name)
 
 				// should we add the token header?
 				if r.config.EnableTokenHeader {
-					req.Header.Set("X-Auth-Token", user.token.Encode())
+					req.Header.Set(fmt.Sprintf("%sToken", r.config.AuthHeaderPrefix), user.token.Encode())
 				}
 				// add the authorization header if requested
 				if r.config.EnableAuthorizationHeader {
diff --git a/server_test.go b/server_test.go
index 584df41..22a4bb3 100644
--- a/server_test.go
+++ b/server_test.go
@@ -398,6 +398,7 @@ func newFakeHTTPRequest(method, path string) *http.Request {
 
 func newFakeKeycloakConfig() *Config {
 	return &Config{
+		AuthHeaderPrefix:           "X-Auth-",
 		ClientID:                   fakeClientID,
 		ClientSecret:               fakeSecret,
 		CookieAccessName:           "kc-access",
-- 
GitLab