feat: Extract Credential from 'authorization' header and set it as 'A… (#93)

dmaizel · web-flow · commit b6a44523c6f6 · 2025-02-02T18:33:14.000+02:00
diff --git a/charts/internal-gateway/files/conf.d/s3-gateway.conf b/charts/internal-gateway/files/conf.d/s3-gateway.conf
@@ -32,6 +32,10 @@ server {
         proxy_read_timeout 60s;
         proxy_send_timeout 60s;
 
+        js_set $auth_header auth.setAuthHeader;
+
+        proxy_set_header Authorization $auth_header;
+
         proxy_pass http://{{ index $vals "codefresh" "serviceEndpoints" "cfapi-auth" "svc" }}:{{ index $vals "codefresh" "serviceEndpoints" "cfapi-auth" "port" }};
     }
 }
diff --git a/charts/internal-gateway/files/njs/auth.js b/charts/internal-gateway/files/njs/auth.js
@@ -2,9 +2,21 @@ function account_name(r) {
     const auth_entity = r.variables["auth_entity"];
     const b64decoded = Buffer.from(auth_entity, 'base64');
     const json = JSON.parse(b64decoded);
-    const account_name = json.authenticatedEntity.activeAccount.name;
+    const account_name = json.activeAccount.name;
 
     return account_name;
 }
 
-export default {account_name};
+function setAuthHeader(r) {
+    let auth = r.headersIn['authorization'];
+    if (auth) {
+        // Look for the pattern: Credential=<value>/...
+        let matches = auth.match(/Credential=([^\/]+)\//);
+        if (matches && matches.length > 1) {
+            return matches[1];
+        }
+    }
+    return "";
+}
+
+export default { account_name, setAuthHeader };

Original file line number	Diff line number	Diff line change
`@@ -32,6 +32,10 @@ server {`
`32`	`32`	`proxy_read_timeout 60s;`
`33`	`33`	`proxy_send_timeout 60s;`
`34`	`34`
	`35`	`+ js_set $auth_header auth.setAuthHeader;`
	`36`	`+`
	`37`	`+ proxy_set_header Authorization $auth_header;`
	`38`	`+`
`35`	`39`	`proxy_pass http://{{ index $vals "codefresh" "serviceEndpoints" "cfapi-auth" "svc" }}:{{ index $vals "codefresh" "serviceEndpoints" "cfapi-auth" "port" }};`
`36`	`40`	`}`
`37`	`41`	`}`