feat: make UserNameClaim configurable (#67)

aaronschweig · web-flow · commit 2a0015373afc · 2025-02-10T09:56:58.000+01:00
Signed-off-by: aaronschweig &lt;aaron.schweig@gmail.com&gt;
diff --git a/gateway/config/config.go b/gateway/config/config.go
@@ -14,6 +14,7 @@ type Config struct {
 	LogLevel         string `envconfig:"default=INFO,optional"`
 	LocalDevelopment bool   `envconfig:"default=false,optional"`
 	HandlerCfg       HandlerConfig
+	UserNameClaim    string `envconfig:"default=email,optional"`
 }
 
 type HandlerConfig struct {
diff --git a/gateway/manager/manager.go b/gateway/manager/manager.go
@@ -65,7 +65,7 @@ func NewManager(log *logger.Logger, cfg *rest.Config, appCfg appConfig.Config) (
 	cfg.Host = fmt.Sprintf("%s://%s", u.Scheme, u.Host)
 
 	cfg.Wrap(func(rt http.RoundTripper) http.RoundTripper {
-		return NewRoundTripper(log, rt)
+		return NewRoundTripper(log, rt, appCfg.UserNameClaim)
 	})
 
 	runtimeClient, err := kcp.NewClusterAwareClientWithWatch(cfg, client.Options{})
diff --git a/gateway/manager/roundtripper.go b/gateway/manager/roundtripper.go
@@ -11,14 +11,16 @@ import (
 type TokenKey struct{}
 
 type roundTripper struct {
-	log  *logger.Logger
-	base http.RoundTripper // TODO change to awareBaseHttp
+	userClaim string
+	log       *logger.Logger
+	base      http.RoundTripper // TODO change to awareBaseHttp
 }
 
-func NewRoundTripper(log *logger.Logger, base http.RoundTripper) http.RoundTripper {
+func NewRoundTripper(log *logger.Logger, base http.RoundTripper, userNameClaim string) http.RoundTripper {
 	return &roundTripper{
-		log:  log,
-		base: base,
+		log:       log,
+		base:      base,
+		userClaim: userNameClaim,
 	}
 }
 
@@ -36,8 +38,20 @@ func (rt *roundTripper) RoundTrip(req *http.Request) (*http.Response, error) {
 		return rt.base.RoundTrip(req)
 	}
 
+	userNameRaw, ok := claims[rt.userClaim]
+	if !ok {
+		rt.log.Debug().Msg("No user claim found in token")
+		return rt.base.RoundTrip(req)
+	}
+
+	userName, ok := userNameRaw.(string)
+	if !ok {
+		rt.log.Debug().Msg("User claim is not a string")
+		return rt.base.RoundTrip(req)
+	}
+
 	t := transport.NewImpersonatingRoundTripper(transport.ImpersonationConfig{
-		UserName: claims["email"].(string),
+		UserName: userName,
 	}, rt.base)
 
 	return t.RoundTrip(req)

Original file line number	Diff line number	Diff line change
`@@ -14,6 +14,7 @@ type Config struct {`
`14`	`14`	LogLevel string `envconfig:"default=INFO,optional"`
`15`	`15`	LocalDevelopment bool `envconfig:"default=false,optional"`
`16`	`16`	`HandlerCfg HandlerConfig`
	`17`	+ UserNameClaim string `envconfig:"default=email,optional"`
`17`	`18`	`}`
`18`	`19`
`19`	`20`	`type HandlerConfig struct {`