feat: add withJWT client option (#1682)

Codelax · web-flow · commit fbb629297e85 · 2023-05-09T10:12:00.000Z
diff --git a/internal/auth/auth.go b/internal/auth/auth.go
@@ -12,3 +12,18 @@ type Auth interface {
 	// This method could be use for logging purpose.
 	AnonymizedHeaders() http.Header
 }
+
+type headerAnonymizer func(header http.Header) http.Header
+
+var headerAnonymizers = []headerAnonymizer{
+	AnonymizeTokenHeaders,
+	AnonymizeJWTHeaders,
+}
+
+func AnonymizeHeaders(headers http.Header) http.Header {
+	for _, anonymizer := range headerAnonymizers {
+		headers = anonymizer(headers)
+	}
+
+	return headers
+}
diff --git a/internal/auth/jwt.go b/internal/auth/jwt.go
@@ -0,0 +1,55 @@
+package auth
+
+import (
+	"net/http"
+	"strings"
+)
+
+// JWT is the session token used in browser.
+type JWT struct {
+	Token string
+}
+
+// XSessionTokenHeader is Scaleway auth header for browser
+const XSessionTokenHeader = "x-session-token" // #nosec G101
+
+// NewJWT create a token authentication from a jwt
+func NewJWT(token string) *JWT {
+	return &JWT{Token: token}
+}
+
+// Headers returns headers that must be added to the http request
+func (j *JWT) Headers() http.Header {
+	headers := http.Header{}
+	headers.Set(XSessionTokenHeader, j.Token)
+	return headers
+}
+
+func AnonymizeJWTHeaders(headers http.Header) http.Header {
+	token := headers.Get(XSessionTokenHeader)
+
+	if token != "" {
+		headers.Set(XSessionTokenHeader, HideJWT(token))
+	}
+
+	return headers
+}
+
+// AnonymizedHeaders returns an anonymized version of Headers()
+// This method could be used for logging purpose.
+func (j *JWT) AnonymizedHeaders() http.Header {
+	return AnonymizeJWTHeaders(j.Headers())
+}
+
+func HideJWT(token string) string {
+	if len(token) == 0 {
+		return ""
+	}
+	// token should be (header).(payload).(signature)
+	lastDot := strings.LastIndex(token, ".")
+	if lastDot != -1 {
+		token = token[:lastDot]
+	}
+
+	return token
+}
diff --git a/scw/client_option.go b/scw/client_option.go
@@ -38,6 +38,13 @@ func WithAuth(accessKey, secretKey string) ClientOption {
 	}
 }
 
+// WithJWT client option sets the client session token.
+func WithJWT(token string) ClientOption {
+	return func(s *settings) {
+		s.token = auth.NewJWT(token)
+	}
+}
+
 // WithAPIURL client option overrides the API URL of the Scaleway API to the given URL.
 func WithAPIURL(apiURL string) ClientOption {
 	return func(s *settings) {
diff --git a/scw/transport.go b/scw/transport.go
@@ -22,7 +22,7 @@ func (l *requestLoggerTransport) RoundTrip(request *http.Request) (*http.Respons
 	originalHeaders := request.Header
 
 	// Get anonymized headers
-	request.Header = auth.AnonymizeTokenHeaders(request.Header.Clone())
+	request.Header = auth.AnonymizeHeaders(request.Header.Clone())
 
 	dump, err := httputil.DumpRequestOut(request, true)
 	if err != nil {

Original file line number	Diff line number	Diff line change
`@@ -38,6 +38,13 @@ func WithAuth(accessKey, secretKey string) ClientOption {`
`38`	`38`	`}`
`39`	`39`	`}`
`40`	`40`
	`41`	`+// WithJWT client option sets the client session token.`
	`42`	`+func WithJWT(token string) ClientOption {`
	`43`	`+ return func(s *settings) {`
	`44`	`+ s.token = auth.NewJWT(token)`
	`45`	`+ }`
	`46`	`+}`
	`47`	`+`
`41`	`48`	`// WithAPIURL client option overrides the API URL of the Scaleway API to the given URL.`
`42`	`49`	`func WithAPIURL(apiURL string) ClientOption {`
`43`	`50`	`return func(s *settings) {`