Support Webservice-less CheckRequest calls (#59)

* feat: Support Webservice-less CheckRequest calls

* Using camelCase for Webservice-less context instead of kebab-case

* Fix readRequestContext when wsvc=none

Author: SamMHD

pkg/auth/authenticator.go

@@ -6,6 +6,7 @@ import (
 	"net/http"
 	"net/url"
 	"os"
+	"strconv"
 	"strings"
 	"sync"
 	"time"
@@ -168,6 +169,11 @@ func (a *Authenticator) Check(ctx context.Context, request *Request) (finalRespo
 	ctx, span := startSpan(ctx, request.Request, wsvc, ns)
 	defer endSpan(span, start_time, finalResponse, reason)
 
+	if wsvc == "none" {
+		reason, headers := a.CheckWebserviceless(ctx, request)
+		return generateResponse(reason, headers), nil
+	}
+
 	if reason != "" {
 		return generateResponse(reason, nil), nil
 	}
@@ -202,6 +208,50 @@ func (a *Authenticator) Check(ctx context.Context, request *Request) (finalRespo
 	return
 }
 
+func (a *Authenticator) CheckWebserviceless(ctx context.Context, request *Request) (CerberusReason, ExtraHeaders) {
+	wsvc, reason := wsvcForWebservicelessRequest(request)
+	if reason != "" {
+		return reason, nil
+	}
+
+	var extraHeaders ExtraHeaders
+	reason = a.checkServiceUpstreamAuth(wsvc, request, &extraHeaders, ctx)
+	return reason, extraHeaders
+}
+
+func wsvcForWebservicelessRequest(request *Request) (WebservicesCacheEntry, CerberusReason) {
+	if request.Context["authURL"] == "" {
+		return WebservicesCacheEntry{}, CerberusReasonWebservicelessAuthURLEmpty
+	}
+
+	readTokenFrom := request.Context["readTokenFrom"]
+	if readTokenFrom == "" {
+		readTokenFrom = "Authorization"
+	}
+	writeTokenTo := request.Context["writeTokenTo"]
+	if writeTokenTo == "" {
+		writeTokenTo = "Authorization"
+	}
+	timeout, err := strconv.Atoi(request.Context["timeout"])
+	if err != nil {
+		timeout = 200
+	}
+
+	return WebservicesCacheEntry{
+		WebService: v1alpha1.WebService{
+			Spec: v1alpha1.WebServiceSpec{
+				UpstreamHttpAuth: v1alpha1.UpstreamHttpAuthService{
+					Address:       request.Context["authURL"],
+					ReadTokenFrom: readTokenFrom,
+					WriteTokenTo:  writeTokenTo,
+					Timeout:       timeout,
+					CareHeaders:   strings.Split(request.Context["careHeaders"], ","),
+				},
+			},
+		},
+	}, ""
+}
+
 // startSpan starts span for Check Function
 func startSpan(ctx context.Context, request http.Request, wsvc string, ns string) (context.Context, trace.Span) {
 	parentCtx := tracing.ReadParentSpanFromRequest(ctx, request)
@@ -255,6 +305,10 @@ func readRequestContext(request *Request) (wsvc string, ns string, reason Cerber
 		return "", "", CerberusReasonWebserviceEmpty
 	}
 
+	if wsvc == "none" {
+		return wsvc, "", ""
+	}
+
 	ns = request.Context["namespace"]
 	if ns == "" {
 		return "", "", CerberusReasonWebserviceNamespaceEmpty

pkg/auth/cerberus_reasons.go

@@ -104,4 +104,7 @@ const (
 	// CerberusReasonUpstreamAuthServiceIsOverloaded indicates that the upstream authentication service
 	// is currently overloaded and unable to process new requests
 	CerberusReasonUpstreamAuthServiceIsOverloaded CerberusReason = "upstream-auth-service-is-overloaded"
+
+	// CerberusReasonWebservicelessAuthURLEmpty means that the webserviceless request does not contain an auth url
+	CerberusReasonWebservicelessAuthURLEmpty CerberusReason = "webserviceless-auth-url-empty"
 )