feat(config): add forward endpoint type option

Author: mmalenic

htsget-config/README.md

@@ -430,11 +430,12 @@ The authorization server should respond with a rule set that htsget-rs can use t
 
 The following additional options can be configured under the `auth` table to enable this:
 
-| Option              | Description                                                                                                                                                                                                    | Type                  | Default  |
-|---------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------|----------|
-| `authorization_url` | The URL which will be called to authorize the user. A GET request will be issued to the url. Alternatively, this can be a file path to authorize users based on static config.                                 | URL                   | Not set. |
-| `forward_headers`   | For each header specified, forward any headers from the client to the authorization server. Headers are forwarded with the `Htsget-Context-` as a prefix.                                                      | Array of header names | Not set. |
-| `passthrough_auth`  | Forward the authorization header to the authorization server directly without renaming it to a `Htsget-Context-` custom header. If this is true, then the `Authorization` header is required with the request. | Boolean               | `false`  |
+| Option                  | Description                                                                                                                                                                                                                                   | Type                  | Default  |
+|-------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------|----------|
+| `authorization_url`     | The URL which will be called to authorize the user. A GET request will be issued to the url. Alternatively, this can be a file path to authorize users based on static config.                                                                | URL                   | Not set. |
+| `forward_headers`       | For each header specified, forward any headers from the client to the authorization server. Headers are forwarded with the `Htsget-Context-` as a prefix.                                                                                     | Array of header names | Not set. |
+| `forward_endpoint_type` | Forwards the type of endpoint that the request used in a header called `Htsget-Context-Endpoint-Type`. The value of this header will either be `reads` or `variants`, depending on whether the user requested the reads or variants endpoint. | Boolean               | `false`  |
+| `passthrough_auth`      | Forward the authorization header to the authorization server directly without renaming it to a `Htsget-Context-` custom header. If this is true, then the `Authorization` header is required with the request.                                | Boolean               | `false`  |
 
 When using the `authorization_url`, the [authentication](#jwt-authentication) config must also be set as htsget-rs will
 forward the JWT token to the authorization server so that it can make decisions about the user's authorization. If the

htsget-config/docs/examples/auth.toml

@@ -22,6 +22,8 @@ authorization_url = "https://www.example.com/authorize"
 passthrough_auth = true
 ## Any headers to forward
 #forward_headers = ["Content-Type"]
+## Forward the endpoint type to the auth service.
+#forward_endpoint_type = true
 
 ## Set client authentication
 #http.key = "key.pem"

htsget-config/src/config/advanced/auth/authorization.rs

@@ -38,7 +38,7 @@ impl<'de> Deserialize<'de> for UrlOrStatic {
 }
 
 /// The extensions to pass through to the authorization server from http request extensions.
-#[derive(Serialize, Deserialize, Debug, Clone)]
+#[derive(Serialize, Deserialize, Debug, Clone, Eq, PartialEq)]
 #[serde(deny_unknown_fields)]
 pub struct ForwardExtensions {
   json_path: String,

htsget-config/src/config/advanced/auth/mod.rs

@@ -28,6 +28,7 @@ pub struct AuthConfig {
   validate_subject: Option<String>,
   authorization_url: Option<UrlOrStatic>,
   forward_headers: Vec<String>,
+  forward_endpoint_type: bool,
   passthrough_auth: bool,
   forward_extensions: Vec<ForwardExtensions>,
   http_client: HttpClient,
@@ -95,6 +96,11 @@ impl AuthConfig {
     self.forward_headers.as_slice()
   }
 
+  /// Get whether to forward the endpoint type of the request.
+  pub fn forward_endpoint_type(&self) -> bool {
+    self.forward_endpoint_type
+  }
+
   /// Get whether to pass through the auth header.
   pub fn passthrough_auth(&self) -> bool {
     self.passthrough_auth
@@ -126,6 +132,7 @@ pub struct AuthConfigBuilder {
   validate_subject: Option<String>,
   authorization_url: Option<UrlOrStatic>,
   forward_headers: Vec<String>,
+  forward_endpoint_type: bool,
   passthrough_auth: bool,
   forward_extensions: Vec<ForwardExtensions>,
   #[serde(rename = "http", alias = "tls", skip_serializing)]
@@ -193,6 +200,12 @@ impl AuthConfigBuilder {
     self
   }
 
+  /// Set whether to forward the endpoint type.
+  pub fn forward_endpoint_type(mut self, forward_endpoint_type: bool) -> Self {
+    self.forward_endpoint_type = forward_endpoint_type;
+    self
+  }
+
   /// Set whether to pass through auth.
   pub fn passthrough_auth(mut self, passthrough_auth: bool) -> Self {
     self.passthrough_auth = passthrough_auth;
@@ -214,6 +227,7 @@ impl AuthConfigBuilder {
       validate_subject: self.validate_subject,
       authorization_url: self.authorization_url,
       forward_headers: self.forward_headers,
+      forward_endpoint_type: self.forward_endpoint_type,
       passthrough_auth: self.passthrough_auth,
       forward_extensions: self.forward_extensions,
       http_client: self
@@ -239,6 +253,7 @@ impl Default for AuthConfigBuilder {
       validate_subject: None,
       authorization_url,
       forward_headers: vec![],
+      forward_endpoint_type: false,
       passthrough_auth: false,
       forward_extensions: vec![],
       http_client: None,
@@ -376,6 +391,10 @@ mod tests {
       validate_issuer = ["iss1"]
       validate_subject = "sub"
       authorization_url = "https://www.example.com"
+      passthrough_auth = true
+      forward_headers = ["header"]
+      forward_endpoint_type = true
+      forward_extensions = [ { json_path = '$.extension', name = 'Extension'} ]
       "#,
     )
     .unwrap();
@@ -396,6 +415,20 @@ mod tests {
       config.authorization_url().unwrap(),
       &UrlOrStatic::Url("https://www.example.com".parse::<Uri>().unwrap())
     );
+    assert!(
+      config.passthrough_auth()
+    );
+    assert_eq!(
+      config.forward_headers(),
+      ["header".to_string()]
+    );
+    assert!(
+      config.forward_endpoint_type()
+    );
+    assert_eq!(
+      config.forward_extensions(),
+      [ForwardExtensions::new("$.extension".to_string(), "Extension".to_string())]
+    );
   }
 
   #[cfg(feature = "experimental")]