feat(http): implement the forward id logic

mmalenic · mmalenic · commit f6226cc0fc4b · 2025-10-27T12:40:27.000+11:00
diff --git a/htsget-config/README.md b/htsget-config/README.md
@@ -430,13 +430,13 @@ The authorization server should respond with a rule set that htsget-rs can use t
 
 The following additional options can be configured under the `auth` table to enable this:
 
-| Option                  | Description                                                                                                                                                                                                                                                          | Type                  | Default  |
-|-------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------|----------|
-| `authorization_url`     | The URL which will be called to authorize the user. A GET request will be issued to the url. Alternatively, this can be a file path to authorize users based on static config.                                                                                       | URL                   | Not set. |
-| `forward_headers`       | For each header specified, forward any headers from the client to the authorization server. Headers are forwarded with the `Htsget-Context-` as a prefix.                                                                                                            | Array of header names | Not set. |
-| `forward_endpoint_type` | Forwards the type of endpoint that the request used in a header called `Htsget-Context-Endpoint-Type`. The value of this header will either be `reads` or `variants`, depending on whether the user requested the reads or variants endpoint.                        | Boolean               | `false`  |
-| `forward_id`            | Forwards the id of the request in a header called `Htsget-Context-Id`. The value of this header will be request path without the `/reads` or `/variants` component. For example, if a request path is `/reads/<id>`, this header will have the same value as `<id>`. | Boolean               | `false`  |
-| `passthrough_auth`      | Forward the authorization header to the authorization server directly without renaming it to a `Htsget-Context-` custom header. If this is true, then the `Authorization` header is required with the request.                                                       | Boolean               | `false`  |
+| Option                  | Description                                                                                                                                                                                                                                                            | Type                  | Default  |
+|-------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------|----------|
+| `authorization_url`     | The URL which will be called to authorize the user. A GET request will be issued to the url. Alternatively, this can be a file path to authorize users based on static config.                                                                                         | URL                   | Not set. |
+| `forward_headers`       | For each header specified, forward any headers from the client to the authorization server. Headers are forwarded with the `Htsget-Context-` as a prefix.                                                                                                              | Array of header names | Not set. |
+| `forward_endpoint_type` | Forwards the type of endpoint that the request used in a header called `Htsget-Context-Endpoint-Type`. The value of this header will either be `reads` or `variants`, depending on whether the user requested the reads or variants endpoint.                          | Boolean               | `false`  |
+| `forward_id`            | Forwards the id of the request in a header called `Htsget-Context-Id`. The value of this header will be request path without the `/reads/` or `/variants/` component. For example, if a request path is `/reads/<id>`, this header will have the same value as `<id>`. | Boolean               | `false`  |
+| `passthrough_auth`      | Forward the authorization header to the authorization server directly without renaming it to a `Htsget-Context-` custom header. If this is true, then the `Authorization` header is required with the request.                                                         | Boolean               | `false`  |
 
 When using the `authorization_url`, the [authentication](#jwt-authentication) config must also be set as htsget-rs will
 forward the JWT token to the authorization server so that it can make decisions about the user's authorization. If the
diff --git a/htsget-config/src/config/advanced/auth/mod.rs b/htsget-config/src/config/advanced/auth/mod.rs
@@ -213,7 +213,7 @@ impl AuthConfigBuilder {
     self
   }
 
-  /// Set whether to forward the id
+  /// Set whether to forward the id.
   pub fn forward_id(mut self, forward_id: bool) -> Self {
     self.forward_id = forward_id;
     self
diff --git a/htsget-http/src/middleware/auth.rs b/htsget-http/src/middleware/auth.rs
@@ -72,7 +72,8 @@ impl Debug for Auth {
 }
 
 const FORWARD_HEADER_PREFIX: &str = "Htsget-Context-";
-const ENDPOINT_TYPE_NAME: &str = "Endpoint-Type";
+const ENDPOINT_TYPE_HEADER_NAME: &str = "Endpoint-Type";
+const ID_HEADER_NAME: &str = "Id";
 
 impl Auth {
   /// Get the config for this auth layer instance.
@@ -136,6 +137,7 @@ impl Auth {
     request_headers: &HeaderMap,
     request_extensions: Option<Value>,
     request_endpoint: &Endpoint,
+    id: &str,
   ) -> HtsGetResult<HeaderMap> {
     let mut forwarded_headers = if self.config.passthrough_auth() {
       let auth_header = request_headers
@@ -195,13 +197,23 @@ impl Auth {
     }
 
     if self.config.forward_endpoint_type() {
-      let header_name =
-        HeaderName::from_str(&format!("{}{}", FORWARD_HEADER_PREFIX, ENDPOINT_TYPE_NAME))?;
+      let header_name = HeaderName::from_str(&format!(
+        "{}{}",
+        FORWARD_HEADER_PREFIX, ENDPOINT_TYPE_HEADER_NAME
+      ))?;
       let value = HeaderValue::from_str(&request_endpoint.to_string())?;
 
       forwarded_headers.insert(header_name, value);
     }
 
+    if self.config.forward_id() {
+      let header_name =
+        HeaderName::from_str(&format!("{}{}", FORWARD_HEADER_PREFIX, ID_HEADER_NAME))?;
+      let value = HeaderValue::from_str(id)?;
+
+      forwarded_headers.insert(header_name, value);
+    }
+
     Ok(forwarded_headers)
   }
 
@@ -213,11 +225,12 @@ impl Auth {
     headers: &HeaderMap,
     request_extensions: Option<Value>,
     request_endpoint: &Endpoint,
+    id: &str,
   ) -> HtsGetResult<Option<AuthorizationRestrictions>> {
     match self.config.authorization_url() {
       Some(UrlOrStatic::Url(uri)) => {
         let forwarded_headers =
-          self.forwarded_headers(headers, request_extensions, request_endpoint)?;
+          self.forwarded_headers(headers, request_extensions, request_endpoint, id)?;
 
         self
           .fetch_from_url(&uri.to_string(), forwarded_headers)
@@ -421,7 +434,7 @@ impl Auth {
     endpoint: &Endpoint,
   ) -> HtsGetResult<Option<AuthorizationRestrictions>> {
     let restrictions = self
-      .query_authorization_service(headers, request_extensions, endpoint)
+      .query_authorization_service(headers, request_extensions, endpoint, path)
       .await?;
 
     if let Some(restrictions) = restrictions {
@@ -613,7 +626,7 @@ mod tests {
       ("Custom2".parse().unwrap(), "Value".parse().unwrap()),
     ]);
     let forwarded_headers = result
-      .forwarded_headers(&request_headers, None, &Endpoint::Reads)
+      .forwarded_headers(&request_headers, None, &Endpoint::Reads, "id")
       .unwrap();
     assert_eq!(
       forwarded_headers,
@@ -638,7 +651,7 @@ mod tests {
     let result = AuthBuilder::default().with_config(config).build().unwrap();
 
     let forwarded_headers = result
-      .forwarded_headers(&request_headers, None, &Endpoint::Reads)
+      .forwarded_headers(&request_headers, None, &Endpoint::Reads, "id")
       .unwrap();
     assert_eq!(
       forwarded_headers,
@@ -668,7 +681,7 @@ mod tests {
     let result = AuthBuilder::default().with_config(config).build().unwrap();
 
     let forwarded_headers = result
-      .forwarded_headers(&request_headers, None, &Endpoint::Reads)
+      .forwarded_headers(&request_headers, None, &Endpoint::Reads, "id")
       .unwrap();
     assert_eq!(
       forwarded_headers,
@@ -695,6 +708,7 @@ mod tests {
           "Key": "Value"
         })),
         &Endpoint::Reads,
+        "id",
       )
       .unwrap();
     assert_eq!(
@@ -705,21 +719,37 @@ mod tests {
       ),])
     );
 
-    let config = builder.forward_endpoint_type(true).build().unwrap();
+    let config = builder.clone().forward_endpoint_type(true).build().unwrap();
     let result = AuthBuilder::default().with_config(config).build().unwrap();
 
     let forwarded_headers = result
-      .forwarded_headers(&request_headers, None, &Endpoint::Variants)
+      .forwarded_headers(&request_headers, None, &Endpoint::Variants, "id")
       .unwrap();
     assert_eq!(
       forwarded_headers,
       HeaderMap::from_iter([(
-        format!("{}{}", FORWARD_HEADER_PREFIX, ENDPOINT_TYPE_NAME)
+        format!("{}{}", FORWARD_HEADER_PREFIX, ENDPOINT_TYPE_HEADER_NAME)
           .parse()
           .unwrap(),
         "variants".parse().unwrap()
       ),])
     );
+
+    let config = builder.forward_id(true).build().unwrap();
+    let result = AuthBuilder::default().with_config(config).build().unwrap();
+
+    let forwarded_headers = result
+      .forwarded_headers(&request_headers, None, &Endpoint::Variants, "id")
+      .unwrap();
+    assert_eq!(
+      forwarded_headers,
+      HeaderMap::from_iter([(
+        format!("{}{}", FORWARD_HEADER_PREFIX, ID_HEADER_NAME)
+          .parse()
+          .unwrap(),
+        "id".parse().unwrap()
+      ),])
+    );
   }
 
   #[test]

Original file line number	Diff line number	Diff line change
`@@ -213,7 +213,7 @@ impl AuthConfigBuilder {`
`213`	`213`	`self`
`214`	`214`	`}`
`215`	`215`
`216`		`- /// Set whether to forward the id`
	`216`	`+ /// Set whether to forward the id.`
`217`	`217`	`pub fn forward_id(mut self, forward_id: bool) -> Self {`
`218`	`218`	`self.forward_id = forward_id;`
`219`	`219`	`self`