v2.0.0-alpha14

分支 (545)

标签 (1936)

管理

管理

master

main

release/v2.9

fix/v2.9/42823

release/v2.8

release/v2.7

fix/42823

v2.9.2-hotfix-tigeraoperator-conflict

v2.8.9-hotfix-test-cve-monitoring

v2.7.16-hotfix-test-cve-monitoring

v2.8-define-artifacts-to-upload

v2.9.2-hotfix-metrics-downstream-network

v2.9.2-hotfix-downstream-caches-reduction

v2.8-self-hosted-runners

v2.9.2-hotfix-transport-leak

v2.8.5-hotfix-tigeraoperator-conflict

markus/temp-remove-rsa

fix/42788-v2.9

fix/42788

backport-userretention-to-v2.8

v2.9.3-alpha4

v2.10.0-alpha2

v2.8.9-alpha9

v2.9.2-hotfix-ch-2-efe7cd186

v2.10.0-alpha1

v2.7.16-alpha3

v2.7.16-alpha4

v2.8.9-alpha8

v2.8.9-alpha7

v2.9.3-alpha3

v2.9.3-alpha2

v2.9.3-alpha1

v2.8.9-alpha6

v2.8.9-alpha5

v2.8.9-alpha4

v2.8.9-alpha3

v2.8.9-alpha2

v2.8.9-alpha1

v2.9.2-hotfix-ch-1-77f48fb9f

v2.9.2-hotfix-ch-2-3778e74e6

rancher
/
pkg
/
auth
/
requests
/
filter.go

package requests

import (
	"context"
	"fmt"
	"net/http"

	"github.com/rancher/rancher/pkg/auth/util"
	"github.com/rancher/types/config"
	"github.com/sirupsen/logrus"
)

func NewAuthenticationFilter(ctx context.Context, managementContext *config.ManagementContext, next http.Handler) (http.Handler, error) {
	if managementContext == nil {
		return nil, fmt.Errorf("Failed to build NewAuthenticationFilter, nil ManagementContext")
	}
	auth := NewAuthenticator(ctx, managementContext)
	return &authHeaderHandler{
		auth: auth,
		next: next,
	}, nil
}

type authHeaderHandler struct {
	auth Authenticator
	next http.Handler
}

func (h authHeaderHandler) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
	authed, user, groups, err := h.auth.Authenticate(req)
	if err != nil || !authed {
		util.ReturnHTTPError(rw, req, 401, err.Error())
		return
	}

	logrus.Debugf("Impersonating user %v, groups %v", user, groups)

	req.Header.Set("Impersonate-User", user)

	req.Header.Del("Impersonate-Group")
	for _, group := range groups {
		req.Header.Add("Impersonate-Group", group)
	}

	h.next.ServeHTTP(rw, req)
}