liggitt/proxy.go

## proxy.go
/*

Generate a config like this:
  openshift start master --write-config=requestheader --master=https://127.0.0.1:8443 --etcd-dir=requestheader/etcd

Update requestheader/master-config.yaml:
  identityProviders:
  - challenge: true
    login: true
    name: header
    provider:
      apiVersion: v1
      challengeURL: "http://127.0.0.1:1234/oauth/authorize?${query}"
      loginURL: "http://127.0.0.1:1234/oauth/authorize?${query}"
      kind: RequestHeaderIdentityProvider
      headers:
      - RemoteUser

Start openshift:
  openshift start master --config=requestheader/master-config.yaml

Start the proxy:
  go run proxy.go 127.0.0.1:1234 https://127.0.0.1:8443

*/
package main

import (
	"crypto/tls"
	"fmt"
	"io"
	"net/http"
	"net/url"
	"os"
)

func main() {
	args := os.Args[1:]
	if len(args) != 2 {
		fmt.Println("Usage: go run proxy.go listenhost:port http://backendhost:port")
		os.Exit(1)
	}

	// Set up an auth proxy
	proxyTransport := &http.Transport{
		TLSClientConfig: &tls.Config{
			InsecureSkipVerify: true,
		},
	}

	proxyAddr := args[0]

	backendURL, err := url.Parse(args[1])
	if err != nil || backendURL.Scheme == "" || backendURL.Host == "" {
		fmt.Println("invalid backend %q: %v", args[1], err)
		os.Exit(1)
	}

	fmt.Println("Starting server. Any username is accepted with the password 'secret'. Press ctrl+c to stop...")

	server := &http.Server{Addr: proxyAddr, Handler: http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		fmt.Println(r.URL.String())

		// Decide whether to challenge
		username, password, _ := r.BasicAuth()
		if username == "" || password != "secret" {
			fmt.Println("Challenging")
			w.Header().Set("WWW-Authenticate", `Basic realm="Protected Area"`)
			w.WriteHeader(401)
			return
		}

		// Swap the scheme and host to the master, keeping path and params the same
		proxyURL := r.URL
		proxyURL.Scheme = backendURL.Scheme
		proxyURL.Host = backendURL.Host

		// Build a request, copying the original method, body, and headers, overriding the remote user headers
		proxyRequest, _ := http.NewRequest(r.Method, proxyURL.String(), r.Body)
		proxyRequest.Header = r.Header
		proxyRequest.Header.Set("RemoteUser", username)

		// Round trip to the back end
		response, err := proxyTransport.RoundTrip(r)
		if err != nil {
			fmt.Printf("Unexpected error: %v\n", err)
			return
		}
		defer response.Body.Close()

		// Copy response back to originator
		for k, v := range response.Header {
			w.Header()[k] = v
		}
		w.WriteHeader(response.StatusCode)
		if _, err := io.Copy(w, response.Body); err != nil {
			fmt.Printf("Unexpected error: %v\n", err)
			return
		}
	})}
	fmt.Println(server.ListenAndServe())
}
	/*

	Generate a config like this:
	openshift start master --write-config=requestheader --master=https://127.0.0.1:8443 --etcd-dir=requestheader/etcd

	Update requestheader/master-config.yaml:
	identityProviders:
	- challenge: true
	login: true
	name: header
	provider:
	apiVersion: v1
	challengeURL: "http://127.0.0.1:1234/oauth/authorize?${query}"
	loginURL: "http://127.0.0.1:1234/oauth/authorize?${query}"
	kind: RequestHeaderIdentityProvider
	headers:
	- RemoteUser

	Start openshift:
	openshift start master --config=requestheader/master-config.yaml

	Start the proxy:
	go run proxy.go 127.0.0.1:1234 https://127.0.0.1:8443

	*/
	package main

	import (
	"crypto/tls"
	"fmt"
	"io"
	"net/http"
	"net/url"
	"os"
	)

	func main() {
	args := os.Args[1:]
	if len(args) != 2 {
	fmt.Println("Usage: go run proxy.go listenhost:port http://backendhost:port")
	os.Exit(1)
	}

	// Set up an auth proxy
	proxyTransport := &http.Transport{
	TLSClientConfig: &tls.Config{
	InsecureSkipVerify: true,
	},
	}

	proxyAddr := args[0]

	backendURL, err := url.Parse(args[1])
	if err != nil \|\| backendURL.Scheme == "" \|\| backendURL.Host == "" {
	fmt.Println("invalid backend %q: %v", args[1], err)
	os.Exit(1)
	}

	fmt.Println("Starting server. Any username is accepted with the password 'secret'. Press ctrl+c to stop...")

	server := &http.Server{Addr: proxyAddr, Handler: http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
	fmt.Println(r.URL.String())

	// Decide whether to challenge
	username, password, _ := r.BasicAuth()
	if username == "" \|\| password != "secret" {
	fmt.Println("Challenging")
	w.Header().Set("WWW-Authenticate", `Basic realm="Protected Area"`)
	w.WriteHeader(401)
	return
	}

	// Swap the scheme and host to the master, keeping path and params the same
	proxyURL := r.URL
	proxyURL.Scheme = backendURL.Scheme
	proxyURL.Host = backendURL.Host

	// Build a request, copying the original method, body, and headers, overriding the remote user headers
	proxyRequest, _ := http.NewRequest(r.Method, proxyURL.String(), r.Body)
	proxyRequest.Header = r.Header
	proxyRequest.Header.Set("RemoteUser", username)

	// Round trip to the back end
	response, err := proxyTransport.RoundTrip(r)
	if err != nil {
	fmt.Printf("Unexpected error: %v\n", err)
	return
	}
	defer response.Body.Close()

	// Copy response back to originator
	for k, v := range response.Header {
	w.Header()[k] = v
	}
	w.WriteHeader(response.StatusCode)
	if _, err := io.Copy(w, response.Body); err != nil {
	fmt.Printf("Unexpected error: %v\n", err)
	return
	}
	})}
	fmt.Println(server.ListenAndServe())
	}