Created
June 1, 2018 18:15
-
-
Save mahendra/404cb62ce1bfb8d1f2c0f8c0ccb2dc06 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
'use strict'; | |
// Mapping of affirm subdomains to origin nodes | |
const domainMapping = { | |
"subdomain-1.affirm.com": { | |
"domain": "affirm.helpdesk.com", | |
"http_only": false, | |
}, | |
// Proxy to external HTTP-only subdomain | |
"subdomain-1.affirm.com": { | |
"domain": "affirm.apiblah.com", | |
"http_only": true, | |
} | |
} | |
// The list of cookies which we will not send out to external subdomains | |
const redactList = new Set([ | |
// Cookies set by our session | |
'cookie1', | |
'cookie2', | |
// Cookies set by external parties used by Affirm | |
'ext_cookie1', | |
'ext_cookie2', | |
]); | |
// Parse the cookies header into a dictionary | |
// Note: Copied from AWS examples (shrug!!) | |
function parseCookies(headers) { | |
const parsedCookie = {}; | |
headers.cookie[0].value.split(';').forEach((cookie) => { | |
if (cookie) { | |
const parts = cookie.split('='); | |
parsedCookie[parts[0].trim()] = parts.slice(1).join('=').trim(); | |
} | |
}); | |
return parsedCookie; | |
} | |
function redactCookie(cookies) { | |
var redactedCookies = []; | |
for(var key in cookies) { | |
if (!redactList.has(key)) { | |
redactedCookies.push(key + '=' + cookies[key]); | |
} | |
} | |
return redactedCookies.join('; '); | |
} | |
exports.handler = (event, context, callback) => { | |
const request = event.Records[0].cf.request; | |
const response = event.Records[0].cf.response; | |
// Check for sensitive cookies, if present then redact | |
if (request.headers.cookie) { | |
const parsedCookies = parseCookies(request.headers); | |
// Redact cookies | |
request.headers.cookie[0].value = redactCookie(parsedCookies); | |
} | |
// Check the Host Header in the request | |
for (let idx = 0; idx < request.headers['host'].length; idx++) { | |
const entry = request.headers['host'][idx]; | |
if (entry.key == 'Host' && domainMapping[entry.value]) { | |
const config = domainMapping[entry.value]; | |
request.origin.custom.domainName = config.domain; | |
if (config.http_only) { | |
request.origin.custom.port = 80; | |
request.origin.custom.protocol = "http"; | |
} | |
callback(null, request); | |
return; | |
} | |
} | |
// The request header did not match our configuration | |
response.status = 400; | |
callback(null, response); | |
}; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment