From c1bdb90566de1751802c60976b76b7868237bd2d Mon Sep 17 00:00:00 2001 From: Trong Huu Nguyen Date: Wed, 4 Oct 2023 09:38:18 +0200 Subject: [PATCH] feat(handler/reverseproxy): don't return json response after all Expose fewer interfaces; less maintenance and documentation needed. --- docs/usage.md | 11 +---------- pkg/handler/reverseproxy.go | 15 +-------------- 2 files changed, 2 insertions(+), 24 deletions(-) diff --git a/docs/usage.md b/docs/usage.md index 40d53c7c..3a1afd3f 100644 --- a/docs/usage.md +++ b/docs/usage.md @@ -36,16 +36,7 @@ A _top-level navigation_ request results in a HTTP 302 Found response with the ` The `redirect` parameter in the login URL is automatically set to the URL for the original request, so that the user is redirected back to their intended location after login. Other requests are considered non-navigational requests, and they will result in a HTTP 401 Unauthorized response. -The `Location` header is set as before, and a JSON response is included for convenience: - -```json -{ - "correlation_id": "388d19c6-d439-4ff3-a77f-0ac3421418b2", - "error": "unauthenticated", - "error_description": "request is not authenticated, please log in", - "login_url": "/oauth2/login?redirect=http%3A%2F%2Flocalhost%3A3000%2Fasdf" -} -``` +The `Location` header is set as described in the above case. The `redirect` parameter in the login URL is set to the value found in the `Referer` header, so that the user is redirected back to their intended location after login. If the `Referer` header is empty, the `redirect` parameter is set to the matching ingress path for the original request. diff --git a/pkg/handler/reverseproxy.go b/pkg/handler/reverseproxy.go index 42284844..442f1cbc 100644 --- a/pkg/handler/reverseproxy.go +++ b/pkg/handler/reverseproxy.go @@ -2,7 +2,6 @@ package handler import ( "context" - "encoding/json" "errors" "log" "net/http" @@ -10,7 +9,6 @@ import ( urllib "net/url" "strings" - "github.com/go-chi/chi/v5/middleware" "github.com/sirupsen/logrus" "github.com/nais/wonderwall/pkg/handler/acr" @@ -151,20 +149,9 @@ func handleAutologin(src ReverseProxySource, w http.ResponseWriter, r *http.Requ target = path } - location := loginURL(target, "non-navigation request detected; responding with 401") + location := loginURL(target, "non-navigation request detected; responding with 401 and Location header") w.Header().Set("Location", location) - w.Header().Set("Content-Type", "application/json") w.WriteHeader(http.StatusUnauthorized) - err := json.NewEncoder(w).Encode(map[string]string{ - "error": "unauthenticated", - "error_description": "request is not authenticated, please log in", - "login_url": location, - "correlation_id": middleware.GetReqID(r.Context()), - }) - if err != nil { - logger.Warnf("default: unauthenticated: autologin: marshalling json response: %+v", err) - w.WriteHeader(http.StatusInternalServerError) - } } func isNavigationRequest(r *http.Request) bool {