Set User header on proxied requests.

Author: RubenVerborgh

lib/handlers/auth-proxy.js

@@ -25,9 +25,18 @@ function addAuthProxyHandler (app, sourcePath, target) {
   const sourcePathLength = sourcePath.length
   const settings = Object.assign({
     target,
+    onProxyReq: addUserHeader,
+    onProxyReqWs: addUserHeader,
     pathRewrite: path => path.substr(sourcePathLength)
   }, PROXY_SETTINGS)
 
   // Activate the proxy
   app.use(`${sourcePath}*`, proxy(settings))
 }
+
+// Adds a User header with the user's ID if the user is logged in
+function addUserHeader (proxyReq, req) {
+  if (req.session && req.session.userId) {
+    proxyReq.setHeader('User', req.session.userId)
+  }
+}

test/unit/auth-proxy.js

@@ -4,16 +4,25 @@ const express = require('express')
 const request = require('supertest')
 const { expect } = require('chai')
 
+const USER = 'https://ruben.verborgh.org/profile/#me'
+
 describe('Auth Proxy', () => {
   describe('An auth proxy with 2 destinations', () => {
     let app
+    let loggedIn = true
     before(() => {
       nock('http://server-a.org').persist()
         .get(/./).reply(200, addRequestDetails('a'))
       nock('https://server-b.org').persist()
         .get(/./).reply(200, addRequestDetails('b'))
 
       app = express()
+      app.use((req, res, next) => {
+        if (loggedIn) {
+          req.session = { userId: USER }
+        }
+        next()
+      })
       authProxy(app, {
         '/server/a': 'http://server-a.org',
         '/server/b': 'https://server-b.org/foo/bar'
@@ -33,6 +42,11 @@ describe('Auth Proxy', () => {
         expect(path).to.equal('/')
       })
 
+      it('sets the User header on the proxy request', () => {
+        const { headers } = response.body
+        expect(headers).to.have.property('user', USER)
+      })
+
       it('returns status code 200', () => {
         expect(response).to.have.property('statusCode', 200)
       })
@@ -51,6 +65,11 @@ describe('Auth Proxy', () => {
         expect(path).to.equal('/my/path?query=string')
       })
 
+      it('sets the User header on the proxy request', () => {
+        const { headers } = response.body
+        expect(headers).to.have.property('user', USER)
+      })
+
       it('returns status code 200', () => {
         expect(response).to.have.property('statusCode', 200)
       })
@@ -69,6 +88,11 @@ describe('Auth Proxy', () => {
         expect(path).to.equal('/foo/bar')
       })
 
+      it('sets the User header on the proxy request', () => {
+        const { headers } = response.body
+        expect(headers).to.have.property('user', USER)
+      })
+
       it('returns status code 200', () => {
         expect(response).to.have.property('statusCode', 200)
       })
@@ -87,6 +111,38 @@ describe('Auth Proxy', () => {
         expect(path).to.equal('/foo/bar/my/path?query=string')
       })
 
+      it('sets the User header on the proxy request', () => {
+        const { headers } = response.body
+        expect(headers).to.have.property('user', USER)
+      })
+
+      it('returns status code 200', () => {
+        expect(response).to.have.property('statusCode', 200)
+      })
+    })
+
+    describe('responding to /server/a without a logged-in user', () => {
+      let response
+      before(() => {
+        loggedIn = false
+        return request(app).get('/server/a')
+          .then(res => { response = res })
+      })
+      after(() => {
+        loggedIn = true
+      })
+
+      it('proxies to http://server-a.org/', () => {
+        const { server, path } = response.body
+        expect(server).to.equal('a')
+        expect(path).to.equal('/')
+      })
+
+      it('does not set the User header on the proxy request', () => {
+        const { headers } = response.body
+        expect(headers).to.not.have.property('user')
+      })
+
       it('returns status code 200', () => {
         expect(response).to.have.property('statusCode', 200)
       })