Send JSON-encoded user session data through X-User header.

robarchibald · Jan 24, 2017 · 7f3cef6 · 7f3cef6
1 parent 703ddf4
commit 7f3cef6
Show file tree

Hide file tree

Showing 2 changed files with 40 additions and 17 deletions.
diff --git a/nginxauth.go b/nginxauth.go
@@ -1,6 +1,7 @@
 package main
 
 import (
+	"encoding/json"
 	"fmt"
 	"github.com/gorilla/handlers"
 	"github.com/robarchibald/configReader"
@@ -177,23 +178,45 @@ func (s *nginxauth) method(name string, handler func(authStore authStorer, w htt
 func auth(authStore authStorer, w http.ResponseWriter, r *http.Request) {
 	session, err := authStore.GetSession()
 	if err != nil {
-		http.Error(w, "Authentication required: "+err.Error(), http.StatusUnauthorized)
-		if a, ok := err.(*authError); ok {
-			fmt.Println(a.Trace())
-		}
-	} else {
-		addUserHeader(session, w)
+		authErr(w, r, err)
+		return
+	}
+
+	user, err := json.Marshal(&userLogin{Email: session.Email, UserID: session.UserID, FullName: session.FullName})
+	if err != nil {
+		authErr(w, r, err)
+		return
+	}
+
+	addUserHeader(string(user), w)
+}
+
+func authErr(w http.ResponseWriter, r *http.Request, err error) {
+	http.Error(w, "Authentication required: "+err.Error(), http.StatusUnauthorized)
+	if a, ok := err.(*authError); ok {
+		fmt.Println(a.Trace())
 	}
 }
 
 func authBasic(authStore authStorer, w http.ResponseWriter, r *http.Request) {
 	session, err := authStore.GetBasicAuth()
 	if err != nil {
-		w.Header().Set("WWW-Authenticate", "Basic realm='Endfirst.com'")
-		http.Error(w, "Authentication required: "+err.Error(), http.StatusUnauthorized)
-	} else {
-		addUserHeader(session, w)
+		basicErr(w, r, err)
+		return
 	}
+
+	user, err := json.Marshal(&userLogin{Email: session.Email, UserID: session.UserID, FullName: session.FullName})
+	if err != nil {
+		basicErr(w, r, err)
+		return
+	}
+
+	addUserHeader(string(user), w)
+}
+
+func basicErr(w http.ResponseWriter, r *http.Request, err error) {
+	w.Header().Set("WWW-Authenticate", "Basic realm='Endfirst.com'")
+	http.Error(w, "Authentication required: "+err.Error(), http.StatusUnauthorized)
 }
 
 func login(authStore authStorer, w http.ResponseWriter, r *http.Request) {
@@ -234,6 +257,6 @@ func run(method func() error, w http.ResponseWriter) {
 	}
 }
 
-func addUserHeader(session *loginSession, w http.ResponseWriter) {
-	w.Header().Add("X-User", session.Email)
+func addUserHeader(userJSON string, w http.ResponseWriter) {
+	w.Header().Add("X-User", userJSON)
 }
diff --git a/nginxauth_test.go b/nginxauth_test.go
@@ -43,9 +43,9 @@ func TestAuth(t *testing.T) {
 	}
 
 	w = httptest.NewRecorder()
-	storer = &mockAuthStorer{SessionReturn: &loginSession{Email: "[email protected]"}}
+	storer = &mockAuthStorer{SessionReturn: &loginSession{UserID: 1, Email: "[email protected]", FullName: "Name"}}
 	auth(storer, w, nil)
-	if w.Header().Get("X-User") != "[email protected]" || storer.LastRun != "GetSession" {
+	if w.Header().Get("X-User") != `{"UserID":1,"Email":"[email protected]","FullName":"Name"}` || storer.LastRun != "GetSession" {
 		t.Error("expected User header to be set", w.Header().Get("X-User"), storer.LastRun)
 	}
 }
@@ -61,7 +61,7 @@ func TestAuthBasic(t *testing.T) {
 	w = httptest.NewRecorder()
 	storer = &mockAuthStorer{SessionReturn: &loginSession{Email: "[email protected]"}}
 	authBasic(storer, w, nil)
-	if w.Header().Get("X-User") != "[email protected]" || storer.LastRun != "GetBasicAuth" {
+	if w.Header().Get("X-User") != `{"UserID":0,"Email":"[email protected]","FullName":""}` || storer.LastRun != "GetBasicAuth" {
 		t.Error("expected User header to be set", w.Header().Get("X-User"), storer.LastRun)
 	}
 }
@@ -129,8 +129,8 @@ func TestVerifyEmail(t *testing.T) {
 
 func TestAddUserHeader(t *testing.T) {
 	w := httptest.NewRecorder()
-	addUserHeader(&loginSession{Email: "[email protected]"}, w)
-	if w.Header().Get("X-User") != "[email protected]" {
+	addUserHeader(`{"name": "value"}`, w)
+	if w.Header().Get("X-User") != `{"name": "value"}` {
 		t.Error("expected halfauth header", w.Header())
 	}
 }