Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
View Source
var AuthenticateTenant = middleware.Func(func(next http.Handler) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { logger := log.With(util.WithContext(r.Context(), util.Logger), "ip_address", r.RemoteAddr) level.Debug(logger).Log("msg", "authenticating request", "route", r.RequestURI) tokenString := r.Header.Get("Authorization") if tokenString == "" { level.Info(logger).Log("msg", "no bearer token provided") http.Error(w, "No bearer token provided", http.StatusUnauthorized) authFailures.WithLabelValues("no_token").Inc() return } te := &tenant{} _, err := jwtReq.ParseFromRequest( r, jwtReq.AuthorizationHeaderExtractor, func(token *jwt.Token) (interface{}, error) { if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok { level.Info(logger).Log("msg", "unexpected signing method", "used_method", token.Header["alg"]) return nil, fmt.Errorf("Unexpected signing method: %v", token.Header["alg"]) } return []byte(jwtSecret), nil }, jwtReq.WithClaims(te)) if err != nil { level.Info(logger).Log("msg", "invalid bearer token", "err", err.Error()) http.Error(w, "Invalid bearer token", http.StatusUnauthorized) authFailures.WithLabelValues("token_not_valid").Inc() return } authSuccess.WithLabelValues(te.TenantID).Inc() r.Header.Set("X-Scope-OrgID", te.TenantID) next.ServeHTTP(w, r) }) })
AuthenticateTenant validates the Bearer Token and attaches the TenantID to the request
Functions ¶
Types ¶
type Config ¶
Config for a gateway
func (*Config) RegisterFlags ¶
RegisterFlags adds the flags required to config this package's Config struct
type Gateway ¶
type Gateway struct {
// contains filtered or unexported fields
}
Gateway hosts a reverse proxy for each upstream cortex service we'd like to tunnel after successful authentication
Source Files
Click to show internal directories.
Click to hide internal directories.