From 74282b99789061c5645252a9e83ec301e3d9c6ee Mon Sep 17 00:00:00 2001 From: Oliver Gugger Date: Mon, 31 May 2021 20:58:46 +0200 Subject: [PATCH] proxy: remove manual trailer fields The last bugfix added some explicit header fields in an attempt of fixing an issue with error responses. Unfortunately they weren't strictly needed for the fix but ended up causing issues in a non-error case. This commit removes those header fields again and makes sure the "auth header not found in response" header doesn't occur anymore. --- proxy/proxy.go | 4 ---- proxy/proxy_test.go | 18 +++++++++++++++++- 2 files changed, 17 insertions(+), 5 deletions(-) diff --git a/proxy/proxy.go b/proxy/proxy.go index 103e429..f0ba134 100644 --- a/proxy/proxy.go +++ b/proxy/proxy.go @@ -333,10 +333,6 @@ func sendDirectResponse(w http.ResponseWriter, r *http.Request, case strings.HasPrefix(r.Header.Get(hdrContentType), hdrTypeGrpc): w.Header().Set(hdrGrpcStatus, strconv.Itoa(int(codes.Internal))) w.Header().Set(hdrGrpcMessage, errInfo) - w.Header().Set("Content-Length", "0") - w.Header().Set(":status", strconv.Itoa(statusCode)) - w.Header().Add("Trailer", hdrGrpcStatus) - w.Header().Add("Trailer", hdrGrpcMessage) w.WriteHeader(statusCode) diff --git a/proxy/proxy_test.go b/proxy/proxy_test.go index abded09..e731451 100644 --- a/proxy/proxy_test.go +++ b/proxy/proxy_test.go @@ -23,6 +23,7 @@ import ( "google.golang.org/grpc" "google.golang.org/grpc/codes" "google.golang.org/grpc/credentials" + "google.golang.org/grpc/metadata" "google.golang.org/grpc/status" "gopkg.in/macaroon.v2" ) @@ -293,10 +294,13 @@ func runGRPCTest(t *testing.T, tc *testCase) { client := proxytest.NewGreeterClient(conn) // Make request without authentication. We expect an error that can - // be parsed by gRPC. + // be parsed by gRPC. We also need to extract any metadata that are + // sent in the trailer to make sure the challenge is returned properly. req := &proxytest.HelloRequest{Name: "foo"} + captureMetadata := metadata.MD{} _, err = client.SayHello( context.Background(), req, grpc.WaitForReady(true), + grpc.Trailer(&captureMetadata), ) require.Error(t, err) statusErr, ok := status.FromError(err) @@ -304,6 +308,18 @@ func runGRPCTest(t *testing.T, tc *testCase) { require.Equal(t, "payment required", statusErr.Message()) require.Equal(t, codes.Internal, statusErr.Code()) + // We expect the WWW-Authenticate header field to be set to an LSAT + // auth response. + expectedHeaderContent, _ := mockAuth.FreshChallengeHeader(&http.Request{ + Header: map[string][]string{}, + }, "", 0) + capturedHeader := captureMetadata.Get("WWW-Authenticate") + require.Len(t, capturedHeader, 1) + require.Equal( + t, expectedHeaderContent.Get("WWW-Authenticate"), + capturedHeader[0], + ) + // Make sure that if we query an URL that is on the whitelist, we don't // get the 402 response. if len(tc.authWhitelist) > 0 {