package akka_apps import ( "bbb-graphql-middleware/config" "encoding/json" "fmt" log "github.com/sirupsen/logrus" "io/ioutil" "net/http" "strings" ) // sessionVarsHookUrl is the authentication hook URL obtained from an environment variable. var sessionVarsHookUrl = config.GetConfig().SessionVarsHook.Url var internalError = fmt.Errorf("server internal error") var internalErrorId = "internal_error" func AkkaAppsGetSessionVariablesFrom(browserConnectionId string, sessionToken string) (map[string]string, error, string) { logger := log.WithField("_routine", "AkkaAppsClient").WithField("browserConnectionId", browserConnectionId) logger.Debug("Starting AkkaAppsClient") defer logger.Debug("Finished AkkaAppsClient") // Create a new HTTP client with a cookie jar. client := &http.Client{} // Check if the authentication hook URL is set. if sessionVarsHookUrl == "" { log.Error("BBB_GRAPHQL_MIDDLEWARE_SESSION_VARS_HOOK_URL not set") return nil, internalError, internalErrorId } log.Trace("Get user session vars from: " + sessionVarsHookUrl + "?sessionToken=" + sessionToken) // Create a new HTTP request to the authentication hook URL. req, err := http.NewRequest("GET", sessionVarsHookUrl, nil) if err != nil { log.Error(err) return nil, internalError, internalErrorId } // Execute the HTTP request to obtain user session variables (like X-Hasura-Role) req.Header.Set("x-session-token", sessionToken) req.Header.Set("User-Agent", "bbb-graphql-middleware") resp, err := client.Do(req) if err != nil { return nil, internalError, internalErrorId } defer resp.Body.Close() respBody, err := ioutil.ReadAll(resp.Body) if err != nil { return nil, internalError, internalErrorId } var respBodyAsMap map[string]string if err := json.Unmarshal(respBody, &respBodyAsMap); err != nil { return nil, internalError, internalErrorId } // Check the response status. response, ok := respBodyAsMap["response"] message, _ := respBodyAsMap["message"] messageId, _ := respBodyAsMap["message_id"] if !ok { log.Error("response key not found in the parsed object") return nil, internalError, internalErrorId } if response != "authorized" { logger.Error(response, message, messageId) return nil, fmt.Errorf(message), messageId } // Normalize the response header keys. normalizedResponse := make(map[string]string) for key, value := range respBodyAsMap { if strings.HasPrefix(strings.ToLower(key), "x-hasura") { normalizedResponse[strings.ToLower(key)] = value } } return normalizedResponse, nil, "" }