Replace string headers with constants

p53 · Nov 28, 2024 · 3115d9e · 3115d9e
1 parent 44691a2
commit 3115d9e
Show file tree

Hide file tree

Showing 11 changed files with 35 additions and 31 deletions.
diff --git a/pkg/authorization/external_opa.go b/pkg/authorization/external_opa.go
@@ -11,6 +11,7 @@ import (
 	"testing"
 	"time"
 
+	"github.com/gogatekeeper/gatekeeper/pkg/constant"
 	"github.com/open-policy-agent/opa/plugins"
 	opaserver "github.com/open-policy-agent/opa/server"
 	opastorage "github.com/open-policy-agent/opa/storage"
@@ -90,7 +91,7 @@ func (p *OpaAuthorizationProvider) Authorize() (AuthzDecision, error) {
 		return DeniedAuthz, err
 	}
 
-	httpReq.Header.Set("Content-Type", "application/json")
+	httpReq.Header.Set(constant.HeaderContentType, "application/json")
 	httpReq = httpReq.WithContext(ctx)
 
 	client := &http.Client{}

diff --git a/pkg/constant/constant.go b/pkg/constant/constant.go
@@ -58,6 +58,7 @@ const (
 	HeaderXForwardedURI    = "X-Forwarded-URI"
 	HeaderXForwardedMethod = "X-Forwarded-Method"
 	HeaderXHMAC            = "X-HMAC-SHA256"
+	HeaderContentType      = "Content-Type"
 
 	DurationType = "time.Duration"
 

diff --git a/pkg/keycloak/proxy/forwarding.go b/pkg/keycloak/proxy/forwarding.go
@@ -51,7 +51,7 @@ func forwardProxyHandler(
 		req.URL.Host = hostname
 		// is the host being signed?
 		if len(forwardingDomains) == 0 || utils.ContainsSubString(hostname, forwardingDomains) {
-			req.Header.Set("Authorization", "Bearer "+token)
+			req.Header.Set(constant.AuthorizationHeader, "Bearer "+token)
 			req.Header.Set("X-Forwarded-Agent", constant.Prog)
 		}
 		if enableHmac {

diff --git a/pkg/keycloak/proxy/handlers.go b/pkg/keycloak/proxy/handlers.go
@@ -466,7 +466,7 @@ func loginHandler(
 					errors.Join(apperrors.ErrExtractIdentityFromAccessToken, err)
 			}
 
-			writer.Header().Set("Content-Type", "application/json")
+			writer.Header().Set(constant.HeaderContentType, "application/json")
 			idToken, assertOk := token.Extra("id_token").(string)
 			if !assertOk {
 				return http.StatusInternalServerError,
@@ -791,7 +791,7 @@ func logoutHandler(
 
 			// step: add the authentication headers and content-type
 			request.SetBasicAuth(encodedID, encodedSecret)
-			request.Header.Set("Content-Type", "application/x-www-form-urlencoded")
+			request.Header.Set(constant.HeaderContentType, "application/x-www-form-urlencoded")
 
 			start := time.Now()
 			response, err := httpClient.Do(request)

diff --git a/pkg/proxy/handlers/handlers.go b/pkg/proxy/handlers/handlers.go
@@ -158,7 +158,7 @@ func DiscoveryHandler(
 			return
 		}
 
-		wrt.Header().Set("Content-Type", "application/json")
+		wrt.Header().Set(constant.HeaderContentType, "application/json")
 		wrt.WriteHeader(http.StatusOK)
 		_, err = wrt.Write(respBody)
 
@@ -278,7 +278,7 @@ func TokenHandler(
 			return
 		}
 
-		wrt.Header().Set("Content-Type", "application/json")
+		wrt.Header().Set(constant.HeaderContentType, "application/json")
 		_, _ = wrt.Write(result)
 	}
 }
diff --git a/pkg/proxy/middleware/base.go b/pkg/proxy/middleware/base.go
@@ -268,7 +268,7 @@ func IdentityHeadersMiddleware(
 				}
 				// add the authorization header if requested
 				if enableAuthzHeader {
-					headers.Set("Authorization", "Bearer "+user.RawToken)
+					headers.Set(constant.AuthorizationHeader, "Bearer "+user.RawToken)
 				}
 				// are we filtering out the cookies
 				if !enableAuthzCookies {

diff --git a/pkg/testsuite/constant.go b/pkg/testsuite/constant.go
@@ -27,6 +27,7 @@ const (
 	FakePrivFilePrefix           = "/gateadmin_priv_"
 	FakeCaFilePrefix             = "/gateadmin_ca_"
 	TestProxyHeaderKey           = "X-GoProxy"
+	TestSetCookieHeader          = "Set-Cookie"
 	TestProxyHeaderVal           = "yxorPoG-X"
 	DefaultOpenIDProviderTimeout = time.Second * 5
 	DefaultIat                   = 1450372669

diff --git a/pkg/testsuite/cookies_test.go b/pkg/testsuite/cookies_test.go
@@ -116,7 +116,7 @@ func TestDropCookie(t *testing.T) {
 
 	assert.Equal(t,
 		"test-cookie=test-value; Path=/",
-		resp.Header().Get("Set-Cookie"),
+		resp.Header().Get(TestSetCookieHeader),
 		"we have not set the cookie, headers: %v", resp.Header())
 
 	resp = httptest.NewRecorder()
@@ -125,23 +125,23 @@ func TestDropCookie(t *testing.T) {
 
 	assert.Equal(t,
 		"test-cookie=test-value; Path=/",
-		resp.Header().Get("Set-Cookie"),
+		resp.Header().Get(TestSetCookieHeader),
 		"we have not set the cookie, headers: %v", resp.Header())
 
 	resp = httptest.NewRecorder()
 	proxy.Config.SecureCookie = true
 	proxy.Cm.DropCookie(resp, "test-cookie", "test-value", 0)
 	assert.NotEqual(t,
 		"test-cookie=test-value; Path=/; HttpOnly; Secure",
-		resp.Header().Get("Set-Cookie"),
+		resp.Header().Get(TestSetCookieHeader),
 		"we have not set the cookie, headers: %v", resp.Header())
 
 	proxy.Config.CookieDomain = "test.com"
 	proxy.Cm.DropCookie(resp, "test-cookie", "test-value", 0)
 	proxy.Config.SecureCookie = false
 	assert.NotEqual(t,
 		"test-cookie=test-value; Path=/; Domain=test.com;",
-		resp.Header().Get("Set-Cookie"),
+		resp.Header().Get(TestSetCookieHeader),
 		"we have not set the cookie, headers: %v", resp.Header())
 }
 
@@ -154,7 +154,7 @@ func TestDropRefreshCookie(t *testing.T) {
 
 	assert.Equal(t,
 		constant.RefreshCookie+"=test; Path=/",
-		resp.Header().Get("Set-Cookie"),
+		resp.Header().Get(TestSetCookieHeader),
 		"we have not set the cookie, headers: %v", resp.Header())
 }
 
@@ -167,7 +167,7 @@ func TestSessionOnlyCookie(t *testing.T) {
 
 	assert.Equal(t,
 		"test-cookie=test-value; Path=/",
-		resp.Header().Get("Set-Cookie"),
+		resp.Header().Get(TestSetCookieHeader),
 		"we have not set the cookie, headers: %v", resp.Header())
 }
 
@@ -179,7 +179,7 @@ func TestSameSiteCookie(t *testing.T) {
 
 	assert.Equal(t,
 		"test-cookie=test-value; Path=/",
-		resp.Header().Get("Set-Cookie"),
+		resp.Header().Get(TestSetCookieHeader),
 		"we have not set the cookie, headers: %v", resp.Header())
 
 	resp = httptest.NewRecorder()
@@ -188,7 +188,7 @@ func TestSameSiteCookie(t *testing.T) {
 
 	assert.Equal(t,
 		"test-cookie=test-value; Path=/; SameSite=Strict",
-		resp.Header().Get("Set-Cookie"),
+		resp.Header().Get(TestSetCookieHeader),
 		"we have not set the cookie, headers: %v", resp.Header())
 
 	resp = httptest.NewRecorder()
@@ -197,7 +197,7 @@ func TestSameSiteCookie(t *testing.T) {
 
 	assert.Equal(t,
 		"test-cookie=test-value; Path=/; SameSite=Lax",
-		resp.Header().Get("Set-Cookie"),
+		resp.Header().Get(TestSetCookieHeader),
 		"we have not set the cookie, headers: %v", resp.Header())
 
 	resp = httptest.NewRecorder()
@@ -206,7 +206,7 @@ func TestSameSiteCookie(t *testing.T) {
 
 	assert.Equal(t,
 		"test-cookie=test-value; Path=/; SameSite=None",
-		resp.Header().Get("Set-Cookie"),
+		resp.Header().Get(TestSetCookieHeader),
 		"we have not set the cookie, headers: %v", resp.Header())
 }
 
@@ -218,7 +218,7 @@ func TestHTTPOnlyCookie(t *testing.T) {
 
 	assert.Equal(t,
 		"test-cookie=test-value; Path=/",
-		resp.Header().Get("Set-Cookie"),
+		resp.Header().Get(TestSetCookieHeader),
 		"we have not set the cookie, headers: %v", resp.Header())
 
 	resp = httptest.NewRecorder()
@@ -227,7 +227,7 @@ func TestHTTPOnlyCookie(t *testing.T) {
 
 	assert.Equal(t,
 		"test-cookie=test-value; Path=/; HttpOnly",
-		resp.Header().Get("Set-Cookie"),
+		resp.Header().Get(TestSetCookieHeader),
 		"we have not set the cookie, headers: %v", resp.Header())
 }
 
@@ -238,7 +238,7 @@ func TestClearAccessTokenCookie(t *testing.T) {
 	resp := httptest.NewRecorder()
 	proxy.Cm.ClearAccessTokenCookie(req, resp)
 	assert.Contains(t,
-		resp.Header().Get("Set-Cookie"),
+		resp.Header().Get(TestSetCookieHeader),
 		constant.AccessCookie+"=; Path=/; Expires=",
 		"we have not cleared the, headers: %v", resp.Header())
 }
@@ -249,7 +249,7 @@ func TestClearRefreshAccessTokenCookie(t *testing.T) {
 	resp := httptest.NewRecorder()
 	p.Cm.ClearRefreshTokenCookie(req, resp)
 	assert.Contains(t,
-		resp.Header().Get("Set-Cookie"),
+		resp.Header().Get(TestSetCookieHeader),
 		constant.RefreshCookie+"=; Path=/; Expires=",
 		"we have not cleared the, headers: %v", resp.Header())
 }
@@ -260,7 +260,7 @@ func TestClearAllCookies(t *testing.T) {
 	resp := httptest.NewRecorder()
 	p.Cm.ClearAllCookies(req, resp)
 	assert.Contains(t,
-		resp.Header().Get("Set-Cookie"),
+		resp.Header().Get(TestSetCookieHeader),
 		constant.AccessCookie+"=; Path=/; Expires=",
 		"we have not cleared the, headers: %v", resp.Header())
 }

diff --git a/pkg/testsuite/fake_authserver.go b/pkg/testsuite/fake_authserver.go
@@ -478,7 +478,7 @@ func (r *fakeAuthServer) revocationHandler(wrt http.ResponseWriter, req *http.Re
 }
 
 func (r *fakeAuthServer) userInfoHandler(wrt http.ResponseWriter, req *http.Request) {
-	items := strings.Split(req.Header.Get("Authorization"), " ")
+	items := strings.Split(req.Header.Get(constant.AuthorizationHeader), " ")
 	authItems := 2
 	if len(items) != authItems {
 		wrt.WriteHeader(http.StatusUnauthorized)
@@ -768,7 +768,7 @@ func getRandomString(n int) (string, error) {
 }
 
 func renderJSON(code int, w http.ResponseWriter, data interface{}) {
-	w.Header().Set("Content-Type", "application/json")
+	w.Header().Set(constant.HeaderContentType, "application/json")
 	w.WriteHeader(code)
 	if err := json.NewEncoder(w).Encode(data); err != nil {
 		w.WriteHeader(http.StatusInternalServerError)

diff --git a/pkg/testsuite/fake_upstream.go b/pkg/testsuite/fake_upstream.go
@@ -8,6 +8,7 @@ import (
 	"strings"
 	"time"
 
+	"github.com/gogatekeeper/gatekeeper/pkg/constant"
 	"golang.org/x/net/websocket"
 )
 
@@ -24,7 +25,7 @@ type fakeUpstreamResponse struct {
 type FakeUpstreamService struct{}
 
 func (f *FakeUpstreamService) ServeHTTP(wrt http.ResponseWriter, req *http.Request) {
-	upgrade := strings.ToLower(req.Header.Get("Upgrade"))
+	upgrade := strings.ToLower(req.Header.Get(constant.HeaderUpgrade))
 	if upgrade == "websocket" {
 		wrt.Header().Set(TestProxyAccepted, "true")
 		websocket.Handler(func(wsock *websocket.Conn) {
@@ -65,7 +66,7 @@ func (f *FakeUpstreamService) ServeHTTP(wrt http.ResponseWriter, req *http.Reque
 		}
 
 		wrt.Header().Set(TestProxyAccepted, "true")
-		wrt.Header().Set("Content-Type", "application/json")
+		wrt.Header().Set(constant.HeaderContentType, "application/json")
 		content, err := json.Marshal(&fakeUpstreamResponse{
 			// r.RequestURI is what was received by the proxy.
 			// r.URL.String() is what is actually sent to the upstream service.

diff --git a/pkg/testsuite/session_test.go b/pkg/testsuite/session_test.go
@@ -40,7 +40,7 @@ func TestGetIndentity(t *testing.T) {
 			Request: func(token string) *http.Request {
 				return &http.Request{
 					Header: http.Header{
-						"Authorization": []string{"Bearer " + token},
+						constant.AuthorizationHeader: []string{"Bearer " + token},
 					},
 				}
 			},
@@ -53,7 +53,7 @@ func TestGetIndentity(t *testing.T) {
 			Request: func(_ string) *http.Request {
 				return &http.Request{
 					Header: http.Header{
-						"Authorization": []string{"Basic QWxhZGRpbjpPcGVuU2VzYW1l"},
+						constant.AuthorizationHeader: []string{"Basic QWxhZGRpbjpPcGVuU2VzYW1l"},
 					},
 				}
 			},
@@ -66,7 +66,7 @@ func TestGetIndentity(t *testing.T) {
 			Request: func(token string) *http.Request {
 				return &http.Request{
 					Header: http.Header{
-						"Authorization": []string{"Test " + token},
+						constant.AuthorizationHeader: []string{"Test " + token},
 					},
 				}
 			},
@@ -101,7 +101,7 @@ func TestGetIndentity(t *testing.T) {
 			Request: func(token string) *http.Request {
 				return &http.Request{
 					Header: http.Header{
-						"Authorization": []string{"Bearer " + token},
+						constant.AuthorizationHeader: []string{"Bearer " + token},
 					},
 				}
 			},
@@ -114,7 +114,7 @@ func TestGetIndentity(t *testing.T) {
 			Request: func(_ string) *http.Request {
 				return &http.Request{
 					Header: http.Header{
-						"Authorization": []string{"Basic QWxhZGRpbjpPcGVuU2VzYW1l"},
+						constant.AuthorizationHeader: []string{"Basic QWxhZGRpbjpPcGVuU2VzYW1l"},
 					},
 				}
 			},