fix: preserve original Authentication to be swapped later in HaProxy

Signed-off-by: Andrey Borysenko <andrey18106x@gmail.com>
nextcloud · Jul 22, 2024 · 8698204 · 8698204
1 parent aed1e83
commit 8698204
Showing 1 changed file with 17 additions and 2 deletions.
diff --git a/lib/Service/AppAPIService.php b/lib/Service/AppAPIService.php
@@ -158,7 +158,7 @@ private function prepareRequestToExApp(
 		}
 
 		if (isset($options['headers']) && is_array($options['headers'])) {
-			$options['headers'] = [...$options['headers'], ...$this->commonService->buildAppAPIAuthHeaders($request, $userId, $exApp->getAppid(), $exApp->getVersion(), $exApp->getSecret())];
+			$options['headers'] = [...$this->swapAuthenticationHeader($options['headers']), ...$this->commonService->buildAppAPIAuthHeaders($request, $userId, $exApp->getAppid(), $exApp->getVersion(), $exApp->getSecret())];
 		} else {
 			$options['headers'] = $this->commonService->buildAppAPIAuthHeaders($request, $userId, $exApp->getAppid(), $exApp->getVersion(), $exApp->getSecret());
 		}
@@ -207,7 +207,7 @@ private function prepareRequestToExApp2(
 		}
 
 		if (isset($options['headers']) && is_array($options['headers'])) {
-			$options['headers'] = [...$options['headers'], ...$this->commonService->buildAppAPIAuthHeaders($request, $userId, $exApp->getAppid(), $exApp->getVersion(), $exApp->getSecret())];
+			$options['headers'] = [...$this->swapAuthenticationHeader($options['headers']), ...$this->commonService->buildAppAPIAuthHeaders($request, $userId, $exApp->getAppid(), $exApp->getVersion(), $exApp->getSecret())];
 		} else {
 			$options['headers'] = $this->commonService->buildAppAPIAuthHeaders($request, $userId, $exApp->getAppid(), $exApp->getVersion(), $exApp->getSecret());
 		}
@@ -237,6 +237,21 @@ private function prepareRequestToExApp2(
 		return ['url' => $url, 'options' => $options];
 	}
 
+	/**
+	 * This is required for AppAPI Docker Socket Proxy, as the Basic Auth is already in use by HaProxy,
+	 * and the incoming request's Authentication is replaced with X-Original-Authentication header
+	 * after HaProxy authenticated.
+	 *
+	 * @since AppAPI 3.0.0
+	 */
+	private function swapAuthenticationHeader(array $headers): array {
+		// Swap Basic auth header Authentication to X-Original-Authentication
+		if (isset($headers['Authorization'])) {
+			$headers['X-Original-Authentication'] = $headers['Authorization'];
+		}
+		return $headers;
+	}
+
 	private function getUriEncodedParams(array $params): string {
 		$paramsContent = '';
 		foreach ($params as $key => $value) {