From 1746a763c101eb3185011b88d43303b63d88b3ed Mon Sep 17 00:00:00 2001
From: Fabian Seidl <fabian.seidl@h-da.de>
Date: Fri, 15 Mar 2024 10:45:26 +0000
Subject: [PATCH] Resolve "Change the way user credentials for authz are
 provided to not be in context"

See merge request danet/gosdn!794
---
 README.md          |  5 ++++-
 controller/http.go | 15 ++++++++++++++-
 2 files changed, 18 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 479cd5e73..7500a5f5a 100644
--- a/README.md
+++ b/README.md
@@ -80,7 +80,10 @@ The `goSDN` controllers core - also called `nucleus` - is a lightweight library
 that manages principal network domains and provides southbound interface
 operations for managed network elements.
 
-In addition, we provide a simple Northbound-API for the controller [right here](https://code.fbi.h-da.de/danet/gosdn/-/tree/master/controller/api).
+In addition, we provide a simple Northbound-API (gRPC) for the controller [right here](https://code.fbi.h-da.de/danet/gosdn/-/tree/master/controller/api).
+
+The gRPC services can also be reached using HTTP requests via the gRPC-Gateway. The fitting OpenAPI definitions can be found [here](https://code.fbi.h-da.de/danet/gosdn/-/tree/master/api/openapiv2?ref_type=heads). Note, that this is experimental and tested less well. If you want to use the controller in secure mode which implies it's mandatory to login and provide the received token in other requests via the HTTP header with the key-value pair:
+`"authorize: token"`.
 
 ### Principal Networking Domain (PND)
 
diff --git a/controller/http.go b/controller/http.go
index dae22922b..1261577ac 100644
--- a/controller/http.go
+++ b/controller/http.go
@@ -42,7 +42,9 @@ func run() error {
 
 	// Register gRPC server endpoint
 	// Note: Make sure the gRPC server is running properly and accessible
-	mux := runtime.NewServeMux()
+	mux := runtime.NewServeMux(
+		runtime.WithIncomingHeaderMatcher(customHeaderMatcher),
+	)
 
 	err := registerHttpHandler(mux)
 
@@ -162,3 +164,14 @@ func metricsHandler(mux *runtime.ServeMux) error {
 
 	return nil
 }
+
+// customHeaderMatcher passes custom key-value pairs within headers to be added to the outgoing context of gRPC-Gateway.
+// Use "authorize: token" in header for authorization after login.
+func customHeaderMatcher(key string) (string, bool) {
+	switch key {
+	case "Authorize":
+		return key, true
+	default:
+		return runtime.DefaultHeaderMatcher(key)
+	}
+}
-- 
GitLab