Return string when accessing a header in Rego

e194f655 · Yordan Kinkov · 15589a53 · e194f655 · e194f655 · e194f655
Commit e194f655 authored 2 years ago by Yordan Kinkov
--- a/README.md
+++ b/README.md
@@ -172,7 +172,26 @@ endpoints for working with arbitrary dynamically uploaded policies.
 ### Access HTTP Headers inside a policy

 HTTP Request Headers are passed to the evaluation runtime on each request. One could access any header by name within
-the Rego source code using `input.header.name` or `input.header["name"]`.
+the Rego source code using `input.headers.Name` or `input.headers["Name"]`.
+##### **Important**
+Header names are passed to the Rego runtime in a canonical format. This means that the first character and any characters following a
+hyphen are uppercase and the rest are lowercase.
+
+Example:
+The policy service receives a request with these headers:
+```
+accept-encoding: gzip, deflate
+Accept-Language: en-us
+fOO: Bar
+x-loCATion: Baz
+```
+Inside a policy these headers could be accessed as follows:
+```
+input.headers["Accept-Encoding"]
+input.headers["Accept-Language"]
+input.headers["Foo"]
+input.headers["X-Location"]
+```

 ### Policy Extensions Functions


--- a/internal/header/header.go
+++ b/internal/header/header.go
@@ -23,10 +23,18 @@ func Middleware() func(http.Handler) http.Handler {
 }

 func ToContext(ctx context.Context, r *http.Request) context.Context {
-	return context.WithValue(ctx, headerKey, r.Header)
+	headers := make(map[string]string, len(r.Header)+1)
+	for name := range r.Header {
+		headers[name] = r.Header.Get(name)
+	}
+
+	// add Host header to headers map
+	headers["Host"] = r.Host
+
+	return context.WithValue(ctx, headerKey, headers)
 }

-func FromContext(ctx context.Context) (http.Header, bool) {
-	header, ok := ctx.Value(headerKey).(http.Header)
+func FromContext(ctx context.Context) (map[string]string, bool) {
+	header, ok := ctx.Value(headerKey).(map[string]string)
 	return header, ok
 }
--- a/internal/header/header_test.go
+++ b/internal/header/header_test.go
@@ -10,10 +10,10 @@ import (
 )

 func TestMiddleware(t *testing.T) {
-	expected := http.Header{"Authorization": []string{"my-token"}}
+	expected := map[string]string{"Authorization": "my-token", "Host": "example.com"}

 	req := httptest.NewRequest("POST", "/example", nil)
-	req.Header = expected
+	req.Header = http.Header{"Authorization": []string{"my-token"}}

 	nextHandler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		value, ok := header.FromContext(r.Context())

--- a/internal/service/policy/service.go
+++ b/internal/service/policy/service.go
@@ -21,7 +21,7 @@ import (
 //go:generate counterfeiter . Storage
 //go:generate counterfeiter . RegoCache

-const HeaderKey = "header"
+const HeaderKey = "headers"

 type Cache interface {
 	Set(ctx context.Context, key, namespace, scope string, value []byte, ttl int) error

--- a/internal/service/policy/service_test.go
+++ b/internal/service/policy/service_test.go
@@ -37,7 +37,7 @@ func TestService_Evaluate(t *testing.T) {
 	testPolicyWithStaticData := `package testgroup.example default allow = false allow { data.msg == "hello world" }`

 	// prepare test policy accessing headers during evaluation
-	testPolicyAccessingHeaders := `package testgroup.example token := input.header["Authorization"]`
+	testPolicyAccessingHeaders := `package testgroup.example token := input.headers["Authorization"]`

 	// prepare test query that can be retrieved from rego queryCache
 	testQuery, err := rego.New(
@@ -347,7 +347,7 @@ func TestService_Evaluate(t *testing.T) {
 				},
 			},
 			res: &goapolicy.EvaluateResult{
-				Result: map[string]interface{}{"token": []interface{}{"my-token"}},
+				Result: map[string]interface{}{"token": "my-token"},
 			},
 		},
 		{