generic header checker

telefonicaid · Oct 10, 2024 · a9135d0 · a9135d0
1 parent 8bdd7b5
commit a9135d0
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 13 deletions.
diff --git a/README.md b/README.md
@@ -501,10 +501,10 @@ configAccessMatch.body = [
 ];
 ```
 
-When any of theses patterns maches in current access message access is added with `MATCHED <element> <value>` , where `<element>` would be: `USER`, `HEADER Service`, `HEADER SubService`, `HEADER Origin`, `SUBPATH`, `SUBQUERY`, `BODY` and `<value>` the value which matches. For example:
+When any of theses patterns maches in current access message access is added with `MATCHED <element> <value>` , where `<element>` would be: `USER`, `HEADER <header-name>`, `SUBPATH`, `SUBQUERY`, `BODY` and `<value>` the value which matches. For example:
 
 ```
-{"level":"info","message":"Right Attempt MATCHED HEADER Service smartcity | ResponseStatus=200 | Token=gAAAAABnBPgPrgwpcAkbQOZIryu5ADUIScyorN3vbPYbTJxTE5AF3RO1y25Tf-sL3EKzvfr_1U3u8IL8ylB4e4B_vD5yZjc9rnrSIqoiC77B7uZ1O1xZCyukq_MkjRxJLqA9yQ5lQtAQCC6ig7Kn5uPhpPD-mhVb7kyQjUw1QjtCiyP7UKXZvKU | Origin=172.17.0.22 | UserId=753b954985bf460fabbd6953c71d50c7 | UserName=adm1 | ServiceId=9f710408f5944c3993db600810e97c83 | Service=smartcity | SubServiceId=/ | SubService=/ | Action=read | Path=/v2/entities | Query={\"limit\":\"15\",\"offset\":\"0\",\"options\":\"count\"} | Body={} | Date=2024-10-08T09:25:30.441Z","timestamp":"2024-10-08T09:25:30.441Z"}
+{"level":"info","message":"Right Attempt MATCHED HEADER fiware-service smartcity | ResponseStatus=200 | Token=gAAAAABnBPgPrgwpcAkbQOZIryu5ADUIScyorN3vbPYbTJxTE5AF3RO1y25Tf-sL3EKzvfr_1U3u8IL8ylB4e4B_vD5yZjc9rnrSIqoiC77B7uZ1O1xZCyukq_MkjRxJLqA9yQ5lQtAQCC6ig7Kn5uPhpPD-mhVb7kyQjUw1QjtCiyP7UKXZvKU | Origin=172.17.0.22 | UserId=753b954985bf460fabbd6953c71d50c7 | UserName=adm1 | ServiceId=9f710408f5944c3993db600810e97c83 | Service=smartcity | SubServiceId=/ | SubService=/ | Action=read | Path=/v2/entities | Query={\"limit\":\"15\",\"offset\":\"0\",\"options\":\"count\"} | Body={} | Date=2024-10-08T09:25:30.441Z","timestamp":"2024-10-08T09:25:30.441Z"}
 ```
 Account log has three modes: `all`, `matched`, `wrong`. First one `all` includes right and wrong access regardles if matches or not. Second one `matched` includes all wrong and just rigth matches acess. And `wrong` monde only includes all wrong access, regardless is maches or not with patterns.
 

diff --git a/lib/middleware/proxy.js b/lib/middleware/proxy.js
@@ -209,17 +209,10 @@ function checkAccessMatches(req, accessMsg) {
         accessMsg += ' MATCHED USER ' + req.userName;
     }
     for (var header of configAccessMatch.headers) {
-        if (Object.keys(header).includes('fiware-service')) {
-            if (req.service.includes(header['fiware-service'])) {
-                accessMsg += ' MATCHED HEADER Service ' + header['fiware-service'];
-            }
-        } else if (Object.keys(header).includes('fiware-servicepath')) {
-            if (req.subService.includes(header['fiware-servicepath'])) {
-                accessMsg += ' MATCHED HEADER SubService ' + header['fiware-servicepath'];
-            }
-        } else if (Object.keys(header).includes('x-real-ip')) {
-            if (req.connection.remoteAddress.includes(header['x-real-ip'])) {
-                accessMsg += ' MATCHED HEADER Origin ' + header['x-real-ip'];
+        var headerName = Object.keys(header)[0];
+        if (Object.keys(req.headers).includes(headerName)) {
+            if (req.headers[headerName] === header[headerName]) {
+                accessMsg += ' MATCHED HEADER ' + headerName + ' ' + header[headerName];
             }
         }
     }