passing default proxy-authentication headers (#329)

kibana-reports/server/routes/lib/createReport.ts

@@ -30,7 +30,7 @@ import { createSavedSearchReport } from '../utils/savedSearchReportHelper';
 import { ReportSchemaType } from '../../model';
 import { CreateReportResultType } from '../utils/types';
 import { createVisualReport } from '../utils/visual_report/visualReportHelper';
-import { SetCookie } from 'puppeteer-core';
+import { SetCookie, Headers } from 'puppeteer-core';
 import { deliverReport } from './deliverReport';
 import { updateReportState } from './updateReportState';
 import { saveReport } from './saveReport';
@@ -114,13 +114,24 @@ export const createReport = async (
           }
         });
       }
+      // If header exists assuming that it needs forwarding
+      let additionalHeaders: Headers | undefined;
+      if (request.headers[SECURITY_CONSTANTS.PROXY_AUTH_USER_HEADER]) {
+        additionalHeaders = {}
+        additionalHeaders[SECURITY_CONSTANTS.PROXY_AUTH_USER_HEADER] = request.headers[SECURITY_CONSTANTS.PROXY_AUTH_USER_HEADER];
+        additionalHeaders[SECURITY_CONSTANTS.PROXY_AUTH_IP_HEADER] = request.headers[SECURITY_CONSTANTS.PROXY_AUTH_IP_HEADER];
+        if (request.headers[SECURITY_CONSTANTS.PROXY_AUTH_ROLES_HEADER]) {
+          additionalHeaders[SECURITY_CONSTANTS.PROXY_AUTH_ROLES_HEADER] = request.headers[SECURITY_CONSTANTS.PROXY_AUTH_ROLES_HEADER]
+        }
+      }
       const [value, release] = await semaphore.acquire();
       try {
         createReportResult = await createVisualReport(
           reportParams,
           completeQueryUrl,
           logger,
           cookieObject,
+          additionalHeaders,
           timezone
         );
       } finally {

kibana-reports/server/routes/utils/constants.ts

@@ -78,6 +78,9 @@ export const DEFAULT_REPORT_HEADER = '<h1>Open Distro Kibana Reports</h1>';
 export const SECURITY_CONSTANTS = {
   AUTH_COOKIE_NAME: 'security_authentication',
   TENANT_LOCAL_STORAGE_KEY: 'opendistro::security::tenant::show_popup',
+  PROXY_AUTH_USER_HEADER: 'x-proxy-user',
+  PROXY_AUTH_ROLES_HEADER: 'x-proxy-roles',
+  PROXY_AUTH_IP_HEADER: 'x-forwarded-for',
 };
 
 export const CHROMIUM_PATH = `${__dirname}/../../../.chromium/headless_shell`;

kibana-reports/server/routes/utils/visual_report/visualReportHelper.ts

@@ -13,7 +13,7 @@
  * permissions and limitations under the License.
  */
 
-import puppeteer, { ElementHandle, SetCookie } from 'puppeteer-core';
+import puppeteer, { ElementHandle, SetCookie, Headers } from 'puppeteer-core';
 import createDOMPurify from 'dompurify';
 import { JSDOM } from 'jsdom';
 import { Logger } from '../../../../../../src/core/server';
@@ -36,6 +36,7 @@ export const createVisualReport = async (
   queryUrl: string,
   logger: Logger,
   cookie?: SetCookie,
+  additionalheaders?: Headers,
   timezone?: string
 ): Promise<CreateReportResultType> => {
   const {
@@ -105,6 +106,10 @@ export const createVisualReport = async (
     logger.info('domain enables security, use session cookie to access');
     await page.setCookie(cookie);
   }
+  if (additionalheaders) {
+    logger.info('domain passed proxy auth headers, passing to backend');
+    await page.setExtraHTTPHeaders(additionalheaders);
+  }
   logger.info(`original queryUrl ${queryUrl}`);
   await page.goto(queryUrl, { waitUntil: 'networkidle0' });
   // should add to local storage after page.goto, then access the page again - browser must have an url to register local storage item on it