diff --git a/kibana-reports/server/routes/lib/createReport.ts b/kibana-reports/server/routes/lib/createReport.ts index b194165c..7d3106ff 100644 --- a/kibana-reports/server/routes/lib/createReport.ts +++ b/kibana-reports/server/routes/lib/createReport.ts @@ -30,7 +30,7 @@ import { createSavedSearchReport } from '../utils/savedSearchReportHelper'; import { ReportSchemaType } from '../../model'; import { CreateReportResultType } from '../utils/types'; import { createVisualReport } from '../utils/visual_report/visualReportHelper'; -import { SetCookie } from 'puppeteer-core'; +import { SetCookie, Headers } from 'puppeteer-core'; import { deliverReport } from './deliverReport'; import { updateReportState } from './updateReportState'; import { saveReport } from './saveReport'; @@ -114,6 +114,16 @@ export const createReport = async ( } }); } + // If header exists assuming that it needs forwarding + let additionalHeaders: Headers | undefined; + if (request.headers[SECURITY_CONSTANTS.PROXY_AUTH_USER_HEADER]) { + additionalHeaders = {} + additionalHeaders[SECURITY_CONSTANTS.PROXY_AUTH_USER_HEADER] = request.headers[SECURITY_CONSTANTS.PROXY_AUTH_USER_HEADER]; + additionalHeaders[SECURITY_CONSTANTS.PROXY_AUTH_IP_HEADER] = request.headers[SECURITY_CONSTANTS.PROXY_AUTH_IP_HEADER]; + if (request.headers[SECURITY_CONSTANTS.PROXY_AUTH_ROLES_HEADER]) { + additionalHeaders[SECURITY_CONSTANTS.PROXY_AUTH_ROLES_HEADER] = request.headers[SECURITY_CONSTANTS.PROXY_AUTH_ROLES_HEADER] + } + } const [value, release] = await semaphore.acquire(); try { createReportResult = await createVisualReport( @@ -121,6 +131,7 @@ export const createReport = async ( completeQueryUrl, logger, cookieObject, + additionalHeaders, timezone ); } finally { diff --git a/kibana-reports/server/routes/utils/constants.ts b/kibana-reports/server/routes/utils/constants.ts index 1df80057..79f1ec5b 100644 --- a/kibana-reports/server/routes/utils/constants.ts +++ b/kibana-reports/server/routes/utils/constants.ts @@ -78,6 +78,9 @@ export const DEFAULT_REPORT_HEADER = '

Open Distro Kibana Reports

'; export const SECURITY_CONSTANTS = { AUTH_COOKIE_NAME: 'security_authentication', TENANT_LOCAL_STORAGE_KEY: 'opendistro::security::tenant::show_popup', + PROXY_AUTH_USER_HEADER: 'x-proxy-user', + PROXY_AUTH_ROLES_HEADER: 'x-proxy-roles', + PROXY_AUTH_IP_HEADER: 'x-forwarded-for', }; export const CHROMIUM_PATH = `${__dirname}/../../../.chromium/headless_shell`; diff --git a/kibana-reports/server/routes/utils/visual_report/visualReportHelper.ts b/kibana-reports/server/routes/utils/visual_report/visualReportHelper.ts index 7da340da..9266ffe8 100644 --- a/kibana-reports/server/routes/utils/visual_report/visualReportHelper.ts +++ b/kibana-reports/server/routes/utils/visual_report/visualReportHelper.ts @@ -13,7 +13,7 @@ * permissions and limitations under the License. */ -import puppeteer, { ElementHandle, SetCookie } from 'puppeteer-core'; +import puppeteer, { ElementHandle, SetCookie, Headers } from 'puppeteer-core'; import createDOMPurify from 'dompurify'; import { JSDOM } from 'jsdom'; import { Logger } from '../../../../../../src/core/server'; @@ -36,6 +36,7 @@ export const createVisualReport = async ( queryUrl: string, logger: Logger, cookie?: SetCookie, + additionalheaders?: Headers, timezone?: string ): Promise => { const { @@ -105,6 +106,10 @@ export const createVisualReport = async ( logger.info('domain enables security, use session cookie to access'); await page.setCookie(cookie); } + if (additionalheaders) { + logger.info('domain passed proxy auth headers, passing to backend'); + await page.setExtraHTTPHeaders(additionalheaders); + } logger.info(`original queryUrl ${queryUrl}`); await page.goto(queryUrl, { waitUntil: 'networkidle0' }); // should add to local storage after page.goto, then access the page again - browser must have an url to register local storage item on it