func (h *HTTPFront) ServeHTTP(w http.ResponseWriter, r *http.Request) {
path := r.URL.Path
method := r.Method
// service healthcheck
if (method == "HEAD" || method == "GET") && (path == "/status" || path == "/lb") {
if !h.InRotation() {
http.Error(w, `server out of rotation`, http.StatusNotFound)
return
}
if method == "GET" {
w.Write([]byte("OK"))
}
return
}
if method == "GET" && path == "/saml" {
url, err := h.SAMLRequest()
if err != nil {
http.Error(w, err.Error(), http.StatusNotFound)
return
}
http.Redirect(w, r, url, http.StatusFound)
return
}
if method == "GET" && path == "/oidc" {
u, err := url.ParseQuery(r.URL.RawQuery)
if err != nil {
http.Error(w, `error parsing query string`, http.StatusBadRequest)
return
}
d := u.Get("domain")
if d == "" {
http.Error(w, `domain not found`, http.StatusBadRequest)
return
}
url, err := h.OIDCRequest(d, "https://"+r.Host+"/oidcsso")
if err != nil {
http.Error(w, err.Error(), http.StatusNotFound)
return
}
http.Redirect(w, r, url, http.StatusFound)
}
if method != "POST" || (path != "/lookup" && path != "/update") {
http.Error(w, `this server only supports queries of the POST /lookup or POST /update`, http.StatusNotFound)
return
}
pf := &proto.LookupProof{}
var err error
ctx := context.Background()
if path == "/lookup" {
pf, err = h.doLookup(r.Body, ctx)
if err != nil {
http.Error(w, err.Error(), http.StatusBadRequest)
return
}
} else if path == "/update" {
pf, err = h.doUpdate(r.Body, ctx)
if err != nil {
status := http.StatusBadRequest
if h.IsAuthExpired(err) {
status = http.StatusUnauthorized
}
http.Error(w, err.Error(), status)
return
}
}
// preserve the original field name
marshaler := jsonpb.Marshaler{OrigName: true}
err = marshaler.Marshal(w, pf)
if err != nil {
http.Error(w, `Internal server error`, http.StatusInternalServerError)
return
}
w.Header().Set("Content-Type", "application/json")
return
}
