disable auth in UpgradeHTTPS if it's required

snapp-incubator · Sep 7, 2024 · a27b68d · a27b68d
1 parent ee3760f
commit a27b68d
Showing 1 changed file with 5 additions and 0 deletions.
diff --git a/internal/envoy/v3/route.go b/internal/envoy/v3/route.go
@@ -131,6 +131,11 @@ func buildRoute(dagRoute *dag.Route, vhostName string, secure bool) *envoy_route
 		// envoy.RouteRoute. Currently the DAG processor adds any HTTP->HTTPS
 		// redirect routes to *both* the insecure and secure vhosts.
 		route.Action = UpgradeHTTPS()
+		if dagRoute.AuthDisabled {
+			route.TypedPerFilterConfig["envoy.filters.http.ext_authz"] = routeAuthzDisabled()
+		} else if len(dagRoute.AuthContext) > 0 {
+			route.TypedPerFilterConfig["envoy.filters.http.ext_authz"] = routeAuthzContext(dagRoute.AuthContext)
+		}
 	case dagRoute.DirectResponse != nil:
 		route.Action = routeDirectResponse(dagRoute.DirectResponse)
 	case dagRoute.Redirect != nil: