From 88978d91edca16f9c6a4177b5ed997bc12486b29 Mon Sep 17 00:00:00 2001
From: vlad <vlad@drivergrp.com>
Date: Wed, 26 Oct 2016 20:06:38 -0400
Subject: Request tracing and audit logging

---
 src/main/scala/xyz/driver/core/auth.scala | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

(limited to 'src/main/scala/xyz/driver/core/auth.scala')

diff --git a/src/main/scala/xyz/driver/core/auth.scala b/src/main/scala/xyz/driver/core/auth.scala
index 874f1e1..17f89c0 100644
--- a/src/main/scala/xyz/driver/core/auth.scala
+++ b/src/main/scala/xyz/driver/core/auth.scala
@@ -72,12 +72,13 @@ object auth {
 
   final case class Base64[T](value: String)
 
-  final case class AuthToken(value: Base64[Macaroon])
+  final case class AuthToken(value: Base64[Macaroon], trackingId: String)
 
   final case class PasswordHash(value: String)
 
   object AuthService {
     val AuthenticationTokenHeader = "WWW-Authenticate"
+    val TrackingIdHeader          = "l5d-ctx-trace" // https://linkerd.io/doc/0.7.4/linkerd/protocol-http/
   }
 
   trait AuthService[U <: User] {
@@ -90,16 +91,20 @@ object auth {
     def authorize(permissions: Permission*): Directive1[(AuthToken, U)] = {
       parameters('authToken.?).flatMap { parameterTokenValue =>
         optionalHeaderValueByName(AuthService.AuthenticationTokenHeader).flatMap { headerTokenValue =>
-          verifyAuthToken(headerTokenValue.orElse(parameterTokenValue), permissions.toSet)
+          optionalHeaderValueByName(AuthService.TrackingIdHeader).flatMap { trackingIdValue =>
+            verifyAuthToken(headerTokenValue.orElse(parameterTokenValue), trackingIdValue, permissions.toSet)
+          }
         }
       }
     }
 
     private def verifyAuthToken(tokenOption: Option[String],
+                                trackingIdValue: Option[String],
                                 permissions: Set[Permission]): Directive1[(AuthToken, U)] =
       tokenOption match {
         case Some(tokenValue) =>
-          val token = AuthToken(Base64[Macaroon](tokenValue))
+          val trackingId = trackingIdValue.getOrElse(java.util.UUID.randomUUID.toString)
+          val token      = AuthToken(Base64[Macaroon](tokenValue), trackingId)
 
           onComplete(authStatus(token).run).flatMap { tokenUserResult =>
             checkPermissions(tokenUserResult, permissions, token)
-- 
cgit v1.2.3