@@ -7,14 +7,14 @@ import (
77 "github.com/OctopusSolutionsEngineering/OctopusTerraformExport/cmd/internal/environment"
88 "github.com/OctopusSolutionsEngineering/OctopusTerraformExport/cmd/internal/logger"
99 "github.com/OctopusSolutionsEngineering/OctopusTerraformExport/cmd/internal/strutil"
10+ "github.com/samber/lo"
1011 "go.uber.org/zap"
1112 "io"
1213 "log"
1314 "net/http"
1415 "net/url"
1516 "os"
1617 "path/filepath"
17- "strconv"
1818 "strings"
1919)
2020
@@ -41,27 +41,13 @@ func octoterraHandler(w http.ResponseWriter, r *http.Request) {
4141 // Allow the more sensitive values to be passed as headers
4242 apiKey := r .Header .Get ("X-Octopus-ApiKey" )
4343 accessToken := r .Header .Get ("X-Octopus-AccessToken" )
44- octopusUrl := r .Header .Get ("X-Octopus-Url" )
44+ url := r .Header .Get ("X-Octopus-Url" )
4545 redirectorRedirections := r .Header .Get ("X_REDIRECTION_REDIRECTIONS" )
4646 redirectorApiKey := r .Header .Get ("X_REDIRECTION_API_KEY" )
4747 redirectorServiceApiKey , _ := os .LookupEnv ("REDIRECTION_SERVICE_API_KEY" )
4848 redirectorHost , _ := os .LookupEnv ("REDIRECTION_HOST" )
49- disableRedirector , _ := os .LookupEnv ("DISABLE_REDIRECTION" )
5049
51- parsedUrl , err := url .Parse (octopusUrl )
52-
53- if err != nil {
54- handleError (err , w )
55- return
56- }
57-
58- disableRedirectorParsed , err := strconv .ParseBool (disableRedirector )
59-
60- if err != nil {
61- disableRedirectorParsed = false
62- }
63-
64- useRedirector := ! disableRedirectorParsed && ! hostIsCloudOrLocal (parsedUrl .Hostname ()) && redirectorServiceApiKey != "" && redirectorHost != ""
50+ enableRedirector , err := useRedirector (url , redirectorServiceApiKey , redirectorHost , redirectorRedirections , redirectorApiKey )
6551
6652 respBytes , err := io .ReadAll (r .Body )
6753
@@ -119,12 +105,12 @@ func octoterraHandler(w http.ResponseWriter, r *http.Request) {
119105 commandLineArgs = append (commandLineArgs , "-accessToken" , accessToken )
120106 }
121107
122- if octopusUrl != "" {
123- commandLineArgs = append (commandLineArgs , "-url" , octopusUrl )
108+ if url != "" {
109+ commandLineArgs = append (commandLineArgs , "-url" , url )
124110 }
125111
126- if useRedirector {
127- zap .L ().Info ("Using redirector for host " + octopusUrl )
112+ if enableRedirector {
113+ zap .L ().Info ("Using redirector for host " + url )
128114 commandLineArgs = append (commandLineArgs , "-useRedirector" )
129115 commandLineArgs = append (commandLineArgs , "-redirectorHost" , redirectorHost )
130116 commandLineArgs = append (commandLineArgs , "-redirectorServiceApiKey" , redirectorServiceApiKey )
@@ -158,6 +144,35 @@ func octoterraHandler(w http.ResponseWriter, r *http.Request) {
158144 }
159145}
160146
147+ func useRedirector (octopusUrl string , redirectorServiceApiKey string , redirectorHost string , redirections string , redirectorApiKey string ) (bool , error ) {
148+ parsedUrl , err := url .Parse (octopusUrl )
149+
150+ if err != nil {
151+ return false , err
152+ }
153+
154+ bypassList := environment .GetRedirectionBypass ()
155+
156+ // Allow bypassing specific domains via environment variable
157+ if lo .Contains (bypassList , parsedUrl .Hostname ()) {
158+ return false , nil
159+ }
160+
161+ // Allow forcing all traffic through the redirection service
162+ if environment .GetRedirectionForce () {
163+ return true , nil
164+ }
165+
166+ // All redirections can be disabled via environment variable
167+ if environment .GetRedirectionDisable () {
168+ return false , nil
169+ }
170+
171+ return redirectorServiceApiKey != "" && redirectorHost != "" &&
172+ (! hostIsCloudOrLocal (parsedUrl .Hostname ()) ||
173+ (redirections != "" && redirectorApiKey != "" )), nil
174+ }
175+
161176// sanitizeConfig removes sensitive information from the config so it is not
162177// persisted to the disk.
163178func sanitizeConfig (rawConfig []byte ) ([]byte , error ) {
0 commit comments