From 14742ea44a46384bc165b5f3d19b01577cfe04ce Mon Sep 17 00:00:00 2001 From: Will Browne Date: Fri, 5 Nov 2021 14:07:04 +0000 Subject: [PATCH] add oauth pass thru logic to api/ds/query (#41352) --- pkg/api/metrics.go | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/pkg/api/metrics.go b/pkg/api/metrics.go index a86567e6033..13e57b9ad24 100644 --- a/pkg/api/metrics.go +++ b/pkg/api/metrics.go @@ -1,7 +1,9 @@ package api import ( + "context" "errors" + "fmt" "net/http" "time" @@ -84,7 +86,7 @@ func (hs *HTTPServer) QueryMetricsV2(c *models.ReqContext, reqDTO dtos.MetricReq return response.Error(http.StatusForbidden, "Access denied", err) } - req, err := hs.createRequest(ds, request) + req, err := hs.createRequest(c.Req.Context(), ds, request) if err != nil { return response.Error(http.StatusBadRequest, "Request formation error", err) } @@ -224,12 +226,24 @@ func (hs *HTTPServer) QueryMetrics(c *models.ReqContext, reqDto dtos.MetricReque } // nolint:staticcheck // plugins.DataQueryResponse deprecated -func (hs *HTTPServer) createRequest(ds *models.DataSource, query plugins.DataQuery) (*backend.QueryDataRequest, error) { +func (hs *HTTPServer) createRequest(ctx context.Context, ds *models.DataSource, + query plugins.DataQuery) (*backend.QueryDataRequest, error) { instanceSettings, err := adapters.ModelToInstanceSettings(ds, hs.decryptSecureJsonDataFn()) if err != nil { return nil, err } + if query.Headers == nil { + query.Headers = make(map[string]string) + } + + if hs.OAuthTokenService.IsOAuthPassThruEnabled(ds) { + if token := hs.OAuthTokenService.GetCurrentOAuthToken(ctx, query.User); token != nil { + delete(query.Headers, "Authorization") + query.Headers["Authorization"] = fmt.Sprintf("%s %s", token.Type(), token.AccessToken) + } + } + req := &backend.QueryDataRequest{ PluginContext: backend.PluginContext{ OrgID: ds.OrgId,