Attach user identification headers to response (#453)

Add X-Takahe-User and X-Takahe-User-Identity headers to response, when available, to allow for better Nginx log enrichment. Also drop these headers in Nginx so they aren't sent into the world. They probably aren't dangerous since they identfy the users _to themselves_ but strip it for now, just in case.
2023-01-20 16:20:14 -08:00 · 2023-01-20 16:20:14 -08:00 · 46947279b0
parent 349e1b8801
commit 46947279b0
2 changed files with 10 additions and 0 deletions
--- a/docker/nginx.conf.d/default.conf.tpl
+++ b/docker/nginx.conf.d/default.conf.tpl
@ -25,6 +25,10 @@ server {
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_http_version 1.1;

+    # The user header is available for logging, but not returned to the client
+    proxy_hide_header X-Takahe-User;
+    proxy_hide_header X-Takahe-Identity;
+
    # Serve robots.txt from the non-collected dir as a special case.
    location /robots.txt {
        alias /takahe/static/robots.txt;
--- a/users/middleware.py
+++ b/users/middleware.py
@ -30,4 +30,10 @@ class IdentityMiddleware:
                    request.identity = None

        response = self.get_response(request)
+
+        if request.user:
+            response.headers["X-Takahe-User"] = str(request.user)
+        if request.identity:
+            response.headers["X-Takahe-Identity"] = str(request.identity)
+
        return response