Forward freeradius attributes to an external api using rlm_rest - freeradius

I am proxying the radius request to an external radius server for a specific realm.once the external radius replies back with an access accept packet and other attributes,I want to forward the attributes to an External api for some processing.
How can I achieve this?
I have configured my freeradius rest file with the appropriate endpoint and the default file under sites-enabled to forward the request to rest.

What I suggest you do is package the attributes in a JSON post to the external API via the rlm_rest post_proxy.
Configure your rest module as needed and grab the attributes you want to send over the wire.
post-proxy {
uri = "${..connect_uri}/at"
method = 'post'
body = 'json'
data = '{"User-Name":"%{User-Name}","User-Password":"%{User-Password}","NAS-IP-Address":"%{NAS-IP-Address}","NAS-Port":"%{NAS-Port}","Event-Timestamp":"%{Event-Timestamp}"}'
}

Related

Is there any way, how to get the redirect uri?

Background:
Let's have a WebAssembly (wasm) originating from .net code.
This wasm uses HttpClient and HttpClientHandler to access a backend API at https://api.uri.
The actual backend API location might change in time (like https://api.uri/version-5), but there is still this fixed endpoint, which provides redirection (3xx response) to the current location (which is in the same domain).
The API allows CORS, meaning it sends e.g. Access-Control-Allow-Origin: * headers in the responses.
In the normal (non-wasm) world, one just:
Plainly GETs the https://api.uri with no additional headers (CORS safe).
Retrieve the Location: header (containing e.g. https://api.uri/version-5) from the 3xx response as the final URI.
GETs/POSTs the final URI with additional headers (as needed, e.g. custom, auth, etc.).
Note: In ideal world, the redirection is handled transparently and the first two steps can just be omitted.
Although in the wasm world:
You are not allowed to (let the wasm/browser) send the OPTIONS pre-flight requests to a redirecting endpoint (https://api.uri).
You can't send any non-cors headers, when wanting to prevent pre-flight requests (reason for two stages, plain and full, described above).
You can't see the Location: header value (like https://api.uri/version-5) when trying the manual redirection (HttpClientHandler.AllowAutoRedirect = false), because the response is just artificially crafted with HTTP status code of 0 and ReasonPhrase == "opaqueredirect" - adoption to browser's Fetch API. What a nonsense! #1...
You can't see the auto-followed Location: header value in response.RequestMessage?.RequestUri, when trying the (default) automatic redirection (HttpClientHandler.AllowAutoRedirect = true), because there is still the original URI (https://api.uri) instead of the very expected auto-followed one (https://api.uri/version-5). What a nonsense! #2...
You can't send the full blown request with all the headers and rely on the automatic redirection, because it would trigger pre-flight, which is sill not allowed on redirecting endpoint.
So, the obvious question is:
Is there ANY way, how to handle such simple scenario from the Web Assembly?
(and not crash on CORS)
GET https://api.uri => 3xx, Location: https://api.uri/version-5
GET https://api.uri/version-5, Authorization: Basic BlaBlaBase64= ; Custom: Cool-Value => 200
Note: All this has been discovered within the Uno Platform wasm head, but I believe it applies for any .net wasm.
Note: I also guess "disabled" CORS (on the request side, via Sec-Fetch-Mode: no-cors) wouldn't help either, as then such request is not allowed to have additional headers/methods, right?

Do a http request from lua before haproxy routing a request

I have a Lua proxy that needs to route requests. Each request destination is established based on the response from another HTTP request with a header from the initial request. My understanding is that HAProxy is an event-driven software, so blocking system calls are absolutely forbidden and my code is blocking because is doing an HTTP request.
I read about yielding after the request but I think it won't help since the HTTP request is already started. The library for doing the request is https://github.com/JakobGreen/lua-requests#simple-requests
local requests = require('requests')
core.register_fetches('http_backend', function(txn)
local dest = txn.sf:req_fhdr('X-dest')
local url = "http://127.0.0.1:8080/service";
local response = requests.get(url.."/"+dest);
local json = response.json()
return json.field
end )
How do I convert my code to be non-blocking?
You should consider using HAProxy's SPOE which was created exactly for these blocking scenarios.
I managed to do it using Lua. The thing I was making wrong was using require('requests') this is blocking. Ideally for HA never use a Lua external library. I have to deal with plain sockets and do an HTTP request and very important to use HA core method core.tcp() instead of Lua sockets.

Signing http request with Akka HTTP client for oauth1

I'm trying to find a way for executing http requests with OAuth authorization. Basically I already have all required secrets/tokens
For sending such request should be signed in a rather tricky way described here: https://oauth1.wp-api.org/docs/basics/Signing.html
Are there any libraries/examples for this suitable for Akka HTTP client's API?
Since I didn't find any solution for that, I've implemented method for GET-requests:
https://gist.github.com/Blackmorse/cdb5e13d749e7902ad47d5a168dd23ca
Usage:
E.g. you want request data from s"$URL/$API_ENDPOINT?param1=value1&param2=value2".
To construct the Akks's akka.http.scaladsl.model.HttpRequest object:
val request = create(Map("param1" -> "value1", "param2" -> "value2"))
And use it:
Source.single((request, someData)).via(Http().cachedHostConnectionPoolHttps[T](URL))

Proxying MultiPart form requests in Grails

I have a Grails controller that receives a DefaultMultipartHttpServletRequest like so:
def myController() {
DefaultMultipartHttpServletRequest proxyRequest = (DefaultMultipartHttpServletRequest) request
}
This controller acts as a proxy by taking pieces of this request and then resends the request to another destination.
For non-multipart requests, this worked fine, I did something like:
IProxyService service = (IProxyService) clientFactory.create()
Response response = service.doPOST(proxyRequest.getRequestBody())
Where proxyRequest.getRequestBody() contains a JSON block containing the request payload.
However, I do not know how to get this to work with multipart request payload, since the request body is no longer a simple block of JSON, but something like the following (taken from Chrome devtools):
How can I can pass this request payload through using my proxy service above, where doPost takes a String?
Have you tried
def parameterValue = request.getParameter("parameterName")
to get the parameter value?
If you see the method signatures for DefaultMultipartHttpServletRequest you will see there are methods for getting the files and other parameters separately because the request body is getting used to both upload the file and to pass in other parameters.

Setting content type/ encoding in Jersey REST Client

HI I have been trying to call REST POST API using jersey REST Client. The API is docs is
URL:
METHOD: POST
Header Info:-
X-GWS-APP-NAME: XYZ
Accept: application/json or application/xml
My Sample Jersey client code is
Client client = Client.create();
WebResource resource=client.resource(URL);
resource.accept(javax.ws.rs.core.MediaType.APPLICATION_XML);
resource.type(javax.ws.rs.core.MediaType.APPLICATION_XML);
resource.type("charset=utf-8");
ClientResponse response = resource.post(ClientResponse.class,myReqObj);
I have been trying this code variation since last 1 week and it is not working. Any help in this regard is highly appreciated.
The tricky part is that the WebResource methods follows the Builder design pattern so it returns a Builder object which you need to preserve and carry on as you call further methods to set the full context of the request.
When you do resource.accept, it returns something you don't store, so it's lost when you do resource.type and therefore only your last call takes effect.
You'd typically set all the criterias in one line, but you could also save the output in a local variable.
ClientResponse response = client.resource(URL)
.accept(MediaType.APPLICATION_XML)
.type(MediaType.APPLICATION_XML)
.post(ClientResponse.class,myReqObj);
I do like that.
Response response = webTarget.request(MediaType.APPLICATION_JSON_TYPE)
.accept(MediaType.APPLICATION_JSON_TYPE)
.post(Entity.entity(a, "application/json; charset=UTF-8"));
here, 'a' is account class instance which like
#XmlRootElement
public class account {
...
...
}

Resources