From a83a5c765655421d4c6b25375f431a773850192c Mon Sep 17 00:00:00 2001
From: ken-scarf <ken.aguilar@scarf.sh>
Date: Thu, 19 Sep 2024 11:55:45 -0500
Subject: [PATCH] basic auth case

when basic auth is present, proxy.
this ps also adds the test case for the basic auth case.
---
 src/Scarf/Gateway/Rule/Docker.hs          |  4 ++++
 test/golden/docker-basic-auth.output.body |  0
 test/golden/docker-basic-auth.output.yaml | 14 ++++++++++++++
 test/golden/docker-basic-auth.yaml        | 12 ++++++++++++
 4 files changed, 30 insertions(+)
 create mode 100644 test/golden/docker-basic-auth.output.body
 create mode 100644 test/golden/docker-basic-auth.output.yaml
 create mode 100644 test/golden/docker-basic-auth.yaml

diff --git a/src/Scarf/Gateway/Rule/Docker.hs b/src/Scarf/Gateway/Rule/Docker.hs
index cbc0746..062e4e2 100644
--- a/src/Scarf/Gateway/Rule/Docker.hs
+++ b/src/Scarf/Gateway/Rule/Docker.hs
@@ -151,6 +151,10 @@ redirectOrProxy request domain alwaysProxy !capture ResponseBuilder {..}
   | alwaysProxy =
       -- Proxy request unconditionally
       proxyTo (const capture) domain
+  -- when a basic authorization header is present, it will be proxied
+  | Just authHeader <- lookup "Authorization" (Wai.requestHeaders request),
+    "Basic" `ByteString.isPrefixOf` authHeader =
+      proxyTo (const capture) domain
   | shouldRedirectDockerRequest request =
       -- As with the Host header we have to respect the proxy protocol
       -- when redirecting.
diff --git a/test/golden/docker-basic-auth.output.body b/test/golden/docker-basic-auth.output.body
new file mode 100644
index 0000000..e69de29
diff --git a/test/golden/docker-basic-auth.output.yaml b/test/golden/docker-basic-auth.output.yaml
new file mode 100644
index 0000000..62c48f9
--- /dev/null
+++ b/test/golden/docker-basic-auth.output.yaml
@@ -0,0 +1,14 @@
+capture: |-
+  Just
+    DockerCapture
+      { dockerCaptureImage = [ "library" , "enterprise" ]
+      , dockerCaptureReference = "latest"
+      , dockerCaptureBackendRegistry = "ghcr.io"
+      , dockerCapturePackage =
+          Just "d7e7f172-67af-4b5b-ba6d-c9eab0903b0c"
+      , dockerCaptureAutoCreate = Nothing
+      }
+headers:
+  Location: https://ghcr.io/v2/library/enterprise/manifests/latest
+  X-This-Request-Was-Proxied: '1'
+status: 307
diff --git a/test/golden/docker-basic-auth.yaml b/test/golden/docker-basic-auth.yaml
new file mode 100644
index 0000000..5e9fc6f
--- /dev/null
+++ b/test/golden/docker-basic-auth.yaml
@@ -0,0 +1,12 @@
+path: /v2/library/enterprise/manifests/latest
+headers:
+  Host: mariadb.com
+  Authorization: Basic ZGVtbzpwQDU1dzByZA==
+manifest:
+  rules:
+    - type:  docker-v1
+      repository-name: library/enterprise
+      domain: mariadb.com
+      registry: ghcr.io
+      package-id: "d7e7f172-67af-4b5b-ba6d-c9eab0903b0c"
+