Minor changes

main.go

@@ -110,7 +110,7 @@ func main() {
 	// Service path for sync invocations (only if ServerlessBackend is enabled)
 	syncBack, ok := back.(types.SyncBackend)
 	if cfg.ServerlessBackend != "" && ok {
-		r.POST("/run/:serviceName", auth.GetAuthMiddleware(cfg, kubeClientset), auth.GetLoggerMiddleware(), handlers.MakeRunHandler(cfg, syncBack))
+		r.POST("/run/:serviceName", auth.GetLoggerMiddleware(), handlers.MakeRunHandler(cfg, syncBack))
 	}
 
 	// System info path

pkg/handlers/run.go

@@ -80,6 +80,16 @@ func MakeRunHandler(cfg *types.Config, back types.SyncBackend) gin.HandlerFunc {
 				c.String(http.StatusUnauthorized, "this user isn't enrrolled on the vo: %v", service.VO)
 				return
 			}
+
+			ui, err := oidcManager.GetUserInfo(rawToken)
+			if err != nil {
+				c.String(http.StatusInternalServerError, err.Error())
+				return
+			}
+			uid := ui.Subject
+			c.Set("uidOrigin", uid)
+			c.Next()
+
 		}
 
 		proxy := &httputil.ReverseProxy{

pkg/utils/auth/oidc.go

@@ -51,8 +51,8 @@ type oidcManager struct {
 
 // userInfo custom struct to store essential fields from UserInfo
 type userInfo struct {
-	subject string
-	groups  []string
+	Subject string
+	Groups  []string
 }
 
 // newOIDCManager returns a new oidcManager or error if the oidc.Provider can't be created
@@ -101,12 +101,12 @@ func getOIDCMiddleware(kubeClientset *kubernetes.Clientset, minIOAdminClient *ut
 			return
 		}
 
-		ui, err := oidcManager.getUserInfo(rawToken)
+		ui, err := oidcManager.GetUserInfo(rawToken)
 		if err != nil {
 			c.String(http.StatusInternalServerError, fmt.Sprintf("%v", err))
 			return
 		}
-		uid := ui.subject
+		uid := ui.Subject
 
 		// Check if exist MinIO user in cached users list
 		minioUserExists := mc.UserExists(uid)
@@ -142,8 +142,8 @@ func (om *oidcManager) clearExpired() {
 	}
 }
 
-// getUserInfo obtains UserInfo from the issuer
-func (om *oidcManager) getUserInfo(rawToken string) (*userInfo, error) {
+// GetUserInfo obtains UserInfo from the issuer
+func (om *oidcManager) GetUserInfo(rawToken string) (*userInfo, error) {
 	ot := oauth2.StaticTokenSource(&oauth2.Token{AccessToken: rawToken})
 
 	// Get OIDC UserInfo
@@ -160,8 +160,8 @@ func (om *oidcManager) getUserInfo(rawToken string) (*userInfo, error) {
 
 	// Create "userInfo" struct and add the groups
 	return &userInfo{
-		subject: ui.Subject,
-		groups:  getGroups(claims.EdupersonEntitlement),
+		Subject: ui.Subject,
+		Groups:  getGroups(claims.EdupersonEntitlement),
 	}, nil
 }
 
@@ -184,11 +184,11 @@ func getGroups(urns []string) []string {
 
 // UserHasVO checks if the user contained on the request token is enrolled on a specific VO
 func (om *oidcManager) UserHasVO(rawToken string, vo string) (bool, error) {
-	ui, err := om.getUserInfo(rawToken)
+	ui, err := om.GetUserInfo(rawToken)
 	if err != nil {
 		return false, err
 	}
-	for _, gr := range ui.groups {
+	for _, gr := range ui.Groups {
 		if vo == gr {
 			return true, nil
 		}
@@ -197,10 +197,10 @@ func (om *oidcManager) UserHasVO(rawToken string, vo string) (bool, error) {
 }
 
 func (om *oidcManager) GetUID(rawToken string) (string, error) {
-	ui, err := om.getUserInfo(rawToken)
-	oidcLogger.Println("received uid: ", ui.subject)
+	ui, err := om.GetUserInfo(rawToken)
+	oidcLogger.Println("received uid: ", ui.Subject)
 	if err != nil {
-		return ui.subject, nil
+		return ui.Subject, nil
 	}
 	return "", err
 }
@@ -217,7 +217,7 @@ func (om *oidcManager) IsAuthorised(rawToken string) bool {
 	ui, found := om.tokenCache[rawToken]
 	if !found {
 		// Get userInfo from the issuer
-		ui, err = om.getUserInfo(rawToken)
+		ui, err = om.GetUserInfo(rawToken)
 		if err != nil {
 			return false
 		}
@@ -231,12 +231,12 @@ func (om *oidcManager) IsAuthorised(rawToken string) bool {
 
 	// Check if is authorised
 	// Same subject
-	if ui.subject == om.subject {
+	if ui.Subject == om.subject {
 		return true
 	}
 
 	// Groups
-	for _, tokenGroup := range ui.groups {
+	for _, tokenGroup := range ui.Groups {
 		for _, authGroup := range om.groups {
 			if tokenGroup == authGroup {
 				return true