Golang plugin returns nil for Session Metadata when accessing the ctx

ibuar · September 26, 2022, 7:48pm

Branch/Environment/Version

Branch/Version: v4.0.3
Environment: Hybrid

Describe the bug
Golang plugin returns nil for Session Metadata of the Tyk key when using the Tyk Auth Token in the Golang ctx.
we are using multiple auth with Auth token as base auth

Reproduction steps
Steps to reproduce the behaviour:

{
  "created_at": "2022-09-15T06:52:08Z",
  "api_model": {},
  "api_definition": {
    "api_id": "6086bf3832144e6173054bb6a7f251c2",
    "jwt_issued_at_validation_skew": 0,
    "upstream_certificates": {},
    "use_keyless": false,
    "enable_coprocess_auth": false,
    "base_identity_provided_by": "auth_token",
    "custom_middleware": {
      "pre": [],
      "post": [],
      "post_key_auth": [],
      "auth_check": {
        "name": "",
        "path": "",
        "require_session": false,
        "raw_body_only": false
      },
      "response": [],
      "driver": "",
      "id_extractor": {
        "extract_from": "",
        "extract_with": "",
        "extractor_config": {}
      }
    },
    "disable_quota": false,
    "custom_middleware_bundle": "rest-auth-v2.0.zip",
    "cache_options": {
      "cache_timeout": 60,
      "enable_cache": false,
      "cache_all_safe_requests": false,
      "cache_response_codes": [],
      "enable_upstream_cache_control": false,
      "cache_control_ttl_header": "",
      "cache_by_headers": []
    },
    "enable_ip_blacklisting": false,
    "tag_headers": [],
    "jwt_scope_to_policy_mapping": {},
    "pinned_public_keys": {},
    "expire_analytics_after": 0,
    "domain": "",
    "openid_options": {
      "providers": [],
      "segregate_by_client": false
    },
    "jwt_policy_field_name": "",
    "enable_proxy_protocol": false,
    "jwt_default_policies": [],
    "active": true,
    "jwt_expires_at_validation_skew": 0,
    "config_data": {},
    "notifications": {
      "shared_secret": "",
      "oauth_on_keychange_url": ""
    },
    "jwt_client_base_field": "",
    "auth": {
      "use_param": false,
      "param_name": "",
      "use_cookie": false,
      "cookie_name": "",
      "auth_header_name": "Authorization",
      "use_certificate": false,
      "validate_signature": false,
      "signature": {
        "algorithm": "",
        "header": "",
        "use_param": false,
        "param_name": "",
        "secret": "",
        "allowed_clock_skew": 0,
        "error_code": 0,
        "error_message": ""
      }
    },
    "check_host_against_uptime_tests": false,
    "auth_provider": {
      "name": "",
      "storage_engine": "",
      "meta": {}
    },
    "blacklisted_ips": [],
    "graphql": {
      "schema": "",
      "enabled": false,
      "engine": {
        "field_configs": [],
        "data_sources": []
      },
      "type_field_configurations": [],
      "execution_mode": "proxyOnly",
      "proxy": {
        "auth_headers": {}
      },
      "subgraph": {
        "sdl": ""
      },
      "supergraph": {
        "subgraphs": [],
        "merged_sdl": "",
        "global_headers": {},
        "disable_query_batching": false
      },
      "version": "2",
      "playground": {
        "enabled": false,
        "path": ""
      }
    },
    "hmac_allowed_clock_skew": -1,
    "dont_set_quota_on_create": false,
    "uptime_tests": {
      "check_list": [],
      "config": {
        "expire_utime_after": 0,
        "service_discovery": {
          "use_discovery_service": false,
          "query_endpoint": "",
          "use_nested_query": false,
          "parent_data_path": "",
          "data_path": "",
          "cache_timeout": 60
        },
        "recheck_wait": 0
      }
    },
    "enable_jwt": false,
    "do_not_track": false,
    "name": "HttpBin",
    "slug": "httpbin",
    "oauth_meta": {
      "allowed_access_types": [],
      "allowed_authorize_types": [],
      "auth_login_redirect": ""
    },
    "CORS": {
      "enable": false,
      "max_age": 24,
      "allow_credentials": false,
      "exposed_headers": [],
      "allowed_headers": [
        "Origin",
        "Accept",
        "Content-Type",
        "X-Requested-With",
        "Authorization"
      ],
      "options_passthrough": false,
      "debug": false,
      "allowed_origins": [
        "*"
      ],
      "allowed_methods": [
        "GET",
        "POST",
        "HEAD"
      ]
    },
    "event_handlers": {
      "events": {}
    },
    "proxy": {
      "target_url": "https://httpbin.org/anything",
      "service_discovery": {
        "endpoint_returns_list": false,
        "cache_timeout": 0,
        "parent_data_path": "",
        "query_endpoint": "",
        "use_discovery_service": false,
        "_sd_show_port_path": false,
        "target_path": "",
        "use_target_list": false,
        "use_nested_query": false,
        "data_path": "",
        "port_data_path": ""
      },
      "check_host_against_uptime_tests": false,
      "transport": {
        "ssl_insecure_skip_verify": false,
        "ssl_min_version": 0,
        "proxy_url": "",
        "ssl_ciphers": []
      },
      "target_list": [],
      "preserve_host_header": false,
      "strip_listen_path": true,
      "enable_load_balancing": false,
      "listen_path": "/httpbin",
      "disable_strip_slash": true
    },
    "client_certificates": [],
    "use_basic_auth": false,
    "version_data": {
      "not_versioned": true,
      "default_version": "",
      "versions": {
        "Default": {
          "name": "Default",
          "expires": "",
          "paths": {
            "ignored": [],
            "white_list": [],
            "black_list": []
          },
          "use_extended_paths": true,
          "extended_paths": {
            "ignored": [],
            "white_list": [],
            "black_list": [],
            "transform": [],
            "transform_response": [],
            "transform_jq": [],
            "transform_jq_response": [],
            "transform_headers": [],
            "transform_response_headers": [],
            "hard_timeouts": [],
            "circuit_breakers": [],
            "url_rewrites": [],
            "virtual": [],
            "size_limits": [],
            "method_transforms": [],
            "track_endpoints": [],
            "do_not_track_endpoints": [],
            "validate_json": [],
            "internal": []
          },
          "global_headers": {},
          "global_headers_remove": [],
          "global_response_headers": {},
          "global_response_headers_remove": [],
          "ignore_endpoint_case": false,
          "global_size_limit": 0,
          "override_target": ""
        }
      }
    },
    "jwt_scope_claim_name": "",
    "use_standard_auth": true,
    "session_lifetime": 0,
    "hmac_allowed_algorithms": [],
    "disable_rate_limit": false,
    "definition": {
      "location": "header",
      "key": "x-api-version",
      "strip_path": false
    },
    "use_oauth2": false,
    "jwt_source": "",
    "jwt_signing_method": "",
    "jwt_not_before_validation_skew": 0,
    "use_go_plugin_auth": true,
    "jwt_identity_base_field": "",
    "allowed_ips": [],
    "request_signing": {
      "is_enabled": false,
      "secret": "",
      "key_id": "",
      "algorithm": "",
      "header_list": [],
      "certificate_id": "",
      "signature_header": ""
    },
    "org_id": "63070d0df5d53500016aa725",
    "enable_ip_whitelisting": false,
    "global_rate_limit": {
      "rate": 0,
      "per": 0
    },
    "protocol": "",
    "enable_context_vars": true,
    "tags": [],
    "basic_auth": {
      "disable_caching": false,
      "cache_ttl": 0,
      "extract_from_body": false,
      "body_user_regexp": "",
      "body_password_regexp": ""
    },
    "listen_port": 0,
    "session_provider": {
      "name": "",
      "storage_engine": "",
      "meta": {}
    },
    "auth_configs": {
      "authToken": {
        "use_param": false,
        "param_name": "",
        "use_cookie": false,
        "cookie_name": "",
        "auth_header_name": "Authorization",
        "use_certificate": false,
        "validate_signature": false,
        "signature": {
          "algorithm": "",
          "header": "",
          "use_param": false,
          "param_name": "",
          "secret": "",
          "allowed_clock_skew": 0,
          "error_code": 0,
          "error_message": ""
        }
      },
      "basic": {
        "use_param": false,
        "param_name": "",
        "use_cookie": false,
        "cookie_name": "",
        "auth_header_name": "Authorization",
        "use_certificate": false,
        "validate_signature": false,
        "signature": {
          "algorithm": "",
          "header": "",
          "use_param": false,
          "param_name": "",
          "secret": "",
          "allowed_clock_skew": 0,
          "error_code": 0,
          "error_message": ""
        }
      },
      "coprocess": {
        "use_param": false,
        "param_name": "",
        "use_cookie": false,
        "cookie_name": "",
        "auth_header_name": "Authorization",
        "use_certificate": false,
        "validate_signature": false,
        "signature": {
          "algorithm": "",
          "header": "",
          "use_param": false,
          "param_name": "",
          "secret": "",
          "allowed_clock_skew": 0,
          "error_code": 0,
          "error_message": ""
        }
      },
      "hmac": {
        "use_param": false,
        "param_name": "",
        "use_cookie": false,
        "cookie_name": "",
        "auth_header_name": "Authorization",
        "use_certificate": false,
        "validate_signature": false,
        "signature": {
          "algorithm": "",
          "header": "",
          "use_param": false,
          "param_name": "",
          "secret": "",
          "allowed_clock_skew": 0,
          "error_code": 0,
          "error_message": ""
        }
      },
      "jwt": {
        "use_param": false,
        "param_name": "",
        "use_cookie": false,
        "cookie_name": "",
        "auth_header_name": "Authorization",
        "use_certificate": false,
        "validate_signature": false,
        "signature": {
          "algorithm": "",
          "header": "",
          "use_param": false,
          "param_name": "",
          "secret": "",
          "allowed_clock_skew": 0,
          "error_code": 0,
          "error_message": ""
        }
      },
      "oauth": {
        "use_param": false,
        "param_name": "",
        "use_cookie": false,
        "cookie_name": "",
        "auth_header_name": "Authorization",
        "use_certificate": false,
        "validate_signature": false,
        "signature": {
          "algorithm": "",
          "header": "",
          "use_param": false,
          "param_name": "",
          "secret": "",
          "allowed_clock_skew": 0,
          "error_code": 0,
          "error_message": ""
        }
      },
      "oidc": {
        "use_param": false,
        "param_name": "",
        "use_cookie": false,
        "cookie_name": "",
        "auth_header_name": "Authorization",
        "use_certificate": false,
        "validate_signature": false,
        "signature": {
          "algorithm": "",
          "header": "",
          "use_param": false,
          "param_name": "",
          "secret": "",
          "allowed_clock_skew": 0,
          "error_code": 0,
          "error_message": ""
        }
      }
    },
    "strip_auth_data": false,
    "id": "6322cb98ce5f4c0001e68db2",
    "certificates": [],
    "enable_signature_checking": false,
    "use_openid": false,
    "internal": false,
    "jwt_skip_kid": false,
    "enable_batch_request_support": false,
    "enable_detailed_recording": false,
    "response_processors": [],
    "use_mutual_tls_auth": false
  },
  "hook_references": [],
  "is_site": false,
  "sort_by": 0,
  "user_group_owners": [],
  "user_owners": []
}

Ubong · September 27, 2022, 8:35am

Hi @ibuar,

To help us reproduce this can you provide some part of your Go code?
The gateway version and logs?

ibuar · September 27, 2022, 9:56am

Hi @Ubong,

We are running a hybrid gateway

Version: v4.0.3
Plugin Function: MyProcessRequest
Middleware: Auth Check

func MyProcessRequest(rw http.ResponseWriter, r *http.Request) {
	endPoint := r.Method + " " + r.URL.Path
	logger.Info("Custom middleware, new hit:", endPoint)

	session := ctx.GetSession(r)

	reply := myReply{
		Session:   session,
		Endpoint:  endPoint,
		AuthToken: ctx.GetAuthToken(r),
		Def:       ctx.GetDefinition(r),
	}

	logger.Info(session)

	jsonData, err := json.Marshal(reply)
	if err != nil {
		logger.Error(err.Error())
		rw.WriteHeader(http.StatusInternalServerError)
		return
	}

	rw.Header().Set("Content-Type", "application/json")
	rw.WriteHeader(http.StatusOK)
	rw.Write(jsonData)
}

Logs:

time="Sep 27 10:12:34" level=info msg="Custom middleware, new hit:GET /httpbin/get"
time="Sep 27 10:12:34" level=info msg="<nil>"

JSON Response from middleware

{
    "session": null,
    "endpoint": "GET /httpbin/get",
    "auth_token": "",
    "def": {
        "id": "6322cb98ce5f4c0001e68db2",
        "name": "HttpBin",
        "slug": "httpbin",
        "listen_port": 0,
        "protocol": "",
        "enable_proxy_protocol": false,
        "api_id": "6086bf3832144e6173054bb6a7f251c2",
        "org_id": "63070d0df5d53500016aa725",
        "use_keyless": false,
        "use_oauth2": false,
        "use_openid": false,
        "openid_options": {
            "providers": [],
            "segregate_by_client": false
        },
        "oauth_meta": {
            "allowed_access_types": [],
            "allowed_authorize_types": [],
            "auth_login_redirect": ""
        },
        "auth": {
            "use_param": false,
            "param_name": "",
            "use_cookie": false,
            "cookie_name": "",
            "auth_header_name": "Authorization",
            "use_certificate": false,
            "validate_signature": false,
            "signature": {
                "algorithm": "",
                "header": "",
                "use_param": false,
                "param_name": "",
                "secret": "",
                "allowed_clock_skew": 0,
                "error_code": 0,
                "error_message": ""
            }
        },
        "auth_configs": {
            "authToken": {
                "use_param": false,
                "param_name": "",
                "use_cookie": false,
                "cookie_name": "",
                "auth_header_name": "Authorization",
                "use_certificate": false,
                "validate_signature": false,
                "signature": {
                    "algorithm": "",
                    "header": "",
                    "use_param": false,
                    "param_name": "",
                    "secret": "",
                    "allowed_clock_skew": 0,
                    "error_code": 0,
                    "error_message": ""
                }
            },
            "basic": {
                "use_param": false,
                "param_name": "",
                "use_cookie": false,
                "cookie_name": "",
                "auth_header_name": "Authorization",
                "use_certificate": false,
                "validate_signature": false,
                "signature": {
                    "algorithm": "",
                    "header": "",
                    "use_param": false,
                    "param_name": "",
                    "secret": "",
                    "allowed_clock_skew": 0,
                    "error_code": 0,
                    "error_message": ""
                }
            },
            "coprocess": {
                "use_param": false,
                "param_name": "",
                "use_cookie": false,
                "cookie_name": "",
                "auth_header_name": "Authorization",
                "use_certificate": false,
                "validate_signature": false,
                "signature": {
                    "algorithm": "",
                    "header": "",
                    "use_param": false,
                    "param_name": "",
                    "secret": "",
                    "allowed_clock_skew": 0,
                    "error_code": 0,
                    "error_message": ""
                }
            },
            "hmac": {
                "use_param": false,
                "param_name": "",
                "use_cookie": false,
                "cookie_name": "",
                "auth_header_name": "Authorization",
                "use_certificate": false,
                "validate_signature": false,
                "signature": {
                    "algorithm": "",
                    "header": "",
                    "use_param": false,
                    "param_name": "",
                    "secret": "",
                    "allowed_clock_skew": 0,
                    "error_code": 0,
                    "error_message": ""
                }
            },
            "jwt": {
                "use_param": false,
                "param_name": "",
                "use_cookie": false,
                "cookie_name": "",
                "auth_header_name": "Authorization",
                "use_certificate": false,
                "validate_signature": false,
                "signature": {
                    "algorithm": "",
                    "header": "",
                    "use_param": false,
                    "param_name": "",
                    "secret": "",
                    "allowed_clock_skew": 0,
                    "error_code": 0,
                    "error_message": ""
                }
            },
            "oauth": {
                "use_param": false,
                "param_name": "",
                "use_cookie": false,
                "cookie_name": "",
                "auth_header_name": "Authorization",
                "use_certificate": false,
                "validate_signature": false,
                "signature": {
                    "algorithm": "",
                    "header": "",
                    "use_param": false,
                    "param_name": "",
                    "secret": "",
                    "allowed_clock_skew": 0,
                    "error_code": 0,
                    "error_message": ""
                }
            },
            "oidc": {
                "use_param": false,
                "param_name": "",
                "use_cookie": false,
                "cookie_name": "",
                "auth_header_name": "Authorization",
                "use_certificate": false,
                "validate_signature": false,
                "signature": {
                    "algorithm": "",
                    "header": "",
                    "use_param": false,
                    "param_name": "",
                    "secret": "",
                    "allowed_clock_skew": 0,
                    "error_code": 0,
                    "error_message": ""
                }
            }
        },
        "use_basic_auth": false,
        "basic_auth": {
            "disable_caching": false,
            "cache_ttl": 0,
            "extract_from_body": false,
            "body_user_regexp": "",
            "body_password_regexp": ""
        },
        "use_mutual_tls_auth": false,
        "client_certificates": [],
        "upstream_certificates": {},
        "pinned_public_keys": {},
        "enable_jwt": false,
        "use_standard_auth": true,
        "use_go_plugin_auth": true,
        "enable_coprocess_auth": false,
        "jwt_signing_method": "",
        "jwt_source": "",
        "jwt_identity_base_field": "",
        "jwt_client_base_field": "",
        "jwt_policy_field_name": "",
        "jwt_default_policies": [],
        "jwt_issued_at_validation_skew": 0,
        "jwt_expires_at_validation_skew": 0,
        "jwt_not_before_validation_skew": 0,
        "jwt_skip_kid": false,
        "jwt_scope_to_policy_mapping": {},
        "jwt_scope_claim_name": "",
        "notifications": {
            "shared_secret": "",
            "oauth_on_keychange_url": ""
        },
        "enable_signature_checking": false,
        "hmac_allowed_clock_skew": -1,
        "hmac_allowed_algorithms": [],
        "request_signing": {
            "is_enabled": false,
            "secret": "",
            "key_id": "",
            "algorithm": "",
            "header_list": [],
            "certificate_id": "",
            "signature_header": ""
        },
        "base_identity_provided_by": "auth_token",
        "definition": {
            "location": "header",
            "key": "x-api-version",
            "strip_path": false
        },
        "version_data": {
            "not_versioned": true,
            "default_version": "",
            "versions": {
                "Default": {
                    "name": "Default",
                    "expires": "",
                    "paths": {
                        "ignored": [],
                        "white_list": [],
                        "black_list": []
                    },
                    "use_extended_paths": true,
                    "extended_paths": {},
                    "global_headers": {},
                    "global_headers_remove": [],
                    "global_response_headers": {},
                    "global_response_headers_remove": [],
                    "ignore_endpoint_case": false,
                    "global_size_limit": 0,
                    "override_target": ""
                }
            }
        },
        "uptime_tests": {
            "check_list": [],
            "config": {
                "expire_utime_after": 0,
                "service_discovery": {
                    "use_discovery_service": false,
                    "query_endpoint": "",
                    "use_nested_query": false,
                    "parent_data_path": "",
                    "data_path": "",
                    "port_data_path": "",
                    "target_path": "",
                    "use_target_list": false,
                    "cache_timeout": 60,
                    "endpoint_returns_list": false
                },
                "recheck_wait": 0
            }
        },
        "proxy": {
            "preserve_host_header": false,
            "listen_path": "/httpbin",
            "target_url": "https://httpbin.org/anything",
            "disable_strip_slash": true,
            "strip_listen_path": true,
            "enable_load_balancing": false,
            "target_list": [],
            "check_host_against_uptime_tests": false,
            "service_discovery": {
                "use_discovery_service": false,
                "query_endpoint": "",
                "use_nested_query": false,
                "parent_data_path": "",
                "data_path": "",
                "port_data_path": "",
                "target_path": "",
                "use_target_list": false,
                "cache_timeout": 0,
                "endpoint_returns_list": false
            },
            "transport": {
                "ssl_insecure_skip_verify": false,
                "ssl_ciphers": [],
                "ssl_min_version": 0,
                "ssl_max_version": 0,
                "ssl_force_common_name_check": false,
                "proxy_url": ""
            }
        },
        "disable_rate_limit": false,
        "disable_quota": false,
        "custom_middleware": {
            "pre": [],
            "post": [],
            "post_key_auth": [],
            "auth_check": {
                "name": "MyProcessRequest",
                "path": "rest_auth.so",
                "require_session": true,
                "raw_body_only": false
            },
            "response": [],
            "driver": "goplugin",
            "id_extractor": {
                "extract_from": "",
                "extract_with": "",
                "extractor_config": null
            }
        },
        "custom_middleware_bundle": "dxc-rest-auth-v2.0.zip",
        "cache_options": {
            "cache_timeout": 60,
            "enable_cache": false,
            "cache_all_safe_requests": false,
            "cache_response_codes": [],
            "enable_upstream_cache_control": false,
            "cache_control_ttl_header": "",
            "cache_by_headers": []
        },
        "session_lifetime": 0,
        "active": true,
        "internal": false,
        "auth_provider": {
            "name": "",
            "storage_engine": "rpc",
            "meta": {}
        },
        "session_provider": {
            "name": "",
            "storage_engine": "",
            "meta": {}
        },
        "event_handlers": {
            "events": {}
        },
        "enable_batch_request_support": false,
        "enable_ip_whitelisting": false,
        "allowed_ips": [],
        "enable_ip_blacklisting": false,
        "blacklisted_ips": [],
        "dont_set_quota_on_create": false,
        "expire_analytics_after": 0,
        "response_processors": [],
        "CORS": {
            "enable": false,
            "allowed_origins": [
                "*"
            ],
            "allowed_methods": [
                "GET",
                "POST",
                "HEAD"
            ],
            "allowed_headers": [
                "Origin",
                "Accept",
                "Content-Type",
                "X-Requested-With",
                "Authorization"
            ],
            "exposed_headers": [],
            "allow_credentials": false,
            "max_age": 24,
            "options_passthrough": false,
            "debug": false
        },
        "domain": "",
        "certificates": [],
        "do_not_track": false,
        "tags": [],
        "enable_context_vars": true,
        "config_data": {},
        "tag_headers": [],
        "global_rate_limit": {
            "rate": 0,
            "per": 0
        },
        "strip_auth_data": false,
        "enable_detailed_recording": false,
        "graphql": {
            "enabled": false,
            "execution_mode": "proxyOnly",
            "version": "2",
            "schema": "",
            "type_field_configurations": [],
            "playground": {
                "enabled": false,
                "path": ""
            },
            "engine": {
                "field_configs": [],
                "data_sources": []
            },
            "proxy": {
                "auth_headers": {}
            },
            "subgraph": {
                "sdl": ""
            },
            "supergraph": {
                "subgraphs": [],
                "merged_sdl": "",
                "global_headers": {},
                "disable_query_batching": false
            }
        }
    }
}

sedky · September 27, 2022, 5:33pm

@ibuar , can we see your manifest.json in your plugin bundle?

ibuar · September 28, 2022, 6:03am

@sedky,

{
  "file_list": ["rest_auth.so"],
  "custom_middleware": {
    "driver": "goplugin",
    "auth_check": {
      "name": "MyProcessRequest",
      "path": "rest_auth.so",
      "require_session": true
    },
    "pre": [],
    "post_key_auth": [],
    "post": [],
    "response": []
  }
}

ibuar · September 28, 2022, 3:08pm

Hi @sedky

If we add it in post_ key_check it’s working.
In this case, do we need to set the go plugin auth in the Tyk auth mechanism?
currently, we are using multiple auth with auth token and go plugin

sedky · September 28, 2022, 3:40pm

Ahh that makes sense. The “auth” hook would not have access to the “session” details yet as Tyk hasn’t processed the authentication in this phase.

Depending on your use case, you can just use API Key built-in for auth, and then have your Go plugin execute afterwards. If you need to return an error in a post-auth hook, you can certainly do that.

What do you need your Go plugin to do?

ibuar · September 28, 2022, 3:43pm

@sedky
Go plugin have the application level auth check with the metadata from the tyk token