public_git
/
oauth2-proxy
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Add Authorization to the request scope

This commit is contained in:
Joel Speed 2022-04-24 19:07:15 +01:00
parent 96d5daaf4f
commit 374a676c9d
No known key found for this signature in database
GPG Key ID: 6E80578D6751DEFB
1 changed files with 53 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

53
pkg/apis/middleware/scope.go
View File

@ -17,6 +17,10 @@ const RequestScopeKey scopeKey = "request-scope"
// The RequestScope is used to pass information between different middlewares // The RequestScope is used to pass information between different middlewares
// within the chain. // within the chain.
type RequestScope struct { type RequestScope struct {
// Authorization is used to indicate if the requset has been authorized
// by an authorizer earlier in the request chain.
Authorization Authorization
// ReverseProxy tracks whether OAuth2-Proxy is operating in reverse proxy // ReverseProxy tracks whether OAuth2-Proxy is operating in reverse proxy
// mode and if request `X-Forwarded-*` headers should be trusted // mode and if request `X-Forwarded-*` headers should be trusted
ReverseProxy bool ReverseProxy bool
@ -43,6 +47,55 @@ type RequestScope struct {
Upstream string Upstream string
} }
// Authorization contains information about the Authorization of a particular
// request.
type Authorization struct {
// Type is the type of authorization.
// Valid values are: Request.
Type AuthorizationType
// Policy is the authorization policy to apply to this request
// given the authorization type.
// Valid values are Allow, Delegate, Deny or omitted.
// When omitted the caller should decide how to handle this.
Policy AuthorizationPolicy
// Message is a message set by the authorizer.
// This can contain any information about the authorization decision.
// It may contain success or failure indications.
Message string
}
// AuthorizationType is a type of authorization for the request.
type AuthorizationType string
const (
// RequestAuthorization indicates that the request was authorized
// based on the request based authorization. For example via an allowed route
// or allow IP combination.
RequestAuthorization AuthorizationType = "Request"
)
// AuthorizationPolicy is the policy to apply based on the authorization type.
type AuthorizationPolicy string
const (
// AllowPolicy indicates the request should be allowed.
AllowPolicy AuthorizationPolicy = "Allow"
// DelegatePolicy indicates the authorization should be delegated to a later
// authorizer.
DelegatePolicy AuthorizationPolicy = "Delegate"
// DenyPolicy indicates the request should be denied.
DenyPolicy AuthorizationPolicy = "Deny"
// OmittedPolicy is the default policy. This should not be set explicitly
// but can be used to determine that the authorization has not yet been
// completed.
OmittedPolicy AuthorizationPolicy = ""
)
// GetRequestScope returns the current request scope from the given request // GetRequestScope returns the current request scope from the given request
func GetRequestScope(req *http.Request) *RequestScope { func GetRequestScope(req *http.Request) *RequestScope {
scope := req.Context().Value(RequestScopeKey) scope := req.Context().Value(RequestScopeKey)