From 8027cc454e0fd571de69d496f1de13c51d2ab6e7 Mon Sep 17 00:00:00 2001 From: Joel Speed Date: Fri, 24 May 2019 16:55:12 +0100 Subject: [PATCH 1/5] Move api to pkg/requests --- api/api.go => pkg/requests/requests.go | 2 +- api/api_test.go => pkg/requests/requests_test.go | 2 +- providers/azure.go | 4 ++-- providers/facebook.go | 4 ++-- providers/gitlab.go | 4 ++-- providers/internal_util.go | 4 ++-- providers/linkedin.go | 4 ++-- 7 files changed, 12 insertions(+), 12 deletions(-) rename api/api.go => pkg/requests/requests.go (98%) rename api/api_test.go => pkg/requests/requests_test.go (99%) diff --git a/api/api.go b/pkg/requests/requests.go similarity index 98% rename from api/api.go rename to pkg/requests/requests.go index c5d5623e..aac22e47 100644 --- a/api/api.go +++ b/pkg/requests/requests.go @@ -1,4 +1,4 @@ -package api +package requests import ( "encoding/json" diff --git a/api/api_test.go b/pkg/requests/requests_test.go similarity index 99% rename from api/api_test.go rename to pkg/requests/requests_test.go index 7bdf1b7d..99a4c3b6 100644 --- a/api/api_test.go +++ b/pkg/requests/requests_test.go @@ -1,4 +1,4 @@ -package api +package requests import ( "io/ioutil" diff --git a/providers/azure.go b/providers/azure.go index a7961d20..31544328 100644 --- a/providers/azure.go +++ b/providers/azure.go @@ -7,9 +7,9 @@ import ( "net/url" "github.com/bitly/go-simplejson" - "github.com/pusher/oauth2_proxy/api" "github.com/pusher/oauth2_proxy/logger" "github.com/pusher/oauth2_proxy/pkg/apis/sessions" + "github.com/pusher/oauth2_proxy/pkg/requests" ) // AzureProvider represents an Azure based Identity Provider @@ -102,7 +102,7 @@ func (p *AzureProvider) GetEmailAddress(s *sessions.SessionState) (string, error } req.Header = getAzureHeader(s.AccessToken) - json, err := api.Request(req) + json, err := requests.Request(req) if err != nil { return "", err diff --git a/providers/facebook.go b/providers/facebook.go index 9897a1b6..abd53828 100644 --- a/providers/facebook.go +++ b/providers/facebook.go @@ -6,8 +6,8 @@ import ( "net/http" "net/url" - "github.com/pusher/oauth2_proxy/api" "github.com/pusher/oauth2_proxy/pkg/apis/sessions" + "github.com/pusher/oauth2_proxy/pkg/requests" ) // FacebookProvider represents an Facebook based Identity Provider @@ -69,7 +69,7 @@ func (p *FacebookProvider) GetEmailAddress(s *sessions.SessionState) (string, er Email string } var r result - err = api.RequestJSON(req, &r) + err = requests.RequestJSON(req, &r) if err != nil { return "", err } diff --git a/providers/gitlab.go b/providers/gitlab.go index af956c4c..c9a4a1fc 100644 --- a/providers/gitlab.go +++ b/providers/gitlab.go @@ -4,9 +4,9 @@ import ( "net/http" "net/url" - "github.com/pusher/oauth2_proxy/api" "github.com/pusher/oauth2_proxy/logger" "github.com/pusher/oauth2_proxy/pkg/apis/sessions" + "github.com/pusher/oauth2_proxy/pkg/requests" ) // GitLabProvider represents an GitLab based Identity Provider @@ -53,7 +53,7 @@ func (p *GitLabProvider) GetEmailAddress(s *sessions.SessionState) (string, erro logger.Printf("failed building request %s", err) return "", err } - json, err := api.Request(req) + json, err := requests.Request(req) if err != nil { logger.Printf("failed making request %s", err) return "", err diff --git a/providers/internal_util.go b/providers/internal_util.go index 7144dee0..bb5f4f54 100644 --- a/providers/internal_util.go +++ b/providers/internal_util.go @@ -5,8 +5,8 @@ import ( "net/http" "net/url" - "github.com/pusher/oauth2_proxy/api" "github.com/pusher/oauth2_proxy/logger" + "github.com/pusher/oauth2_proxy/pkg/requests" ) // stripToken is a helper function to obfuscate "access_token" @@ -55,7 +55,7 @@ func validateToken(p Provider, accessToken string, header http.Header) bool { params := url.Values{"access_token": {accessToken}} endpoint = endpoint + "?" + params.Encode() } - resp, err := api.RequestUnparsedResponse(endpoint, header) + resp, err := requests.RequestUnparsedResponse(endpoint, header) if err != nil { logger.Printf("GET %s", stripToken(endpoint)) logger.Printf("token validation request failed: %s", err) diff --git a/providers/linkedin.go b/providers/linkedin.go index a31b4a11..bca29360 100644 --- a/providers/linkedin.go +++ b/providers/linkedin.go @@ -6,8 +6,8 @@ import ( "net/http" "net/url" - "github.com/pusher/oauth2_proxy/api" "github.com/pusher/oauth2_proxy/pkg/apis/sessions" + "github.com/pusher/oauth2_proxy/pkg/requests" ) // LinkedInProvider represents an LinkedIn based Identity Provider @@ -61,7 +61,7 @@ func (p *LinkedInProvider) GetEmailAddress(s *sessions.SessionState) (string, er } req.Header = getLinkedInHeader(s.AccessToken) - json, err := api.Request(req) + json, err := requests.Request(req) if err != nil { return "", err } From d1ef14becc300ee2ad65c07a032daf51dac2ca01 Mon Sep 17 00:00:00 2001 From: Joel Speed Date: Fri, 24 May 2019 17:06:48 +0100 Subject: [PATCH 2/5] Move cookie to pkg/encryption --- oauthproxy.go | 4 ++-- options.go | 6 +++--- pkg/apis/options/sessions.go | 6 ++---- pkg/apis/sessions/session_state.go | 8 ++++---- pkg/apis/sessions/session_state_test.go | 14 +++++++------- cookie/cookies.go => pkg/encryption/cipher.go | 2 +- .../encryption/cipher_test.go | 2 +- {cookie => pkg/encryption}/nonce.go | 2 +- pkg/sessions/cookie/session_store.go | 8 ++++---- pkg/sessions/redis/redis_store.go | 12 ++++++------ pkg/sessions/session_store_test.go | 6 +++--- pkg/sessions/utils/utils.go | 6 +++--- providers/provider_default.go | 6 +++--- providers/providers.go | 6 +++--- 14 files changed, 43 insertions(+), 45 deletions(-) rename cookie/cookies.go => pkg/encryption/cipher.go (99%) rename cookie/cookies_test.go => pkg/encryption/cipher_test.go (98%) rename {cookie => pkg/encryption}/nonce.go (93%) diff --git a/oauthproxy.go b/oauthproxy.go index 389b2a99..62d1a18a 100644 --- a/oauthproxy.go +++ b/oauthproxy.go @@ -14,9 +14,9 @@ import ( "time" "github.com/mbland/hmacauth" - "github.com/pusher/oauth2_proxy/cookie" "github.com/pusher/oauth2_proxy/logger" sessionsapi "github.com/pusher/oauth2_proxy/pkg/apis/sessions" + "github.com/pusher/oauth2_proxy/pkg/encryption" "github.com/pusher/oauth2_proxy/providers" "github.com/yhat/wsutil" ) @@ -555,7 +555,7 @@ func (p *OAuthProxy) SignOut(rw http.ResponseWriter, req *http.Request) { // OAuthStart starts the OAuth2 authentication flow func (p *OAuthProxy) OAuthStart(rw http.ResponseWriter, req *http.Request) { - nonce, err := cookie.Nonce() + nonce, err := encryption.Nonce() if err != nil { logger.Printf("Error obtaining nonce: %s", err.Error()) p.ErrorPage(rw, 500, "Internal Error", err.Error()) diff --git a/options.go b/options.go index 0460bce2..2b506e34 100644 --- a/options.go +++ b/options.go @@ -17,10 +17,10 @@ import ( oidc "github.com/coreos/go-oidc" "github.com/dgrijalva/jwt-go" "github.com/mbland/hmacauth" - "github.com/pusher/oauth2_proxy/cookie" "github.com/pusher/oauth2_proxy/logger" "github.com/pusher/oauth2_proxy/pkg/apis/options" sessionsapi "github.com/pusher/oauth2_proxy/pkg/apis/sessions" + "github.com/pusher/oauth2_proxy/pkg/encryption" "github.com/pusher/oauth2_proxy/pkg/sessions" "github.com/pusher/oauth2_proxy/providers" "gopkg.in/natefinch/lumberjack.v2" @@ -268,7 +268,7 @@ func (o *Options) Validate() error { } msgs = parseProviderInfo(o, msgs) - var cipher *cookie.Cipher + var cipher *encryption.Cipher if o.PassAccessToken || o.SetAuthorization || o.PassAuthorization || (o.CookieRefresh != time.Duration(0)) { validCookieSecretSize := false for _, i := range []int{16, 24, 32} { @@ -293,7 +293,7 @@ func (o *Options) Validate() error { len(secretBytes(o.CookieSecret)), suffix)) } else { var err error - cipher, err = cookie.NewCipher(secretBytes(o.CookieSecret)) + cipher, err = encryption.NewCipher(secretBytes(o.CookieSecret)) if err != nil { msgs = append(msgs, fmt.Sprintf("cookie-secret error: %v", err)) } diff --git a/pkg/apis/options/sessions.go b/pkg/apis/options/sessions.go index c72da3dd..c96d490c 100644 --- a/pkg/apis/options/sessions.go +++ b/pkg/apis/options/sessions.go @@ -1,13 +1,11 @@ package options -import ( - "github.com/pusher/oauth2_proxy/cookie" -) +import "github.com/pusher/oauth2_proxy/pkg/encryption" // SessionOptions contains configuration options for the SessionStore providers. type SessionOptions struct { Type string `flag:"session-store-type" cfg:"session_store_type" env:"OAUTH2_PROXY_SESSION_STORE_TYPE"` - Cipher *cookie.Cipher + Cipher *encryption.Cipher CookieStoreOptions RedisStoreOptions } diff --git a/pkg/apis/sessions/session_state.go b/pkg/apis/sessions/session_state.go index 01789ff6..84c0dc90 100644 --- a/pkg/apis/sessions/session_state.go +++ b/pkg/apis/sessions/session_state.go @@ -7,7 +7,7 @@ import ( "strings" "time" - "github.com/pusher/oauth2_proxy/cookie" + "github.com/pusher/oauth2_proxy/pkg/encryption" ) // SessionState is used to store information about the currently authenticated user session @@ -66,7 +66,7 @@ func (s *SessionState) String() string { } // EncodeSessionState returns string representation of the current session -func (s *SessionState) EncodeSessionState(c *cookie.Cipher) (string, error) { +func (s *SessionState) EncodeSessionState(c *encryption.Cipher) (string, error) { var ss SessionState if c == nil { // Store only Email and User when cipher is unavailable @@ -133,7 +133,7 @@ func legacyDecodeSessionStatePlain(v string) (*SessionState, error) { // legacyDecodeSessionState attempts to decode the session state string // generated by v3.1.0 or older -func legacyDecodeSessionState(v string, c *cookie.Cipher) (*SessionState, error) { +func legacyDecodeSessionState(v string, c *encryption.Cipher) (*SessionState, error) { chunks := strings.Split(v, "|") if c == nil { @@ -176,7 +176,7 @@ func legacyDecodeSessionState(v string, c *cookie.Cipher) (*SessionState, error) } // DecodeSessionState decodes the session cookie string into a SessionState -func DecodeSessionState(v string, c *cookie.Cipher) (*SessionState, error) { +func DecodeSessionState(v string, c *encryption.Cipher) (*SessionState, error) { var ssj SessionStateJSON var ss *SessionState err := json.Unmarshal([]byte(v), &ssj) diff --git a/pkg/apis/sessions/session_state_test.go b/pkg/apis/sessions/session_state_test.go index a48344e8..c8ccff10 100644 --- a/pkg/apis/sessions/session_state_test.go +++ b/pkg/apis/sessions/session_state_test.go @@ -5,8 +5,8 @@ import ( "testing" "time" - "github.com/pusher/oauth2_proxy/cookie" "github.com/pusher/oauth2_proxy/pkg/apis/sessions" + "github.com/pusher/oauth2_proxy/pkg/encryption" "github.com/stretchr/testify/assert" ) @@ -14,9 +14,9 @@ const secret = "0123456789abcdefghijklmnopqrstuv" const altSecret = "0000000000abcdefghijklmnopqrstuv" func TestSessionStateSerialization(t *testing.T) { - c, err := cookie.NewCipher([]byte(secret)) + c, err := encryption.NewCipher([]byte(secret)) assert.Equal(t, nil, err) - c2, err := cookie.NewCipher([]byte(altSecret)) + c2, err := encryption.NewCipher([]byte(altSecret)) assert.Equal(t, nil, err) s := &sessions.SessionState{ Email: "user@domain.com", @@ -54,9 +54,9 @@ func TestSessionStateSerialization(t *testing.T) { } func TestSessionStateSerializationWithUser(t *testing.T) { - c, err := cookie.NewCipher([]byte(secret)) + c, err := encryption.NewCipher([]byte(secret)) assert.Equal(t, nil, err) - c2, err := cookie.NewCipher([]byte(altSecret)) + c2, err := encryption.NewCipher([]byte(altSecret)) assert.Equal(t, nil, err) s := &sessions.SessionState{ User: "just-user", @@ -146,7 +146,7 @@ func TestExpired(t *testing.T) { type testCase struct { sessions.SessionState Encoded string - Cipher *cookie.Cipher + Cipher *encryption.Cipher Error bool } @@ -203,7 +203,7 @@ func TestDecodeSessionState(t *testing.T) { eString := string(eJSON) eUnix := e.Unix() - c, err := cookie.NewCipher([]byte(secret)) + c, err := encryption.NewCipher([]byte(secret)) assert.NoError(t, err) testCases := []testCase{ diff --git a/cookie/cookies.go b/pkg/encryption/cipher.go similarity index 99% rename from cookie/cookies.go rename to pkg/encryption/cipher.go index 0d354e15..c308330f 100644 --- a/cookie/cookies.go +++ b/pkg/encryption/cipher.go @@ -1,4 +1,4 @@ -package cookie +package encryption import ( "crypto/aes" diff --git a/cookie/cookies_test.go b/pkg/encryption/cipher_test.go similarity index 98% rename from cookie/cookies_test.go rename to pkg/encryption/cipher_test.go index 500550e6..fb6a4aa7 100644 --- a/cookie/cookies_test.go +++ b/pkg/encryption/cipher_test.go @@ -1,4 +1,4 @@ -package cookie +package encryption import ( "encoding/base64" diff --git a/cookie/nonce.go b/pkg/encryption/nonce.go similarity index 93% rename from cookie/nonce.go rename to pkg/encryption/nonce.go index 6def1488..69850c4e 100644 --- a/cookie/nonce.go +++ b/pkg/encryption/nonce.go @@ -1,4 +1,4 @@ -package cookie +package encryption import ( "crypto/rand" diff --git a/pkg/sessions/cookie/session_store.go b/pkg/sessions/cookie/session_store.go index c40dd233..960be905 100644 --- a/pkg/sessions/cookie/session_store.go +++ b/pkg/sessions/cookie/session_store.go @@ -8,10 +8,10 @@ import ( "strings" "time" - "github.com/pusher/oauth2_proxy/cookie" "github.com/pusher/oauth2_proxy/pkg/apis/options" "github.com/pusher/oauth2_proxy/pkg/apis/sessions" "github.com/pusher/oauth2_proxy/pkg/cookies" + "github.com/pusher/oauth2_proxy/pkg/encryption" "github.com/pusher/oauth2_proxy/pkg/sessions/utils" ) @@ -28,7 +28,7 @@ var _ sessions.SessionStore = &SessionStore{} // interface that stores sessions in client side cookies type SessionStore struct { CookieOptions *options.CookieOptions - CookieCipher *cookie.Cipher + CookieCipher *encryption.Cipher } // Save takes a sessions.SessionState and stores the information from it @@ -53,7 +53,7 @@ func (s *SessionStore) Load(req *http.Request) (*sessions.SessionState, error) { // always http.ErrNoCookie return nil, fmt.Errorf("Cookie %q not present", s.CookieOptions.CookieName) } - val, _, ok := cookie.Validate(c, s.CookieOptions.CookieSecret, s.CookieOptions.CookieExpire) + val, _, ok := encryption.Validate(c, s.CookieOptions.CookieSecret, s.CookieOptions.CookieExpire) if !ok { return nil, errors.New("Cookie Signature not valid") } @@ -96,7 +96,7 @@ func (s *SessionStore) setSessionCookie(rw http.ResponseWriter, req *http.Reques // authentication details func (s *SessionStore) makeSessionCookie(req *http.Request, value string, now time.Time) []*http.Cookie { if value != "" { - value = cookie.SignedValue(s.CookieOptions.CookieSecret, s.CookieOptions.CookieName, value, now) + value = encryption.SignedValue(s.CookieOptions.CookieSecret, s.CookieOptions.CookieName, value, now) } c := s.makeCookie(req, s.CookieOptions.CookieName, value, s.CookieOptions.CookieExpire, now) if len(c.Value) > 4096-len(s.CookieOptions.CookieName) { diff --git a/pkg/sessions/redis/redis_store.go b/pkg/sessions/redis/redis_store.go index 82e941e7..ed33d72d 100644 --- a/pkg/sessions/redis/redis_store.go +++ b/pkg/sessions/redis/redis_store.go @@ -13,10 +13,10 @@ import ( "time" "github.com/go-redis/redis" - "github.com/pusher/oauth2_proxy/cookie" "github.com/pusher/oauth2_proxy/pkg/apis/options" "github.com/pusher/oauth2_proxy/pkg/apis/sessions" "github.com/pusher/oauth2_proxy/pkg/cookies" + "github.com/pusher/oauth2_proxy/pkg/encryption" ) // TicketData is a structure representing the ticket used in server session storage @@ -28,7 +28,7 @@ type TicketData struct { // SessionStore is an implementation of the sessions.SessionStore // interface that stores sessions in redis type SessionStore struct { - CookieCipher *cookie.Cipher + CookieCipher *encryption.Cipher CookieOptions *options.CookieOptions Client *redis.Client } @@ -106,7 +106,7 @@ func (store *SessionStore) Load(req *http.Request) (*sessions.SessionState, erro return nil, fmt.Errorf("error loading session: %s", err) } - val, _, ok := cookie.Validate(requestCookie, store.CookieOptions.CookieSecret, store.CookieOptions.CookieExpire) + val, _, ok := encryption.Validate(requestCookie, store.CookieOptions.CookieSecret, store.CookieOptions.CookieExpire) if !ok { return nil, fmt.Errorf("Cookie Signature not valid") } @@ -166,7 +166,7 @@ func (store *SessionStore) Clear(rw http.ResponseWriter, req *http.Request) erro return fmt.Errorf("error retrieving cookie: %v", err) } - val, _, ok := cookie.Validate(requestCookie, store.CookieOptions.CookieSecret, store.CookieOptions.CookieExpire) + val, _, ok := encryption.Validate(requestCookie, store.CookieOptions.CookieSecret, store.CookieOptions.CookieExpire) if !ok { return fmt.Errorf("Cookie Signature not valid") } @@ -186,7 +186,7 @@ func (store *SessionStore) Clear(rw http.ResponseWriter, req *http.Request) erro // makeCookie makes a cookie, signing the value if present func (store *SessionStore) makeCookie(req *http.Request, value string, expires time.Duration, now time.Time) *http.Cookie { if value != "" { - value = cookie.SignedValue(store.CookieOptions.CookieSecret, store.CookieOptions.CookieName, value, now) + value = encryption.SignedValue(store.CookieOptions.CookieSecret, store.CookieOptions.CookieName, value, now) } return cookies.MakeCookieFromOptions( req, @@ -230,7 +230,7 @@ func (store *SessionStore) getTicket(requestCookie *http.Cookie) (*TicketData, e } // An existing cookie exists, try to retrieve the ticket - val, _, ok := cookie.Validate(requestCookie, store.CookieOptions.CookieSecret, store.CookieOptions.CookieExpire) + val, _, ok := encryption.Validate(requestCookie, store.CookieOptions.CookieSecret, store.CookieOptions.CookieExpire) if !ok { // Cookie is invalid, create a new ticket return newTicket() diff --git a/pkg/sessions/session_store_test.go b/pkg/sessions/session_store_test.go index 47ad4b76..fd0b0e58 100644 --- a/pkg/sessions/session_store_test.go +++ b/pkg/sessions/session_store_test.go @@ -13,10 +13,10 @@ import ( "github.com/alicebob/miniredis" . "github.com/onsi/ginkgo" . "github.com/onsi/gomega" - "github.com/pusher/oauth2_proxy/cookie" "github.com/pusher/oauth2_proxy/pkg/apis/options" sessionsapi "github.com/pusher/oauth2_proxy/pkg/apis/sessions" "github.com/pusher/oauth2_proxy/pkg/cookies" + "github.com/pusher/oauth2_proxy/pkg/encryption" "github.com/pusher/oauth2_proxy/pkg/sessions" sessionscookie "github.com/pusher/oauth2_proxy/pkg/sessions/cookie" "github.com/pusher/oauth2_proxy/pkg/sessions/redis" @@ -158,7 +158,7 @@ var _ = Describe("NewSessionStore", func() { BeforeEach(func() { By("Using a valid cookie with a different providers session encoding") broken := "BrokenSessionFromADifferentSessionImplementation" - value := cookie.SignedValue(cookieOpts.CookieSecret, cookieOpts.CookieName, broken, time.Now()) + value := encryption.SignedValue(cookieOpts.CookieSecret, cookieOpts.CookieName, broken, time.Now()) cookie := cookies.MakeCookieFromOptions(request, cookieOpts.CookieName, value, cookieOpts, cookieOpts.CookieExpire, time.Now()) request.AddCookie(cookie) @@ -354,7 +354,7 @@ var _ = Describe("NewSessionStore", func() { _, err := rand.Read(secret) Expect(err).ToNot(HaveOccurred()) cookieOpts.CookieSecret = base64.URLEncoding.EncodeToString(secret) - cipher, err := cookie.NewCipher(utils.SecretBytes(cookieOpts.CookieSecret)) + cipher, err := encryption.NewCipher(utils.SecretBytes(cookieOpts.CookieSecret)) Expect(err).ToNot(HaveOccurred()) Expect(cipher).ToNot(BeNil()) opts.Cipher = cipher diff --git a/pkg/sessions/utils/utils.go b/pkg/sessions/utils/utils.go index 051e9cc6..1fb27f4d 100644 --- a/pkg/sessions/utils/utils.go +++ b/pkg/sessions/utils/utils.go @@ -3,17 +3,17 @@ package utils import ( "encoding/base64" - "github.com/pusher/oauth2_proxy/cookie" "github.com/pusher/oauth2_proxy/pkg/apis/sessions" + "github.com/pusher/oauth2_proxy/pkg/encryption" ) // CookieForSession serializes a session state for storage in a cookie -func CookieForSession(s *sessions.SessionState, c *cookie.Cipher) (string, error) { +func CookieForSession(s *sessions.SessionState, c *encryption.Cipher) (string, error) { return s.EncodeSessionState(c) } // SessionFromCookie deserializes a session from a cookie value -func SessionFromCookie(v string, c *cookie.Cipher) (s *sessions.SessionState, err error) { +func SessionFromCookie(v string, c *encryption.Cipher) (s *sessions.SessionState, err error) { return sessions.DecodeSessionState(v, c) } diff --git a/providers/provider_default.go b/providers/provider_default.go index 47160148..d87b939c 100644 --- a/providers/provider_default.go +++ b/providers/provider_default.go @@ -10,8 +10,8 @@ import ( "net/url" "time" - "github.com/pusher/oauth2_proxy/cookie" "github.com/pusher/oauth2_proxy/pkg/apis/sessions" + "github.com/pusher/oauth2_proxy/pkg/encryption" ) // Redeem provides a default implementation of the OAuth2 token redemption process @@ -96,12 +96,12 @@ func (p *ProviderData) GetLoginURL(redirectURI, state string) string { } // CookieForSession serializes a session state for storage in a cookie -func (p *ProviderData) CookieForSession(s *sessions.SessionState, c *cookie.Cipher) (string, error) { +func (p *ProviderData) CookieForSession(s *sessions.SessionState, c *encryption.Cipher) (string, error) { return s.EncodeSessionState(c) } // SessionFromCookie deserializes a session from a cookie value -func (p *ProviderData) SessionFromCookie(v string, c *cookie.Cipher) (s *sessions.SessionState, err error) { +func (p *ProviderData) SessionFromCookie(v string, c *encryption.Cipher) (s *sessions.SessionState, err error) { return sessions.DecodeSessionState(v, c) } diff --git a/providers/providers.go b/providers/providers.go index 57ace415..baf723d9 100644 --- a/providers/providers.go +++ b/providers/providers.go @@ -1,8 +1,8 @@ package providers import ( - "github.com/pusher/oauth2_proxy/cookie" "github.com/pusher/oauth2_proxy/pkg/apis/sessions" + "github.com/pusher/oauth2_proxy/pkg/encryption" ) // Provider represents an upstream identity provider implementation @@ -15,8 +15,8 @@ type Provider interface { ValidateSessionState(*sessions.SessionState) bool GetLoginURL(redirectURI, finalRedirect string) string RefreshSessionIfNeeded(*sessions.SessionState) (bool, error) - SessionFromCookie(string, *cookie.Cipher) (*sessions.SessionState, error) - CookieForSession(*sessions.SessionState, *cookie.Cipher) (string, error) + SessionFromCookie(string, *encryption.Cipher) (*sessions.SessionState, error) + CookieForSession(*sessions.SessionState, *encryption.Cipher) (string, error) } // New provides a new Provider based on the configured provider string From fb9616160e7406c804e60f08bd73223ce5d1e40f Mon Sep 17 00:00:00 2001 From: Joel Speed Date: Fri, 24 May 2019 17:08:48 +0100 Subject: [PATCH 3/5] Move logger to pkg/logger --- htpasswd.go | 2 +- http.go | 2 +- logging_handler.go | 2 +- logging_handler_test.go | 2 +- main.go | 2 +- oauthproxy.go | 2 +- oauthproxy_test.go | 2 +- options.go | 2 +- pkg/cookies/cookies.go | 2 +- {logger => pkg/logger}/logger.go | 0 pkg/requests/requests.go | 2 +- providers/azure.go | 2 +- providers/github.go | 2 +- providers/gitlab.go | 2 +- providers/google.go | 2 +- providers/internal_util.go | 2 +- templates.go | 2 +- validator.go | 2 +- watcher.go | 2 +- watcher_unsupported.go | 2 +- 20 files changed, 19 insertions(+), 19 deletions(-) rename {logger => pkg/logger}/logger.go (100%) diff --git a/htpasswd.go b/htpasswd.go index 0166e08e..b7c8d579 100644 --- a/htpasswd.go +++ b/htpasswd.go @@ -7,7 +7,7 @@ import ( "io" "os" - "github.com/pusher/oauth2_proxy/logger" + "github.com/pusher/oauth2_proxy/pkg/logger" "golang.org/x/crypto/bcrypt" ) diff --git a/http.go b/http.go index 8ccc6f63..2cee227b 100644 --- a/http.go +++ b/http.go @@ -7,7 +7,7 @@ import ( "strings" "time" - "github.com/pusher/oauth2_proxy/logger" + "github.com/pusher/oauth2_proxy/pkg/logger" ) // Server represents an HTTP server diff --git a/logging_handler.go b/logging_handler.go index 77c2fca1..b4f829d8 100644 --- a/logging_handler.go +++ b/logging_handler.go @@ -10,7 +10,7 @@ import ( "net/http" "time" - "github.com/pusher/oauth2_proxy/logger" + "github.com/pusher/oauth2_proxy/pkg/logger" ) // responseLogger is wrapper of http.ResponseWriter that keeps track of its HTTP status diff --git a/logging_handler_test.go b/logging_handler_test.go index f92c7e0d..fd77e0f5 100644 --- a/logging_handler_test.go +++ b/logging_handler_test.go @@ -9,7 +9,7 @@ import ( "testing" "time" - "github.com/pusher/oauth2_proxy/logger" + "github.com/pusher/oauth2_proxy/pkg/logger" ) func TestLoggingHandler_ServeHTTP(t *testing.T) { diff --git a/main.go b/main.go index a66c4fce..8af64614 100644 --- a/main.go +++ b/main.go @@ -12,7 +12,7 @@ import ( "github.com/BurntSushi/toml" options "github.com/mreiferson/go-options" - "github.com/pusher/oauth2_proxy/logger" + "github.com/pusher/oauth2_proxy/pkg/logger" ) func main() { diff --git a/oauthproxy.go b/oauthproxy.go index 62d1a18a..fc4bb43d 100644 --- a/oauthproxy.go +++ b/oauthproxy.go @@ -14,7 +14,7 @@ import ( "time" "github.com/mbland/hmacauth" - "github.com/pusher/oauth2_proxy/logger" + "github.com/pusher/oauth2_proxy/pkg/logger" sessionsapi "github.com/pusher/oauth2_proxy/pkg/apis/sessions" "github.com/pusher/oauth2_proxy/pkg/encryption" "github.com/pusher/oauth2_proxy/providers" diff --git a/oauthproxy_test.go b/oauthproxy_test.go index 1d09bbb9..2fa3e009 100644 --- a/oauthproxy_test.go +++ b/oauthproxy_test.go @@ -15,7 +15,7 @@ import ( "time" "github.com/mbland/hmacauth" - "github.com/pusher/oauth2_proxy/logger" + "github.com/pusher/oauth2_proxy/pkg/logger" "github.com/pusher/oauth2_proxy/pkg/apis/sessions" "github.com/pusher/oauth2_proxy/pkg/sessions/cookie" "github.com/pusher/oauth2_proxy/providers" diff --git a/options.go b/options.go index 2b506e34..5053e943 100644 --- a/options.go +++ b/options.go @@ -17,7 +17,7 @@ import ( oidc "github.com/coreos/go-oidc" "github.com/dgrijalva/jwt-go" "github.com/mbland/hmacauth" - "github.com/pusher/oauth2_proxy/logger" + "github.com/pusher/oauth2_proxy/pkg/logger" "github.com/pusher/oauth2_proxy/pkg/apis/options" sessionsapi "github.com/pusher/oauth2_proxy/pkg/apis/sessions" "github.com/pusher/oauth2_proxy/pkg/encryption" diff --git a/pkg/cookies/cookies.go b/pkg/cookies/cookies.go index 08e6a9bf..5a7343b6 100644 --- a/pkg/cookies/cookies.go +++ b/pkg/cookies/cookies.go @@ -6,7 +6,7 @@ import ( "strings" "time" - "github.com/pusher/oauth2_proxy/logger" + "github.com/pusher/oauth2_proxy/pkg/logger" "github.com/pusher/oauth2_proxy/pkg/apis/options" ) diff --git a/logger/logger.go b/pkg/logger/logger.go similarity index 100% rename from logger/logger.go rename to pkg/logger/logger.go diff --git a/pkg/requests/requests.go b/pkg/requests/requests.go index aac22e47..82d1176a 100644 --- a/pkg/requests/requests.go +++ b/pkg/requests/requests.go @@ -7,7 +7,7 @@ import ( "net/http" "github.com/bitly/go-simplejson" - "github.com/pusher/oauth2_proxy/logger" + "github.com/pusher/oauth2_proxy/pkg/logger" ) // Request parses the request body into a simplejson.Json object diff --git a/providers/azure.go b/providers/azure.go index 31544328..12e23207 100644 --- a/providers/azure.go +++ b/providers/azure.go @@ -7,7 +7,7 @@ import ( "net/url" "github.com/bitly/go-simplejson" - "github.com/pusher/oauth2_proxy/logger" + "github.com/pusher/oauth2_proxy/pkg/logger" "github.com/pusher/oauth2_proxy/pkg/apis/sessions" "github.com/pusher/oauth2_proxy/pkg/requests" ) diff --git a/providers/github.go b/providers/github.go index b60ffe1a..e1a7ed84 100644 --- a/providers/github.go +++ b/providers/github.go @@ -10,7 +10,7 @@ import ( "strconv" "strings" - "github.com/pusher/oauth2_proxy/logger" + "github.com/pusher/oauth2_proxy/pkg/logger" "github.com/pusher/oauth2_proxy/pkg/apis/sessions" ) diff --git a/providers/gitlab.go b/providers/gitlab.go index c9a4a1fc..f8e6739e 100644 --- a/providers/gitlab.go +++ b/providers/gitlab.go @@ -4,7 +4,7 @@ import ( "net/http" "net/url" - "github.com/pusher/oauth2_proxy/logger" + "github.com/pusher/oauth2_proxy/pkg/logger" "github.com/pusher/oauth2_proxy/pkg/apis/sessions" "github.com/pusher/oauth2_proxy/pkg/requests" ) diff --git a/providers/google.go b/providers/google.go index 6f29c2c5..e7821e24 100644 --- a/providers/google.go +++ b/providers/google.go @@ -13,7 +13,7 @@ import ( "strings" "time" - "github.com/pusher/oauth2_proxy/logger" + "github.com/pusher/oauth2_proxy/pkg/logger" "github.com/pusher/oauth2_proxy/pkg/apis/sessions" "golang.org/x/oauth2" "golang.org/x/oauth2/google" diff --git a/providers/internal_util.go b/providers/internal_util.go index bb5f4f54..0cf2a122 100644 --- a/providers/internal_util.go +++ b/providers/internal_util.go @@ -5,7 +5,7 @@ import ( "net/http" "net/url" - "github.com/pusher/oauth2_proxy/logger" + "github.com/pusher/oauth2_proxy/pkg/logger" "github.com/pusher/oauth2_proxy/pkg/requests" ) diff --git a/templates.go b/templates.go index ec1ba873..99637ed3 100644 --- a/templates.go +++ b/templates.go @@ -4,7 +4,7 @@ import ( "html/template" "path" - "github.com/pusher/oauth2_proxy/logger" + "github.com/pusher/oauth2_proxy/pkg/logger" ) func loadTemplates(dir string) *template.Template { diff --git a/validator.go b/validator.go index 1a5c465b..a0dc5850 100644 --- a/validator.go +++ b/validator.go @@ -8,7 +8,7 @@ import ( "sync/atomic" "unsafe" - "github.com/pusher/oauth2_proxy/logger" + "github.com/pusher/oauth2_proxy/pkg/logger" ) // UserMap holds information from the authenticated emails file diff --git a/watcher.go b/watcher.go index 34e98d76..ed2bc0ed 100644 --- a/watcher.go +++ b/watcher.go @@ -7,7 +7,7 @@ import ( "path/filepath" "time" - "github.com/pusher/oauth2_proxy/logger" + "github.com/pusher/oauth2_proxy/pkg/logger" fsnotify "gopkg.in/fsnotify/fsnotify.v1" ) diff --git a/watcher_unsupported.go b/watcher_unsupported.go index 1f6e3fc6..ff708b72 100644 --- a/watcher_unsupported.go +++ b/watcher_unsupported.go @@ -2,7 +2,7 @@ package main -import "github.com/pusher/oauth2_proxy/logger" +import "github.com/pusher/oauth2_proxy/pkg/logger" func WatchForUpdates(filename string, done <-chan bool, action func()) { logger.Printf("file watching not implemented on this platform") From 417fde190cf719999cd8cf9d3aa6cb06a7c1ba30 Mon Sep 17 00:00:00 2001 From: Joel Speed Date: Sat, 15 Jun 2019 11:22:41 +0200 Subject: [PATCH 4/5] Update changelog --- CHANGELOG.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 4f3fc3d8..634cbd0b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -14,6 +14,7 @@ ## Changes since v3.2.0 +- [#187](https://github.com/pusher/oauth2_proxy/pull/187) Move root packages to pkg folder (@JoelSpeed) - [#175](https://github.com/pusher/outh2_proxy/pull/175) Bump go-oidc to v2.0.0 (@aeijdenberg). - Includes fix for potential signature checking issue when OIDC discovery is skipped. - [#155](https://github.com/pusher/outh2_proxy/pull/155) Add RedisSessionStore implementation (@brianv0, @JoelSpeed) @@ -24,7 +25,7 @@ - `-redis-sentinel-master-name` Sets the Sentinel master name, if sentinel is enabled - `-redis-sentinel-connection-urls` Defines the Redis Sentinel Connection URLs, if sentinel is enabled - Introduces the concept of a session ticket. Tickets are composed of the cookie name, a session ID, and a secret. - - Redis Sessions are stored encrypted with a per-session secret + - Redis Sessions are stored encrypted with a per-session secret - Added tests for server based session stores - [#168](https://github.com/pusher/outh2_proxy/pull/168) Drop Go 1.11 support in Travis (@JoelSpeed) - [#169](https://github.com/pusher/outh2_proxy/pull/169) Update Alpine to 3.9 (@kskewes) From 636669092744c0362dbec14471b8b7f59b88509c Mon Sep 17 00:00:00 2001 From: Joel Speed Date: Sat, 15 Jun 2019 11:33:29 +0200 Subject: [PATCH 5/5] Fix gofmt for changed files --- oauthproxy.go | 2 +- oauthproxy_test.go | 2 +- options.go | 2 +- pkg/cookies/cookies.go | 2 +- providers/azure.go | 2 +- providers/github.go | 2 +- providers/gitlab.go | 2 +- providers/google.go | 2 +- 8 files changed, 8 insertions(+), 8 deletions(-) diff --git a/oauthproxy.go b/oauthproxy.go index fc4bb43d..b431d67f 100644 --- a/oauthproxy.go +++ b/oauthproxy.go @@ -14,9 +14,9 @@ import ( "time" "github.com/mbland/hmacauth" - "github.com/pusher/oauth2_proxy/pkg/logger" sessionsapi "github.com/pusher/oauth2_proxy/pkg/apis/sessions" "github.com/pusher/oauth2_proxy/pkg/encryption" + "github.com/pusher/oauth2_proxy/pkg/logger" "github.com/pusher/oauth2_proxy/providers" "github.com/yhat/wsutil" ) diff --git a/oauthproxy_test.go b/oauthproxy_test.go index 2fa3e009..b278fd49 100644 --- a/oauthproxy_test.go +++ b/oauthproxy_test.go @@ -15,8 +15,8 @@ import ( "time" "github.com/mbland/hmacauth" - "github.com/pusher/oauth2_proxy/pkg/logger" "github.com/pusher/oauth2_proxy/pkg/apis/sessions" + "github.com/pusher/oauth2_proxy/pkg/logger" "github.com/pusher/oauth2_proxy/pkg/sessions/cookie" "github.com/pusher/oauth2_proxy/providers" "github.com/stretchr/testify/assert" diff --git a/options.go b/options.go index 5053e943..c7d5d520 100644 --- a/options.go +++ b/options.go @@ -17,10 +17,10 @@ import ( oidc "github.com/coreos/go-oidc" "github.com/dgrijalva/jwt-go" "github.com/mbland/hmacauth" - "github.com/pusher/oauth2_proxy/pkg/logger" "github.com/pusher/oauth2_proxy/pkg/apis/options" sessionsapi "github.com/pusher/oauth2_proxy/pkg/apis/sessions" "github.com/pusher/oauth2_proxy/pkg/encryption" + "github.com/pusher/oauth2_proxy/pkg/logger" "github.com/pusher/oauth2_proxy/pkg/sessions" "github.com/pusher/oauth2_proxy/providers" "gopkg.in/natefinch/lumberjack.v2" diff --git a/pkg/cookies/cookies.go b/pkg/cookies/cookies.go index 5a7343b6..75b93e4d 100644 --- a/pkg/cookies/cookies.go +++ b/pkg/cookies/cookies.go @@ -6,8 +6,8 @@ import ( "strings" "time" - "github.com/pusher/oauth2_proxy/pkg/logger" "github.com/pusher/oauth2_proxy/pkg/apis/options" + "github.com/pusher/oauth2_proxy/pkg/logger" ) // MakeCookie constructs a cookie from the given parameters, diff --git a/providers/azure.go b/providers/azure.go index 12e23207..653090b0 100644 --- a/providers/azure.go +++ b/providers/azure.go @@ -7,8 +7,8 @@ import ( "net/url" "github.com/bitly/go-simplejson" - "github.com/pusher/oauth2_proxy/pkg/logger" "github.com/pusher/oauth2_proxy/pkg/apis/sessions" + "github.com/pusher/oauth2_proxy/pkg/logger" "github.com/pusher/oauth2_proxy/pkg/requests" ) diff --git a/providers/github.go b/providers/github.go index e1a7ed84..ba58bb1e 100644 --- a/providers/github.go +++ b/providers/github.go @@ -10,8 +10,8 @@ import ( "strconv" "strings" - "github.com/pusher/oauth2_proxy/pkg/logger" "github.com/pusher/oauth2_proxy/pkg/apis/sessions" + "github.com/pusher/oauth2_proxy/pkg/logger" ) // GitHubProvider represents an GitHub based Identity Provider diff --git a/providers/gitlab.go b/providers/gitlab.go index f8e6739e..663ebd45 100644 --- a/providers/gitlab.go +++ b/providers/gitlab.go @@ -4,8 +4,8 @@ import ( "net/http" "net/url" - "github.com/pusher/oauth2_proxy/pkg/logger" "github.com/pusher/oauth2_proxy/pkg/apis/sessions" + "github.com/pusher/oauth2_proxy/pkg/logger" "github.com/pusher/oauth2_proxy/pkg/requests" ) diff --git a/providers/google.go b/providers/google.go index e7821e24..6f53887a 100644 --- a/providers/google.go +++ b/providers/google.go @@ -13,8 +13,8 @@ import ( "strings" "time" - "github.com/pusher/oauth2_proxy/pkg/logger" "github.com/pusher/oauth2_proxy/pkg/apis/sessions" + "github.com/pusher/oauth2_proxy/pkg/logger" "golang.org/x/oauth2" "golang.org/x/oauth2/google" admin "google.golang.org/api/admin/directory/v1"