public_git
/
oauth2-proxy
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Create Cookie FlagSet and Defaults

This commit is contained in:
Joel Speed 2020-05-23 17:04:32 +01:00
parent 016f4aa276
commit b3ba2594c6
No known key found for this signature in database
GPG Key ID: 6E80578D6751DEFB
2 changed files with 38 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
pkg/apis/options/cookie.go
View File

@ -1,6 +1,10 @@
package options package options
import "time" import (
"time"
"github.com/spf13/pflag"
)
// CookieOptions contains configuration options relating to Cookie configuration // CookieOptions contains configuration options relating to Cookie configuration
type CookieOptions struct { type CookieOptions struct {
@ -14,3 +18,34 @@ type CookieOptions struct {
HTTPOnly bool `flag:"cookie-httponly" cfg:"cookie_httponly"` HTTPOnly bool `flag:"cookie-httponly" cfg:"cookie_httponly"`
SameSite string `flag:"cookie-samesite" cfg:"cookie_samesite"` SameSite string `flag:"cookie-samesite" cfg:"cookie_samesite"`
} }
func cookieFlagSet() *pflag.FlagSet {
flagSet := pflag.NewFlagSet("cookie", pflag.ExitOnError)
flagSet.String("cookie-name", "_oauth2_proxy", "the name of the cookie that the oauth_proxy creates")
flagSet.String("cookie-secret", "", "the seed string for secure cookies (optionally base64 encoded)")
flagSet.StringSlice("cookie-domain", []string{}, "Optional cookie domains to force cookies to (ie: `.yourcompany.com`). The longest domain matching the request's host will be used (or the shortest cookie domain if there is no match).")
flagSet.String("cookie-path", "/", "an optional cookie path to force cookies to (ie: /poc/)*")
flagSet.Duration("cookie-expire", time.Duration(168)*time.Hour, "expire timeframe for cookie")
flagSet.Duration("cookie-refresh", time.Duration(0), "refresh the cookie after this duration; 0 to disable")
flagSet.Bool("cookie-secure", true, "set secure (HTTPS) cookie flag")
flagSet.Bool("cookie-httponly", true, "set HttpOnly cookie flag")
flagSet.String("cookie-samesite", "", "set SameSite cookie attribute (ie: \"lax\", \"strict\", \"none\", or \"\"). ")
return flagSet
}
// defaultCookieOptions creates a CookieOptions populating each field with its default value
func defaultCookieOptions() CookieOptions {
return CookieOptions{
Name: "_oauth2_proxy",
Secret: "",
Domains: nil,
Path: "/",
Expire: time.Duration(168) * time.Hour,
Refresh: time.Duration(0),
Secure: true,
HTTPOnly: true,
SameSite: "",
}
}

21
pkg/apis/options/options.go
View File

@ -153,14 +153,7 @@ func NewOptions() *Options {
RealClientIPHeader: "X-Real-IP", RealClientIPHeader: "X-Real-IP",
ForceHTTPS: false, ForceHTTPS: false,
DisplayHtpasswdForm: true, DisplayHtpasswdForm: true,
Cookie: CookieOptions{ Cookie: defaultCookieOptions(),
Name: "_oauth2_proxy",
Secure: true,
HTTPOnly: true,
Expire: time.Duration(168) * time.Hour,
Refresh: time.Duration(0),
Path: "/",
},
Session: SessionOptions{ Session: SessionOptions{
Type: "cookie", Type: "cookie",
}, },
@ -245,17 +238,6 @@ func NewFlagSet() *pflag.FlagSet {
flagSet.String("ping-path", "/ping", "the ping endpoint that can be used for basic health checks") flagSet.String("ping-path", "/ping", "the ping endpoint that can be used for basic health checks")
flagSet.String("ping-user-agent", "", "special User-Agent that will be used for basic health checks") flagSet.String("ping-user-agent", "", "special User-Agent that will be used for basic health checks")
flagSet.Bool("proxy-websockets", true, "enables WebSocket proxying") flagSet.Bool("proxy-websockets", true, "enables WebSocket proxying")
flagSet.String("cookie-name", "_oauth2_proxy", "the name of the cookie that the oauth_proxy creates")
flagSet.String("cookie-secret", "", "the seed string for secure cookies (optionally base64 encoded)")
flagSet.StringSlice("cookie-domain", []string{}, "Optional cookie domains to force cookies to (ie: `.yourcompany.com`). The longest domain matching the request's host will be used (or the shortest cookie domain if there is no match).")
flagSet.String("cookie-path", "/", "an optional cookie path to force cookies to (ie: /poc/)*")
flagSet.Duration("cookie-expire", time.Duration(168)*time.Hour, "expire timeframe for cookie")
flagSet.Duration("cookie-refresh", time.Duration(0), "refresh the cookie after this duration; 0 to disable")
flagSet.Bool("cookie-secure", true, "set secure (HTTPS) cookie flag")
flagSet.Bool("cookie-httponly", true, "set HttpOnly cookie flag")
flagSet.String("cookie-samesite", "", "set SameSite cookie attribute (ie: \"lax\", \"strict\", \"none\", or \"\"). ")
flagSet.String("session-store-type", "cookie", "the session storage provider to use") flagSet.String("session-store-type", "cookie", "the session storage provider to use")
flagSet.String("redis-connection-url", "", "URL of redis server for redis session storage (eg: redis://HOST[:PORT])") flagSet.String("redis-connection-url", "", "URL of redis server for redis session storage (eg: redis://HOST[:PORT])")
flagSet.Bool("redis-use-sentinel", false, "Connect to redis via sentinels. Must set --redis-sentinel-master-name and --redis-sentinel-connection-urls to use this feature") flagSet.Bool("redis-use-sentinel", false, "Connect to redis via sentinels. Must set --redis-sentinel-master-name and --redis-sentinel-connection-urls to use this feature")
@ -292,6 +274,7 @@ func NewFlagSet() *pflag.FlagSet {
flagSet.String("user-id-claim", "email", "which claim contains the user ID") flagSet.String("user-id-claim", "email", "which claim contains the user ID")
flagSet.AddFlagSet(cookieFlagSet())
flagSet.AddFlagSet(loggingFlagSet()) flagSet.AddFlagSet(loggingFlagSet())
return flagSet return flagSet