Move RealClientIP code to IP packages
This commit is contained in:
Joel Speed
parent
c3f9cbeb3d
commit
cce2c680d8
|
|
@ -19,11 +19,12 @@ import (
|
|||
|
||||
"github.com/coreos/go-oidc"
|
||||
"github.com/mbland/hmacauth"
|
||||
"github.com/oauth2-proxy/oauth2-proxy/pkg/apis/logging"
|
||||
ipapi "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/ip"
|
||||
"github.com/oauth2-proxy/oauth2-proxy/pkg/apis/options"
|
||||
sessionsapi "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/sessions"
|
||||
"github.com/oauth2-proxy/oauth2-proxy/pkg/cookies"
|
||||
"github.com/oauth2-proxy/oauth2-proxy/pkg/encryption"
|
||||
"github.com/oauth2-proxy/oauth2-proxy/pkg/ip"
|
||||
"github.com/oauth2-proxy/oauth2-proxy/pkg/logger"
|
||||
"github.com/oauth2-proxy/oauth2-proxy/providers"
|
||||
"github.com/yhat/wsutil"
|
||||
|
|
@ -114,7 +115,7 @@ type OAuthProxy struct {
|
|||
jwtBearerVerifiers []*oidc.IDTokenVerifier
|
||||
compiledRegex []*regexp.Regexp
|
||||
templates *template.Template
|
||||
realClientIPParser logging.RealClientIPParser
|
||||
realClientIPParser ipapi.RealClientIPParser
|
||||
Banner string
|
||||
Footer string
|
||||
}
|
||||
|
|
@ -762,7 +763,7 @@ func (p *OAuthProxy) OAuthStart(rw http.ResponseWriter, req *http.Request) {
|
|||
// OAuthCallback is the OAuth2 authentication flow callback that finishes the
|
||||
// OAuth2 authentication flow
|
||||
func (p *OAuthProxy) OAuthCallback(rw http.ResponseWriter, req *http.Request) {
|
||||
remoteAddr := logging.GetClientString(p.realClientIPParser, req, true)
|
||||
remoteAddr := ip.GetClientString(p.realClientIPParser, req, true)
|
||||
|
||||
// finish the oauth cycle
|
||||
err := req.ParseForm()
|
||||
|
|
@ -890,7 +891,7 @@ func (p *OAuthProxy) getAuthenticatedSession(rw http.ResponseWriter, req *http.R
|
|||
}
|
||||
}
|
||||
|
||||
remoteAddr := logging.GetClientString(p.realClientIPParser, req, true)
|
||||
remoteAddr := ip.GetClientString(p.realClientIPParser, req, true)
|
||||
if session == nil {
|
||||
session, err = p.LoadCookiedSession(req)
|
||||
if err != nil {
|
||||
|
|
|
|||
|
|
@ -0,0 +1,11 @@
|
|||
package ip
|
||||
|
||||
import (
|
||||
"net"
|
||||
"net/http"
|
||||
)
|
||||
|
||||
// RealClientIPParser is an interface for a getting the client's real IP to be used for logging.
|
||||
type RealClientIPParser interface {
|
||||
GetRealClientIP(http.Header) (net.IP, error)
|
||||
}
|
||||
|
|
@ -7,7 +7,7 @@ import (
|
|||
"time"
|
||||
|
||||
oidc "github.com/coreos/go-oidc"
|
||||
"github.com/oauth2-proxy/oauth2-proxy/pkg/apis/logging"
|
||||
ipapi "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/ip"
|
||||
sessionsapi "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/sessions"
|
||||
"github.com/oauth2-proxy/oauth2-proxy/pkg/logger"
|
||||
"github.com/oauth2-proxy/oauth2-proxy/providers"
|
||||
|
|
@ -132,7 +132,7 @@ type Options struct {
|
|||
signatureData *SignatureData
|
||||
oidcVerifier *oidc.IDTokenVerifier
|
||||
jwtBearerVerifiers []*oidc.IDTokenVerifier
|
||||
realClientIPParser logging.RealClientIPParser
|
||||
realClientIPParser ipapi.RealClientIPParser
|
||||
}
|
||||
|
||||
// Options for Getting internal values
|
||||
|
|
@ -144,7 +144,7 @@ func (o *Options) GetSessionStore() sessionsapi.SessionStore { return o.
|
|||
func (o *Options) GetSignatureData() *SignatureData { return o.signatureData }
|
||||
func (o *Options) GetOIDCVerifier() *oidc.IDTokenVerifier { return o.oidcVerifier }
|
||||
func (o *Options) GetJWTBearerVerifiers() []*oidc.IDTokenVerifier { return o.jwtBearerVerifiers }
|
||||
func (o *Options) GetRealClientIPParser() logging.RealClientIPParser { return o.realClientIPParser }
|
||||
func (o *Options) GetRealClientIPParser() ipapi.RealClientIPParser { return o.realClientIPParser }
|
||||
|
||||
// Options for Setting internal values
|
||||
func (o *Options) SetRedirectURL(s *url.URL) { o.redirectURL = s }
|
||||
|
|
@ -155,7 +155,7 @@ func (o *Options) SetSessionStore(s sessionsapi.SessionStore) { o.sessio
|
|||
func (o *Options) SetSignatureData(s *SignatureData) { o.signatureData = s }
|
||||
func (o *Options) SetOIDCVerifier(s *oidc.IDTokenVerifier) { o.oidcVerifier = s }
|
||||
func (o *Options) SetJWTBearerVerifiers(s []*oidc.IDTokenVerifier) { o.jwtBearerVerifiers = s }
|
||||
func (o *Options) SetRealClientIPParser(s logging.RealClientIPParser) { o.realClientIPParser = s }
|
||||
func (o *Options) SetRealClientIPParser(s ipapi.RealClientIPParser) { o.realClientIPParser = s }
|
||||
|
||||
// NewOptions constructs a new Options with defaulted values
|
||||
func NewOptions() *Options {
|
||||
|
|
|
|||
|
|
@ -1,18 +1,15 @@
|
|||
package logging
|
||||
package ip
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"net"
|
||||
"net/http"
|
||||
"strings"
|
||||
|
||||
ipapi "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/ip"
|
||||
)
|
||||
|
||||
// RealClientIPParser is an interface for a getting the client's real IP to be used for logging.
|
||||
type RealClientIPParser interface {
|
||||
GetRealClientIP(http.Header) (net.IP, error)
|
||||
}
|
||||
|
||||
func GetRealClientIPParser(headerKey string) (RealClientIPParser, error) {
|
||||
func GetRealClientIPParser(headerKey string) (ipapi.RealClientIPParser, error) {
|
||||
headerKey = http.CanonicalHeaderKey(headerKey)
|
||||
|
||||
switch headerKey {
|
||||
|
|
@ -73,7 +70,7 @@ func getRemoteIP(req *http.Request) (net.IP, error) {
|
|||
}
|
||||
|
||||
// GetClientString obtains the human readable string of the remote IP and optionally the real client IP if available
|
||||
func GetClientString(p RealClientIPParser, req *http.Request, full bool) (s string) {
|
||||
func GetClientString(p ipapi.RealClientIPParser, req *http.Request, full bool) (s string) {
|
||||
var realClientIPStr string
|
||||
if p != nil {
|
||||
if realClientIP, err := p.GetRealClientIP(req.Header); err == nil && realClientIP != nil {
|
||||
|
|
@ -1,4 +1,4 @@
|
|||
package logging
|
||||
package ip
|
||||
|
||||
import (
|
||||
"net"
|
||||
|
|
@ -6,6 +6,7 @@ import (
|
|||
"reflect"
|
||||
"testing"
|
||||
|
||||
ipapi "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/ip"
|
||||
"github.com/stretchr/testify/assert"
|
||||
)
|
||||
|
||||
|
|
@ -144,7 +145,7 @@ func TestGetClientString(t *testing.T) {
|
|||
p := &xForwardedForClientIPParser{header: http.CanonicalHeaderKey("X-Forwarded-For")}
|
||||
|
||||
tests := []struct {
|
||||
parser RealClientIPParser
|
||||
parser ipapi.RealClientIPParser
|
||||
remoteAddr string
|
||||
headerValue string
|
||||
expectedClient string
|
||||
|
|
@ -17,9 +17,9 @@ import (
|
|||
"github.com/coreos/go-oidc"
|
||||
"github.com/dgrijalva/jwt-go"
|
||||
"github.com/mbland/hmacauth"
|
||||
"github.com/oauth2-proxy/oauth2-proxy/pkg/apis/logging"
|
||||
"github.com/oauth2-proxy/oauth2-proxy/pkg/apis/options"
|
||||
"github.com/oauth2-proxy/oauth2-proxy/pkg/encryption"
|
||||
"github.com/oauth2-proxy/oauth2-proxy/pkg/ip"
|
||||
"github.com/oauth2-proxy/oauth2-proxy/pkg/logger"
|
||||
"github.com/oauth2-proxy/oauth2-proxy/pkg/requests"
|
||||
"github.com/oauth2-proxy/oauth2-proxy/pkg/sessions"
|
||||
|
|
@ -272,7 +272,7 @@ func Validate(o *options.Options) error {
|
|||
msgs = setupLogger(o, msgs)
|
||||
|
||||
if o.ReverseProxy {
|
||||
parser, err := logging.GetRealClientIPParser(o.RealClientIPHeader)
|
||||
parser, err := ip.GetRealClientIPParser(o.RealClientIPHeader)
|
||||
if err != nil {
|
||||
msgs = append(msgs, fmt.Sprintf("real_client_ip_header (%s) not accepted parameter value: %v", o.RealClientIPHeader, err))
|
||||
}
|
||||
|
|
@ -496,7 +496,7 @@ func setupLogger(o *options.Options, msgs []string) []string {
|
|||
logger.SetAuthTemplate(o.AuthLoggingFormat)
|
||||
logger.SetReqTemplate(o.RequestLoggingFormat)
|
||||
logger.SetGetClientFunc(func(r *http.Request) string {
|
||||
return logging.GetClientString(o.GetRealClientIPParser(), r, false)
|
||||
return ip.GetClientString(o.GetRealClientIPParser(), r, false)
|
||||
})
|
||||
|
||||
excludePaths := make([]string, 0)
|
||||
|
|
|
|||
Loading…
Reference in New Issue