public_git
/
oauth2-proxy
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merging changes

This commit is contained in:
MisterWil 2019-04-12 09:26:44 -07:00
parent 1f15631547
commit d77119be55
5 changed files with 19 additions and 76 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
Gopkg.lock generated
View File

@ -222,6 +222,7 @@
"github.com/mreiferson/go-options", "github.com/mreiferson/go-options",
"github.com/stretchr/testify/assert", "github.com/stretchr/testify/assert",
"github.com/stretchr/testify/require", "github.com/stretchr/testify/require",
"github.com/yhat/wsutil",
"golang.org/x/crypto/bcrypt", "golang.org/x/crypto/bcrypt",
"golang.org/x/net/websocket", "golang.org/x/net/websocket",
"golang.org/x/oauth2", "golang.org/x/oauth2",

3
logging_handler.go
View File

@ -4,6 +4,9 @@
package main package main
import ( import (
"bufio"
"errors"
"net"
"net/http" "net/http"
"time" "time"

14
main.go
View File

@ -3,7 +3,6 @@ package main
import ( import (
"flag" "flag"
"fmt" "fmt"
"log"
"math/rand" "math/rand"
"net/http" "net/http"
"os" "os"
@ -13,6 +12,7 @@ import (
"github.com/BurntSushi/toml" "github.com/BurntSushi/toml"
options "github.com/mreiferson/go-options" options "github.com/mreiferson/go-options"
"github.com/pusher/oauth2_proxy/logger"
) )
func main() { func main() {
@ -20,7 +20,7 @@ func main() {
flagSet := flag.NewFlagSet("oauth2_proxy", flag.ExitOnError) flagSet := flag.NewFlagSet("oauth2_proxy", flag.ExitOnError)
emailDomains := StringArray{} emailDomains := StringArray{}
whitelistDomains := StringArray{} whitelistandardomains := StringArray{}
upstreams := StringArray{} upstreams := StringArray{}
skipAuthRegex := StringArray{} skipAuthRegex := StringArray{}
googleGroups := StringArray{} googleGroups := StringArray{}
@ -49,7 +49,7 @@ func main() {
flagSet.Duration("flush-interval", time.Duration(1)*time.Second, "period between response flushing when streaming responses") flagSet.Duration("flush-interval", time.Duration(1)*time.Second, "period between response flushing when streaming responses")
flagSet.Var(&emailDomains, "email-domain", "authenticate emails with the specified domain (may be given multiple times). Use * to authenticate any email") flagSet.Var(&emailDomains, "email-domain", "authenticate emails with the specified domain (may be given multiple times). Use * to authenticate any email")
flagSet.Var(&whitelistDomains, "whitelist-domain", "allowed domains for redirection after authentication. Prefix domain with a . to allow subdomains (eg .example.com)") flagSet.Var(&whitelistandardomains, "whitelist-domain", "allowed domains for redirection after authentication. Prefix domain with a . to allow subdomains (eg .example.com)")
flagSet.String("azure-tenant", "common", "go to a tenant-specific or common (tenant-independent) endpoint.") flagSet.String("azure-tenant", "common", "go to a tenant-specific or common (tenant-independent) endpoint.")
flagSet.String("github-org", "", "restrict logins to members of this organisation") flagSet.String("github-org", "", "restrict logins to members of this organisation")
flagSet.String("github-team", "", "restrict logins to members of this team") flagSet.String("github-team", "", "restrict logins to members of this team")
@ -158,16 +158,12 @@ func main() {
var handler http.Handler var handler http.Handler
if opts.GCPHealthChecks { if opts.GCPHealthChecks {
handler = gcpHealthcheck(LoggingHandler(os.Stdout, oauthproxy, opts.RequestLogging, opts.RequestLoggingFormat)) handler = gcpHealthcheck(LoggingHandler(oauthproxy))
} else { } else {
handler = LoggingHandler(os.Stdout, oauthproxy, opts.RequestLogging, opts.RequestLoggingFormat) handler = LoggingHandler(oauthproxy)
} }
s := &Server{ s := &Server{
<<<<<<< HEAD
Handler: handler, Handler: handler,
=======
Handler: LoggingHandler(oauthproxy),
>>>>>>> Auth and standard logging with file rolling
Opts: opts, Opts: opts,
} }
s.ListenAndServe() s.ListenAndServe()

21
oauthproxy.go
View File

@ -185,23 +185,10 @@ func NewOAuthProxy(opts *Options, validator func(string) bool) *OAuthProxy {
path := u.Path path := u.Path
switch u.Scheme { switch u.Scheme {
case httpScheme, httpsScheme: case httpScheme, httpsScheme:
<<<<<<< HEAD logger.Printf("mapping path %q => upstream %q", path, u)
log.Printf("mapping path %q => upstream %q", path, u)
proxy := NewWebSocketOrRestReverseProxy(u, opts, auth) proxy := NewWebSocketOrRestReverseProxy(u, opts, auth)
serveMux.Handle(path, proxy) serveMux.Handle(path, proxy)
=======
u.Path = ""
logger.Printf("mapping path %q => upstream %q", path, u)
proxy := NewReverseProxy(u, opts.FlushInterval)
if !opts.PassHostHeader {
setProxyUpstreamHostHeader(proxy, u)
} else {
setProxyDirector(proxy)
}
serveMux.Handle(path,
&UpstreamProxy{u.Host, proxy, auth})
>>>>>>> Auth and standard logging with file rolling
case "file": case "file":
if u.Fragment != "" { if u.Fragment != "" {
path = u.Fragment path = u.Fragment
@ -228,11 +215,7 @@ func NewOAuthProxy(opts *Options, validator func(string) bool) *OAuthProxy {
refresh = fmt.Sprintf("after %s", opts.CookieRefresh) refresh = fmt.Sprintf("after %s", opts.CookieRefresh)
} }
<<<<<<< HEAD logger.Printf("Cookie settings: name:%s secure(https):%v httponly:%v expiry:%s domain:%s path:%s refresh:%s", opts.CookieName, opts.CookieSecure, opts.CookieHTTPOnly, opts.CookieExpire, opts.CookieDomain, opts.CookiePath, refresh)
log.Printf("Cookie settings: name:%s secure(https):%v httponly:%v expiry:%s domain:%s path:%s refresh:%s", opts.CookieName, opts.CookieSecure, opts.CookieHTTPOnly, opts.CookieExpire, opts.CookieDomain, opts.CookiePath, refresh)
=======
logger.Printf("Cookie settings: name:%s secure(https):%v httponly:%v expiry:%s domain:%s refresh:%s", opts.CookieName, opts.CookieSecure, opts.CookieHTTPOnly, opts.CookieExpire, opts.CookieDomain, refresh)
>>>>>>> Auth and standard logging with file rolling
var cipher *cookie.Cipher var cipher *cookie.Cipher
if opts.PassAccessToken || opts.SetAuthorization || opts.PassAuthorization || (opts.CookieRefresh != time.Duration(0)) { if opts.PassAccessToken || opts.SetAuthorization || opts.PassAuthorization || (opts.CookieRefresh != time.Duration(0)) {

50
options.go
View File

@ -18,7 +18,7 @@ import (
"github.com/mbland/hmacauth" "github.com/mbland/hmacauth"
"github.com/pusher/oauth2_proxy/logger" "github.com/pusher/oauth2_proxy/logger"
"github.com/pusher/oauth2_proxy/providers" "github.com/pusher/oauth2_proxy/providers"
lumberjack "gopkg.in/natefinch/lumberjack.v2" "gopkg.in/natefinch/lumberjack.v2"
) )
// Options holds Configuration Options that can be set by Command Line Flag, // Options holds Configuration Options that can be set by Command Line Flag,
@ -74,7 +74,6 @@ type Options struct {
// These options allow for other providers besides Google, with // These options allow for other providers besides Google, with
// potential overrides. // potential overrides.
<<<<<<< HEAD
Provider string `flag:"provider" cfg:"provider" env:"OAUTH2_PROXY_PROVIDER"` Provider string `flag:"provider" cfg:"provider" env:"OAUTH2_PROXY_PROVIDER"`
OIDCIssuerURL string `flag:"oidc-issuer-url" cfg:"oidc_issuer_url" env:"OAUTH2_PROXY_OIDC_ISSUER_URL"` OIDCIssuerURL string `flag:"oidc-issuer-url" cfg:"oidc_issuer_url" env:"OAUTH2_PROXY_OIDC_ISSUER_URL"`
SkipOIDCDiscovery bool `flag:"skip-oidc-discovery" cfg:"skip_oidc_discovery" env:"OAUTH2_SKIP_OIDC_DISCOVERY"` SkipOIDCDiscovery bool `flag:"skip-oidc-discovery" cfg:"skip_oidc_discovery" env:"OAUTH2_SKIP_OIDC_DISCOVERY"`
@ -87,25 +86,6 @@ type Options struct {
Scope string `flag:"scope" cfg:"scope" env:"OAUTH2_PROXY_SCOPE"` Scope string `flag:"scope" cfg:"scope" env:"OAUTH2_PROXY_SCOPE"`
ApprovalPrompt string `flag:"approval-prompt" cfg:"approval_prompt" env:"OAUTH2_PROXY_APPROVAL_PROMPT"` ApprovalPrompt string `flag:"approval-prompt" cfg:"approval_prompt" env:"OAUTH2_PROXY_APPROVAL_PROMPT"`
RequestLogging bool `flag:"request-logging" cfg:"request_logging" env:"OAUTH2_PROXY_REQUEST_LOGGING"`
RequestLoggingFormat string `flag:"request-logging-format" cfg:"request_logging_format" env:"OAUTH2_PROXY_REQUEST_LOGGING_FORMAT"`
SignatureKey string `flag:"signature-key" cfg:"signature_key" env:"OAUTH2_PROXY_SIGNATURE_KEY"`
AcrValues string `flag:"acr-values" cfg:"acr_values" env:"OAUTH2_PROXY_ACR_VALUES"`
JWTKey string `flag:"jwt-key" cfg:"jwt_key" env:"OAUTH2_PROXY_JWT_KEY"`
PubJWKURL string `flag:"pubjwk-url" cfg:"pubjwk_url" env:"OAUTH2_PROXY_PUBJWK_URL"`
GCPHealthChecks bool `flag:"gcp-healthchecks" cfg:"gcp_healthchecks" env:"OAUTH2_PROXY_GCP_HEALTHCHECKS"`
=======
Provider string `flag:"provider" cfg:"provider"`
OIDCIssuerURL string `flag:"oidc-issuer-url" cfg:"oidc_issuer_url"`
LoginURL string `flag:"login-url" cfg:"login_url"`
RedeemURL string `flag:"redeem-url" cfg:"redeem_url"`
ProfileURL string `flag:"profile-url" cfg:"profile_url"`
ProtectedResource string `flag:"resource" cfg:"resource"`
ValidateURL string `flag:"validate-url" cfg:"validate_url"`
Scope string `flag:"scope" cfg:"scope"`
ApprovalPrompt string `flag:"approval-prompt" cfg:"approval_prompt"`
// Configuration values for logging // Configuration values for logging
LoggingFilename string `flag:"logging-filename" cfg:"logging_filename"` LoggingFilename string `flag:"logging-filename" cfg:"logging_filename"`
LoggingMaxSize int `flag:"logging-max-size" cfg:"logging_max_size"` LoggingMaxSize int `flag:"logging-max-size" cfg:"logging_max_size"`
@ -121,7 +101,10 @@ type Options struct {
AuthLoggingFormat string `flag:"auth-logging-format" cfg:"auth_logging_format"` AuthLoggingFormat string `flag:"auth-logging-format" cfg:"auth_logging_format"`
SignatureKey string `flag:"signature-key" cfg:"signature_key" env:"OAUTH2_PROXY_SIGNATURE_KEY"` SignatureKey string `flag:"signature-key" cfg:"signature_key" env:"OAUTH2_PROXY_SIGNATURE_KEY"`
>>>>>>> Auth and standard logging with file rolling AcrValues string `flag:"acr-values" cfg:"acr_values" env:"OAUTH2_PROXY_ACR_VALUES"`
JWTKey string `flag:"jwt-key" cfg:"jwt_key" env:"OAUTH2_PROXY_JWT_KEY"`
PubJWKURL string `flag:"pubjwk-url" cfg:"pubjwk_url" env:"OAUTH2_PROXY_PUBJWK_URL"`
GCPHealthChecks bool `flag:"gcp-healthchecks" cfg:"gcp_healthchecks" env:"OAUTH2_PROXY_GCP_HEALTHCHECKS"`
// internal values that are set after config validation // internal values that are set after config validation
redirectURL *url.URL redirectURL *url.URL
@ -141,7 +124,6 @@ type SignatureData struct {
// NewOptions constructs a new Options with defaulted values // NewOptions constructs a new Options with defaulted values
func NewOptions() *Options { func NewOptions() *Options {
return &Options{ return &Options{
<<<<<<< HEAD
ProxyPrefix: "/oauth2", ProxyPrefix: "/oauth2",
ProxyWebSockets: true, ProxyWebSockets: true,
HTTPAddress: "127.0.0.1:4180", HTTPAddress: "127.0.0.1:4180",
@ -161,28 +143,7 @@ func NewOptions() *Options {
SetAuthorization: false, SetAuthorization: false,
PassAuthorization: false, PassAuthorization: false,
ApprovalPrompt: "force", ApprovalPrompt: "force",
RequestLogging: true,
SkipOIDCDiscovery: false, SkipOIDCDiscovery: false,
RequestLoggingFormat: defaultRequestLoggingFormat,
=======
ProxyPrefix: "/oauth2",
HTTPAddress: "127.0.0.1:4180",
HTTPSAddress: ":443",
DisplayHtpasswdForm: true,
CookieName: "_oauth2_proxy",
CookieSecure: true,
CookieHTTPOnly: true,
CookieExpire: time.Duration(168) * time.Hour,
CookieRefresh: time.Duration(0),
SetXAuthRequest: false,
SkipAuthPreflight: false,
PassBasicAuth: true,
PassUserHeaders: true,
PassAccessToken: false,
PassHostHeader: true,
SetAuthorization: false,
PassAuthorization: false,
ApprovalPrompt: "force",
LoggingFilename: "", LoggingFilename: "",
LoggingMaxSize: 100, LoggingMaxSize: 100,
LoggingMaxAge: 7, LoggingMaxAge: 7,
@ -195,7 +156,6 @@ func NewOptions() *Options {
RequestLoggingFormat: logger.DefaultRequestLoggingFormat, RequestLoggingFormat: logger.DefaultRequestLoggingFormat,
AuthLogging: true, AuthLogging: true,
AuthLoggingFormat: logger.DefaultAuthLoggingFormat, AuthLoggingFormat: logger.DefaultAuthLoggingFormat,
>>>>>>> Auth and standard logging with file rolling
} }
} }