public_git
/
oauth2-proxy
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
A reverse proxy that provides authentication with Google, Azure, OpenID Connect and many more identity providers.
1,514 Commits 29 Branches 41 Tags 50 MiB
Go 98.1%
Makefile 0.9%
HTML 0.5%
Shell 0.3%
Dockerfile 0.2%
Go to file
Kevin Kreitner f648c54d87
Add redis lock feature (#1063) 
* Add sensible logging flag to default setup for logger

* Add Redis lock

* Fix default value flag for sensitive logging

* Split RefreshSessionIfNeeded in two methods and use Redis lock

* Small adjustments to doc and code

* Remove sensible logging

* Fix method names in ticket.go

* Revert "Fix method names in ticket.go"

This reverts commit 408ba1a1a5.

* Fix methods name in ticket.go

* Remove block in Redis client get

* Increase lock time to 1 second

* Perform retries, if session store is locked

* Reverse if condition, because it should return if session does not have to be refreshed

* Update go.sum

* Update MockStore

* Return error if loading session fails

* Fix and update tests

* Change validSession to session in docs and strings

* Change validSession to session in docs and strings

* Fix docs

* Fix wrong field name

* Fix linting

* Fix imports for linting

* Revert changes except from locking functionality

* Add lock feature on session state

* Update from master

* Remove errors package, because it is not used

* Only pass context instead of request to lock

* Use lock key

* By default use NoOpLock

* Remove debug output

* Update ticket_test.go

* Map internal error to sessions error

* Add ErrLockNotObtained

* Enable lock peek for all redis clients

* Use lock key prefix consistent

* Fix imports

* Use exists method for peek lock

* Fix imports

* Fix imports

* Fix imports

* Remove own Dockerfile

* Fix imports

* Fix tests for ticket and session store

* Fix session store test

* Update pkg/apis/sessions/interfaces.go

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>

* Do not wrap lock method

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>

* Use errors package for lock constants

* Use better naming for initLock function

* Add comments

* Add session store lock test

* Fix tests

* Fix tests

* Fix tests

* Fix tests

* Add cookies after saving session

* Add mock lock

* Fix imports for mock_lock.go

* Store mock lock for key

* Apply elapsed time on mock lock

* Check if lock is initially applied

* Reuse existing lock

* Test all lock methods

* Update CHANGELOG.md

* Use redis client methods in redis.lock for release an refresh

* Use lock key suffix instead of prefix for lock key

* Add comments for Lock interface

* Update comment for Lock interface

* Update CHANGELOG.md

* Change LockSuffix to const

* Check lock on already loaded session

* Use global var for loadedSession in lock tests

* Use lock instance for refreshing and releasing of lock

* Update possible error type for Refresh

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
 		2021-06-02 19:08:19 +01:00
.github Don't download dependencies using go mod 2021-02-19 11:31:00 +00:00
contrib Update Changelog for release v7.1.3 2021-04-28 09:41:18 -07:00
docs Add alternative ways to generate cookie secrets to docs 2021-05-23 20:12:08 +01:00
pkg Add redis lock feature (#1063) 2021-06-02 19:08:19 +01:00
providers Support nonce checks in OIDC Provider (#967) 2021-04-21 10:33:27 +01:00
testdata Rename test directory to testdata 2020-10-06 21:37:25 +09:00
tools Generate reference page in configuration 2021-01-18 09:57:44 +00:00
.dockerignore Reduce docker context to improve build times 2020-07-07 20:51:43 +01:00
.gitignore Set up code coverage within Travis for Code Climate (#533) 2020-05-10 07:29:37 +01:00
.golangci.yml Skip gosec linting on tests 2020-08-09 07:55:41 -07:00
CHANGELOG.md Add redis lock feature (#1063) 2021-06-02 19:08:19 +01:00
CONTRIBUTING.md Drop configure script in favour of native Makefile env and checks (#515) 2020-05-09 16:07:46 +01:00
Dockerfile Minor change to the Dockerfile to improve build speed (#1139) 2021-03-29 19:08:40 +01:00
Dockerfile.arm64 Minor change to the Dockerfile to improve build speed (#1139) 2021-03-29 19:08:40 +01:00
Dockerfile.armv6 Minor change to the Dockerfile to improve build speed (#1139) 2021-03-29 19:08:40 +01:00
LICENSE add MIT license for google_auth_proxy 2014-06-09 16:25:26 -04:00
MAINTAINERS Add NickMeves to MAINTAINERS 2021-01-10 10:56:01 -08:00
Makefile Update release process to use makefile go version check (#1027) 2021-02-06 15:19:33 -08:00
README.md Update changelog for v7.1.0 release 2021-03-25 17:21:08 +00:00
RELEASE.md Migrate to oauth2-proxy/oauth2-proxy 2020-03-29 15:40:10 +01:00
SECURITY.md Add Security Policy 2021-01-16 19:47:47 +00:00
dist.sh Update release process to use makefile go version check (#1027) 2021-02-06 15:19:33 -08:00
go.mod Add redis lock feature (#1063) 2021-06-02 19:08:19 +01:00
go.sum Add redis lock feature (#1063) 2021-06-02 19:08:19 +01:00
main.go Integrate new server implementation into main OAuth2 Proxy 2021-03-07 11:49:11 +00:00
main_suite_test.go Ensure errors in tests are logged to the GinkgoWriter 2021-02-10 19:50:04 +00:00
main_test.go Support nonce checks in OIDC Provider (#967) 2021-04-21 10:33:27 +01:00
nsswitch.conf Add nsswitch.conf to Docker image (#400) 2020-02-23 18:16:18 +00:00
oauthproxy.go Add pagewriter to upstream proxy 2021-05-10 11:14:05 +01:00
oauthproxy_test.go Support nonce checks in OIDC Provider (#967) 2021-04-21 10:33:27 +01:00
validator.go Fix import path for v7 (#800) 2020-09-29 17:44:42 +01:00
validator_test.go remove unnecessary validator tests (#288) 2019-10-18 08:49:33 -07:00
version.go Introduce Makefile 2019-01-04 10:58:30 +00:00
watcher.go Fix import path for v7 (#800) 2020-09-29 17:44:42 +01:00
watcher_unsupported.go Fix import path for v7 (#800) 2020-09-29 17:44:42 +01:00

README.md

OAuth2 Proxy

Build Status Go Report Card GoDoc MIT licensed Maintainability Test Coverage

A reverse proxy and static file server that provides authentication using Providers (Google, GitHub, and others) to validate accounts by email, domain or group.

Note: This repository was forked from bitly/OAuth2_Proxy on 27/11/2018. Versions v3.0.0 and up are from this fork and will have diverged from any changes in the original fork. A list of changes can be seen in the CHANGELOG.

Note: This project was formerly hosted as pusher/oauth2_proxy but has been renamed as of 29/03/2020 to oauth2-proxy/oauth2-proxy. Going forward, all images shall be available at quay.io/oauth2-proxy/oauth2-proxy and binaries will be named oauth2-proxy.

Sign In Page

Installation

  1. Choose how to deploy:

    a. Download Prebuilt Binary (current release is v7.1.0)

    b. Build with $ go get github.com/oauth2-proxy/oauth2-proxy which will put the binary in $GOROOT/bin

    c. Using the prebuilt docker image quay.io/oauth2-proxy/oauth2-proxy (AMD64, ARMv6 and ARM64 tags available)

Prebuilt binaries can be validated by extracting the file and verifying it against the sha256sum.txt checksum file provided for each release starting with version v3.0.0.

sha256sum -c sha256sum.txt 2>&1 | grep OK
oauth2-proxy-x.y.z.linux-amd64: OK
  1. Select a Provider and Register an OAuth Application with a Provider
  2. Configure OAuth2 Proxy using config file, command line options, or environment variables
  3. Configure SSL or Deploy behind a SSL endpoint (example provided for Nginx)

Security

If you are running a version older than v6.0.0 we strongly recommend you please update to a current version. See open redirect vulnverability for details.

Docs

Read the docs on our Docs site.

OAuth2 Proxy Architecture

Getting Involved

If you would like to reach out to the maintainers, come talk to us in the #oauth2-proxy channel in the Gophers slack.

Contributing

Please see our Contributing guidelines. For releasing see our release creation guide.