feat: use destination path as prefix when rewritting url

feat(authn-oidc): allow overwriting of cookie name
feat(authn-oidc): include proxy in cookie name
2024-06-24 17:18:31 +02:00 · 2024-06-05 16:13:45 +02:00 · 2024-06-05 16:00:23 +02:00
3 changed files with 17 additions and 7 deletions
--- a/internal/proxy/director/director.go
+++ b/internal/proxy/director/director.go
@ -70,6 +70,7 @@ MAIN:

 	r.URL.Host = toURL.Host
 	r.URL.Scheme = toURL.Scheme
+	r.URL.Path = toURL.JoinPath(r.URL.Path).Path

 	ctx = logger.With(ctx,
 		logger.F("proxy", match.Name),
@ -77,6 +78,11 @@ MAIN:
 		logger.F("remoteAddr", r.RemoteAddr),
 	)

+	logger.Debug(
+		ctx, "rewritten url",
+		logger.F("rewrittenURL", r.URL.String()),
+	)
+
 	metricProxyRequestsTotal.With(prometheus.Labels{metricLabelProxy: string(match.Name)}).Add(1)

 	ctx = withProxy(ctx, match)
--- a/internal/proxy/director/layer/authn/oidc/authenticator.go
+++ b/internal/proxy/director/layer/authn/oidc/authenticator.go
@ -42,7 +42,7 @@ func (a *Authenticator) PreAuthentication(w http.ResponseWriter, r *http.Request
 		return errors.WithStack(err)
 	}

-	sess, err := a.store.Get(r, a.getCookieName(options.Cookie.Name, layer.Name))
+	sess, err := a.store.Get(r, a.getCookieName(options.Cookie.Name, layer.Proxy, layer.Name))
 	if err != nil {
 		logger.Error(ctx, "could not retrieve session", logger.E(errors.WithStack(err)))
 	}
@ -121,7 +121,7 @@ func (a *Authenticator) Authenticate(w http.ResponseWriter, r *http.Request, lay
 		return nil, errors.WithStack(err)
 	}

-	sess, err := a.store.Get(r, a.getCookieName(options.Cookie.Name, layer.Name))
+	sess, err := a.store.Get(r, a.getCookieName(options.Cookie.Name, layer.Proxy, layer.Name))
 	if err != nil {
 		return nil, errors.WithStack(err)
 	}
@ -401,8 +401,14 @@ func (a *Authenticator) getClient(options *LayerOptions, redirectURL string) (*C
 	return client, nil
 }

-func (a *Authenticator) getCookieName(cookieName string, layerName store.LayerName) string {
-	return fmt.Sprintf("%s_%s", cookieName, layerName)
+const defaultCookieNamePrefix = "_bouncer_authn_oidc"
+
+func (a *Authenticator) getCookieName(cookieName string, proxyName store.ProxyName, layerName store.LayerName) string {
+	if cookieName != "" {
+		return cookieName
+	}
+
+	return strings.ToLower(fmt.Sprintf("%s_%s_%s", defaultCookieNamePrefix, proxyName, layerName))
 }

 var (
--- a/internal/proxy/director/layer/authn/oidc/layer_options.go
+++ b/internal/proxy/director/layer/authn/oidc/layer_options.go
@ -8,8 +8,6 @@ import (
 	"github.com/pkg/errors"
 )

-const defaultCookieName = "_bouncer_authn_oidc"
-
 type LayerOptions struct {
 	authn.LayerOptions
 	OIDC   OIDCOptions   `mapstructure:"oidc"`
@ -57,7 +55,7 @@ func fromStoreOptions(storeOptions store.LayerOptions) (*LayerOptions, error) {
 			Scopes:                 []string{"openid"},
 		},
 		Cookie: CookieOptions{
-			Name:     defaultCookieName,
+			Name:     "",
 			Path:     "/",
 			HTTPOnly: true,
 			MaxAge:   time.Hour,
Author	SHA1	Message	Date
William Petit	1009eb19aa	feat: use destination path as prefix when rewritting url All checks were successful Cadoles/bouncer/pipeline/head This commit looks good Details	2024-06-24 17:18:31 +02:00
William Petit	19fda6aa64	feat(authn-oidc): allow overwriting of cookie name All checks were successful Cadoles/bouncer/pipeline/head This commit looks good Details	2024-06-05 16:13:45 +02:00
William Petit	65238f1ff3	feat(authn-oidc): include proxy in cookie name All checks were successful Cadoles/bouncer/pipeline/head This commit looks good Details	2024-06-05 16:00:23 +02:00