enable fake TLS termination
This commit is contained in:
parent
9f8461f71a
commit
67c63ca8cd
@ -13,18 +13,19 @@ import (
|
||||
|
||||
// ConsentReqDoer fetches information on the OAuth2 request and then accept or reject the requested authentication process.
|
||||
type ConsentReqDoer struct {
|
||||
hydraURL string
|
||||
rememberFor int
|
||||
hydraURL string
|
||||
fakeTlsTermination bool
|
||||
rememberFor int
|
||||
}
|
||||
|
||||
// NewConsentReqDoer creates a ConsentRequest.
|
||||
func NewConsentReqDoer(hydraURL string, rememberFor int) *ConsentReqDoer {
|
||||
return &ConsentReqDoer{hydraURL: hydraURL, rememberFor: rememberFor}
|
||||
func NewConsentReqDoer(hydraURL string, fakeTlsTermination bool, rememberFor int) *ConsentReqDoer {
|
||||
return &ConsentReqDoer{hydraURL: hydraURL, fakeTlsTermination: fakeTlsTermination, rememberFor: rememberFor}
|
||||
}
|
||||
|
||||
// InitiateRequest fetches information on the OAuth2 request.
|
||||
func (crd *ConsentReqDoer) InitiateRequest(challenge string) (*ReqInfo, error) {
|
||||
ri, err := initiateRequest(consent, crd.hydraURL, challenge)
|
||||
ri, err := initiateRequest(consent, crd.hydraURL, crd.fakeTlsTermination, challenge)
|
||||
return ri, errors.Wrap(err, "failed to initiate consent request")
|
||||
}
|
||||
|
||||
|
@ -44,7 +44,7 @@ type ReqInfo struct {
|
||||
Subject string `json:"subject"`
|
||||
}
|
||||
|
||||
func initiateRequest(typ reqType, hydraURL, challenge string) (*ReqInfo, error) {
|
||||
func initiateRequest(typ reqType, hydraURL string, fakeTlsTermination bool, challenge string) (*ReqInfo, error) {
|
||||
if challenge == "" {
|
||||
return nil, ErrChallengeMissed
|
||||
}
|
||||
@ -58,7 +58,16 @@ func initiateRequest(typ reqType, hydraURL, challenge string) (*ReqInfo, error)
|
||||
}
|
||||
u = u.ResolveReference(ref)
|
||||
|
||||
resp, err := http.Get(u.String())
|
||||
req, err := http.NewRequest("GET", u.String(), nil)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if fakeTlsTermination {
|
||||
req.Header.Add("X-Forwarded-Proto", "https")
|
||||
}
|
||||
|
||||
client := &http.Client{}
|
||||
resp, err := client.Do(req)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
@ -13,18 +13,19 @@ import (
|
||||
|
||||
// LoginReqDoer fetches information on the OAuth2 request and then accept or reject the requested authentication process.
|
||||
type LoginReqDoer struct {
|
||||
hydraURL string
|
||||
rememberFor int
|
||||
hydraURL string
|
||||
fakeTlsTermination bool
|
||||
rememberFor int
|
||||
}
|
||||
|
||||
// NewLoginReqDoer creates a LoginRequest.
|
||||
func NewLoginReqDoer(hydraURL string, rememberFor int) *LoginReqDoer {
|
||||
return &LoginReqDoer{hydraURL: hydraURL, rememberFor: rememberFor}
|
||||
func NewLoginReqDoer(hydraURL string, fakeTlsTermination bool, rememberFor int) *LoginReqDoer {
|
||||
return &LoginReqDoer{hydraURL: hydraURL, fakeTlsTermination: fakeTlsTermination, rememberFor: rememberFor}
|
||||
}
|
||||
|
||||
// InitiateRequest fetches information on the OAuth2 request.
|
||||
func (lrd *LoginReqDoer) InitiateRequest(challenge string) (*ReqInfo, error) {
|
||||
ri, err := initiateRequest(login, lrd.hydraURL, challenge)
|
||||
ri, err := initiateRequest(login, lrd.hydraURL, lrd.fakeTlsTermination, challenge)
|
||||
return ri, errors.Wrap(err, "failed to initiate login request")
|
||||
}
|
||||
|
||||
|
@ -13,17 +13,18 @@ import (
|
||||
|
||||
// LogoutReqDoer fetches information on the OAuth2 request and then accepts or rejects the requested logout process.
|
||||
type LogoutReqDoer struct {
|
||||
hydraURL string
|
||||
hydraURL string
|
||||
fakeTlsTermination bool
|
||||
}
|
||||
|
||||
// NewLogoutReqDoer creates a LogoutRequest.
|
||||
func NewLogoutReqDoer(hydraURL string) *LogoutReqDoer {
|
||||
return &LogoutReqDoer{hydraURL: hydraURL}
|
||||
func NewLogoutReqDoer(hydraURL string, fakeTlsTermination bool) *LogoutReqDoer {
|
||||
return &LogoutReqDoer{hydraURL: hydraURL, fakeTlsTermination: fakeTlsTermination}
|
||||
}
|
||||
|
||||
// InitiateRequest fetches information on the OAuth2 request.
|
||||
func (lrd *LogoutReqDoer) InitiateRequest(challenge string) (*ReqInfo, error) {
|
||||
ri, err := initiateRequest(logout, lrd.hydraURL, challenge)
|
||||
ri, err := initiateRequest(logout, lrd.hydraURL, lrd.fakeTlsTermination, challenge)
|
||||
return ri, errors.Wrap(err, "failed to initiate logout request")
|
||||
}
|
||||
|
||||
|
@ -27,9 +27,10 @@ const loginTmplName = "login.tmpl"
|
||||
|
||||
// Config is a Hydra configuration.
|
||||
type Config struct {
|
||||
HydraURL string `envconfig:"hydra_url" required:"true" desc:"an admin URL of ORY Hydra Server"`
|
||||
SessionTTL time.Duration `envconfig:"session_ttl" default:"24h" desc:"a user session's TTL"`
|
||||
ClaimScopes map[string]string `envconfig:"claim_scopes" default:"name:profile,family_name:profile,given_name:profile,email:email,https%3A%2F%2Fgithub.com%2Fi-core%2Fwerther%2Fclaims%2Froles:roles" desc:"a mapping of OpenID Connect claims to scopes (all claims are URL encoded)"`
|
||||
HydraURL string `envconfig:"hydra_url" required:"true" desc:"an admin URL of ORY Hydra Server"`
|
||||
SessionTTL time.Duration `envconfig:"session_ttl" default:"24h" desc:"a user session's TTL"`
|
||||
ClaimScopes map[string]string `envconfig:"claim_scopes" default:"name:profile,family_name:profile,given_name:profile,email:email,https%3A%2F%2Fgithub.com%2Fi-core%2Fwerther%2Fclaims%2Froles:roles" desc:"a mapping of OpenID Connect claims to scopes (all claims are URL encoded)"`
|
||||
FakeTLSTermination bool `envconfig:"fake_tls_termination" default:"false" desc:"Fake tls termination by adding \"X-Forwarded-Proto: https\" to http headers "`
|
||||
}
|
||||
|
||||
// UserManager is an interface that is used for authentication and providing user's claims.
|
||||
@ -83,10 +84,10 @@ func NewHandler(cnf Config, um UserManager, tr TemplateRenderer) *Handler {
|
||||
// AddRoutes registers all required routes for Login & Consent Provider.
|
||||
func (h *Handler) AddRoutes(apply func(m, p string, h http.Handler, mws ...func(http.Handler) http.Handler)) {
|
||||
sessionTTL := int(h.SessionTTL.Seconds())
|
||||
apply(http.MethodGet, "/login", newLoginStartHandler(hydra.NewLoginReqDoer(h.HydraURL, 0), h.tr))
|
||||
apply(http.MethodPost, "/login", newLoginEndHandler(hydra.NewLoginReqDoer(h.HydraURL, sessionTTL), h.um, h.tr))
|
||||
apply(http.MethodGet, "/consent", newConsentHandler(hydra.NewConsentReqDoer(h.HydraURL, sessionTTL), h.um, h.ClaimScopes))
|
||||
apply(http.MethodGet, "/logout", newLogoutHandler(hydra.NewLogoutReqDoer(h.HydraURL)))
|
||||
apply(http.MethodGet, "/login", newLoginStartHandler(hydra.NewLoginReqDoer(h.HydraURL, h.FakeTLSTermination, 0), h.tr))
|
||||
apply(http.MethodPost, "/login", newLoginEndHandler(hydra.NewLoginReqDoer(h.HydraURL, h.FakeTLSTermination, sessionTTL), h.um, h.tr))
|
||||
apply(http.MethodGet, "/consent", newConsentHandler(hydra.NewConsentReqDoer(h.HydraURL, h.FakeTLSTermination, sessionTTL), h.um, h.ClaimScopes))
|
||||
apply(http.MethodGet, "/logout", newLogoutHandler(hydra.NewLogoutReqDoer(h.HydraURL, h.FakeTLSTermination)))
|
||||
}
|
||||
|
||||
// oa2LoginReqAcceptor is an interface that is used for accepting an OAuth2 login request.
|
||||
|
Loading…
Reference in New Issue
Block a user