From 44338f06e3058e199d7f1b74eef99e8e52defd7b Mon Sep 17 00:00:00 2001 From: William Petit Date: Thu, 21 May 2020 13:12:17 +0200 Subject: [PATCH] Add "fake ssl termination" capability to the hydra client Replicating de "--fake-ssl-termination" option of the official hydra client --- cmd/server/container.go | 10 ++++++++-- internal/config/config.go | 9 ++++++++- internal/hydra/client.go | 23 +++++++++++++++++++---- internal/hydra/provider.go | 4 ++-- 4 files changed, 37 insertions(+), 9 deletions(-) diff --git a/cmd/server/container.go b/cmd/server/container.go index 2feb23b..8c0a9ae 100644 --- a/cmd/server/container.go +++ b/cmd/server/container.go @@ -3,7 +3,6 @@ package main import ( "log" "net/http" - "time" "gitlab.com/wpetit/goweb/cqrs" "gitlab.com/wpetit/goweb/template/html" @@ -104,7 +103,14 @@ func getServiceContainer(conf *config.Config) (*service.Container, error) { // Create and expose config service provider ctn.Provide(config.ServiceName, config.ServiceProvider(conf)) - ctn.Provide(hydra.ServiceName, hydra.ServiceProvider(conf.Hydra.BaseURL, 30*time.Second)) + ctn.Provide( + hydra.ServiceName, + hydra.ServiceProvider( + conf.Hydra.BaseURL, + conf.Hydra.FakeSSLTermination, + conf.Hydra.HTTPClientTimeout, + ), + ) ctn.Provide(mail.ServiceName, mail.ServiceProvider( mail.WithServer(conf.SMTP.Host, conf.SMTP.Port), diff --git a/internal/config/config.go b/internal/config/config.go index d12e6b0..5c76227 100644 --- a/internal/config/config.go +++ b/internal/config/config.go @@ -60,6 +60,11 @@ type SMTPConfig struct { type HydraConfig struct { BaseURL string `yaml:"baseURL" env:"HYDRA_BASE_URL"` + // Fake upstream SSL termination adding the "X-Forwarded-Proto: https" to the OIDC client + // HTTP request headers. + // Required by ory/hydra in some networks topologies + FakeSSLTermination bool `yaml:"fakeSSLTermination" env:"HYDRA_FAKE_SSL_TERMINATION"` + HTTPClientTimeout time.Duration `yaml:"httpClientTimeout" env:"HYDRA_HTTP_CLIENT_TIMEOUT"` } func NewDumpDefault() *Config { @@ -90,7 +95,9 @@ func NewDefault() *Config { SenderName: "noreply", }, Hydra: HydraConfig{ - BaseURL: "http://localhost:4445/", + BaseURL: "http://localhost:4445/", + FakeSSLTermination: false, + HTTPClientTimeout: time.Second * 30, //nolint: gomnb }, } } diff --git a/internal/hydra/client.go b/internal/hydra/client.go index 4dc5c16..50050ee 100644 --- a/internal/hydra/client.go +++ b/internal/hydra/client.go @@ -188,11 +188,26 @@ func fromURL(url url.URL, path string, query url.Values) string { return url.String() } -func NewClient(baseURL *url.URL, httpTimeout time.Duration) *Client { +type fakeSSLTerminationTransport struct { + T http.RoundTripper +} + +func (t *fakeSSLTerminationTransport) RoundTrip(req *http.Request) (*http.Response, error) { + req.Header.Add("X-Forwarded-Proto", "https") + return t.T.RoundTrip(req) +} + +func NewClient(baseURL *url.URL, fakeSSLTermination bool, httpTimeout time.Duration) *Client { + httpClient := &http.Client{ + Timeout: httpTimeout, + } + + if fakeSSLTermination { + httpClient.Transport = &fakeSSLTerminationTransport{http.DefaultTransport} + } + return &Client{ baseURL: baseURL, - http: &http.Client{ - Timeout: 30 * time.Second, - }, + http: httpClient, } } diff --git a/internal/hydra/provider.go b/internal/hydra/provider.go index 195038e..63df1ee 100644 --- a/internal/hydra/provider.go +++ b/internal/hydra/provider.go @@ -8,7 +8,7 @@ import ( "gitlab.com/wpetit/goweb/service" ) -func ServiceProvider(rawBaseURL string, httpTimeout time.Duration) service.Provider { +func ServiceProvider(rawBaseURL string, fakeSSLTermination bool, httpTimeout time.Duration) service.Provider { var ( baseURL *url.URL err error @@ -19,7 +19,7 @@ func ServiceProvider(rawBaseURL string, httpTimeout time.Duration) service.Provi err = errors.Wrap(err, "could not parse base url") } - client := NewClient(baseURL, httpTimeout) + client := NewClient(baseURL, fakeSSLTermination, httpTimeout) return func(ctn *service.Container) (interface{}, error) { if err != nil {