Add "fake ssl termination" capability to the hydra client

Replicating de "--fake-ssl-termination" option of the official hydra
client
This commit is contained in:
wpetit 2020-05-21 13:12:17 +02:00
parent 389eb3885b
commit 44338f06e3
4 changed files with 37 additions and 9 deletions

View File

@ -3,7 +3,6 @@ package main
import (
"log"
"net/http"
"time"
"gitlab.com/wpetit/goweb/cqrs"
"gitlab.com/wpetit/goweb/template/html"
@ -104,7 +103,14 @@ func getServiceContainer(conf *config.Config) (*service.Container, error) {
// Create and expose config service provider
ctn.Provide(config.ServiceName, config.ServiceProvider(conf))
ctn.Provide(hydra.ServiceName, hydra.ServiceProvider(conf.Hydra.BaseURL, 30*time.Second))
ctn.Provide(
hydra.ServiceName,
hydra.ServiceProvider(
conf.Hydra.BaseURL,
conf.Hydra.FakeSSLTermination,
conf.Hydra.HTTPClientTimeout,
),
)
ctn.Provide(mail.ServiceName, mail.ServiceProvider(
mail.WithServer(conf.SMTP.Host, conf.SMTP.Port),

View File

@ -60,6 +60,11 @@ type SMTPConfig struct {
type HydraConfig struct {
BaseURL string `yaml:"baseURL" env:"HYDRA_BASE_URL"`
// Fake upstream SSL termination adding the "X-Forwarded-Proto: https" to the OIDC client
// HTTP request headers.
// Required by ory/hydra in some networks topologies
FakeSSLTermination bool `yaml:"fakeSSLTermination" env:"HYDRA_FAKE_SSL_TERMINATION"`
HTTPClientTimeout time.Duration `yaml:"httpClientTimeout" env:"HYDRA_HTTP_CLIENT_TIMEOUT"`
}
func NewDumpDefault() *Config {
@ -91,6 +96,8 @@ func NewDefault() *Config {
},
Hydra: HydraConfig{
BaseURL: "http://localhost:4445/",
FakeSSLTermination: false,
HTTPClientTimeout: time.Second * 30, //nolint: gomnb
},
}
}

View File

@ -188,11 +188,26 @@ func fromURL(url url.URL, path string, query url.Values) string {
return url.String()
}
func NewClient(baseURL *url.URL, httpTimeout time.Duration) *Client {
type fakeSSLTerminationTransport struct {
T http.RoundTripper
}
func (t *fakeSSLTerminationTransport) RoundTrip(req *http.Request) (*http.Response, error) {
req.Header.Add("X-Forwarded-Proto", "https")
return t.T.RoundTrip(req)
}
func NewClient(baseURL *url.URL, fakeSSLTermination bool, httpTimeout time.Duration) *Client {
httpClient := &http.Client{
Timeout: httpTimeout,
}
if fakeSSLTermination {
httpClient.Transport = &fakeSSLTerminationTransport{http.DefaultTransport}
}
return &Client{
baseURL: baseURL,
http: &http.Client{
Timeout: 30 * time.Second,
},
http: httpClient,
}
}

View File

@ -8,7 +8,7 @@ import (
"gitlab.com/wpetit/goweb/service"
)
func ServiceProvider(rawBaseURL string, httpTimeout time.Duration) service.Provider {
func ServiceProvider(rawBaseURL string, fakeSSLTermination bool, httpTimeout time.Duration) service.Provider {
var (
baseURL *url.URL
err error
@ -19,7 +19,7 @@ func ServiceProvider(rawBaseURL string, httpTimeout time.Duration) service.Provi
err = errors.Wrap(err, "could not parse base url")
}
client := NewClient(baseURL, httpTimeout)
client := NewClient(baseURL, fakeSSLTermination, httpTimeout)
return func(ctn *service.Container) (interface{}, error) {
if err != nil {