Add "fake ssl termination" capability to the hydra client
Replicating de "--fake-ssl-termination" option of the official hydra client
This commit is contained in:
parent
389eb3885b
commit
44338f06e3
|
@ -3,7 +3,6 @@ package main
|
|||
import (
|
||||
"log"
|
||||
"net/http"
|
||||
"time"
|
||||
|
||||
"gitlab.com/wpetit/goweb/cqrs"
|
||||
"gitlab.com/wpetit/goweb/template/html"
|
||||
|
@ -104,7 +103,14 @@ func getServiceContainer(conf *config.Config) (*service.Container, error) {
|
|||
// Create and expose config service provider
|
||||
ctn.Provide(config.ServiceName, config.ServiceProvider(conf))
|
||||
|
||||
ctn.Provide(hydra.ServiceName, hydra.ServiceProvider(conf.Hydra.BaseURL, 30*time.Second))
|
||||
ctn.Provide(
|
||||
hydra.ServiceName,
|
||||
hydra.ServiceProvider(
|
||||
conf.Hydra.BaseURL,
|
||||
conf.Hydra.FakeSSLTermination,
|
||||
conf.Hydra.HTTPClientTimeout,
|
||||
),
|
||||
)
|
||||
|
||||
ctn.Provide(mail.ServiceName, mail.ServiceProvider(
|
||||
mail.WithServer(conf.SMTP.Host, conf.SMTP.Port),
|
||||
|
|
|
@ -60,6 +60,11 @@ type SMTPConfig struct {
|
|||
|
||||
type HydraConfig struct {
|
||||
BaseURL string `yaml:"baseURL" env:"HYDRA_BASE_URL"`
|
||||
// Fake upstream SSL termination adding the "X-Forwarded-Proto: https" to the OIDC client
|
||||
// HTTP request headers.
|
||||
// Required by ory/hydra in some networks topologies
|
||||
FakeSSLTermination bool `yaml:"fakeSSLTermination" env:"HYDRA_FAKE_SSL_TERMINATION"`
|
||||
HTTPClientTimeout time.Duration `yaml:"httpClientTimeout" env:"HYDRA_HTTP_CLIENT_TIMEOUT"`
|
||||
}
|
||||
|
||||
func NewDumpDefault() *Config {
|
||||
|
@ -91,6 +96,8 @@ func NewDefault() *Config {
|
|||
},
|
||||
Hydra: HydraConfig{
|
||||
BaseURL: "http://localhost:4445/",
|
||||
FakeSSLTermination: false,
|
||||
HTTPClientTimeout: time.Second * 30, //nolint: gomnb
|
||||
},
|
||||
}
|
||||
}
|
||||
|
|
|
@ -188,11 +188,26 @@ func fromURL(url url.URL, path string, query url.Values) string {
|
|||
return url.String()
|
||||
}
|
||||
|
||||
func NewClient(baseURL *url.URL, httpTimeout time.Duration) *Client {
|
||||
type fakeSSLTerminationTransport struct {
|
||||
T http.RoundTripper
|
||||
}
|
||||
|
||||
func (t *fakeSSLTerminationTransport) RoundTrip(req *http.Request) (*http.Response, error) {
|
||||
req.Header.Add("X-Forwarded-Proto", "https")
|
||||
return t.T.RoundTrip(req)
|
||||
}
|
||||
|
||||
func NewClient(baseURL *url.URL, fakeSSLTermination bool, httpTimeout time.Duration) *Client {
|
||||
httpClient := &http.Client{
|
||||
Timeout: httpTimeout,
|
||||
}
|
||||
|
||||
if fakeSSLTermination {
|
||||
httpClient.Transport = &fakeSSLTerminationTransport{http.DefaultTransport}
|
||||
}
|
||||
|
||||
return &Client{
|
||||
baseURL: baseURL,
|
||||
http: &http.Client{
|
||||
Timeout: 30 * time.Second,
|
||||
},
|
||||
http: httpClient,
|
||||
}
|
||||
}
|
||||
|
|
|
@ -8,7 +8,7 @@ import (
|
|||
"gitlab.com/wpetit/goweb/service"
|
||||
)
|
||||
|
||||
func ServiceProvider(rawBaseURL string, httpTimeout time.Duration) service.Provider {
|
||||
func ServiceProvider(rawBaseURL string, fakeSSLTermination bool, httpTimeout time.Duration) service.Provider {
|
||||
var (
|
||||
baseURL *url.URL
|
||||
err error
|
||||
|
@ -19,7 +19,7 @@ func ServiceProvider(rawBaseURL string, httpTimeout time.Duration) service.Provi
|
|||
err = errors.Wrap(err, "could not parse base url")
|
||||
}
|
||||
|
||||
client := NewClient(baseURL, httpTimeout)
|
||||
client := NewClient(baseURL, fakeSSLTermination, httpTimeout)
|
||||
|
||||
return func(ctn *service.Container) (interface{}, error) {
|
||||
if err != nil {
|
||||
|
|
Loading…
Reference in New Issue