proxy

package
v0.0.0-...-8acb9dd Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 16, 2021 License: GPL-3.0 Imports: 26 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	// ErrNeedsLogin means the user should be redirected to the login page
	ErrNeedsLogin = errors.New("redirect to login page")
)

Functions

This section is empty.

Types

type Claims 

type Claims struct {
	Proxy struct {
		UserAttributes map[string]interface{} `json:"user_attributes"`
	} `json:"ak_proxy"`
}

func (*Claims) FromIDToken 

func (c *Claims) FromIDToken(idToken string) error

type OAuthProxy 

type OAuthProxy struct {
	CookieSeed     string
	CookieName     string
	CSRFCookieName string
	CookieDomains  []string
	CookiePath     string
	CookieSecure   bool
	CookieHTTPOnly bool
	CookieExpire   time.Duration
	CookieRefresh  time.Duration
	CookieSameSite string

	RobotsPath        string
	SignInPath        string
	SignOutPath       string
	OAuthStartPath    string
	OAuthCallbackPath string
	AuthOnlyPath      string
	UserInfoPath      string

	ProxyPrefix string

	SetXAuthRequest            bool
	SetBasicAuth               bool
	PassUserHeaders            bool
	BasicAuthUserAttribute     string
	BasicAuthPasswordAttribute string
	PassAccessToken            bool
	SetAuthorization           bool
	PassAuthorization          bool
	PreferEmailToUser          bool
	// contains filtered or unexported fields
}

OAuthProxy is the main authentication proxy

func NewOAuthProxy 

func NewOAuthProxy(opts *options.Options) (*OAuthProxy, error)

NewOAuthProxy creates a new instance of OAuthProxy from the options provided

func (*OAuthProxy) AuthenticateOnly 

func (p *OAuthProxy) AuthenticateOnly(rw http.ResponseWriter, req *http.Request)

AuthenticateOnly checks whether the user is currently logged in

func (*OAuthProxy) ClearCSRFCookie 

func (p *OAuthProxy) ClearCSRFCookie(rw http.ResponseWriter, req *http.Request)

ClearCSRFCookie creates a cookie to unset the CSRF cookie stored in the user's session

func (*OAuthProxy) ClearSessionCookie 

func (p *OAuthProxy) ClearSessionCookie(rw http.ResponseWriter, req *http.Request) error

ClearSessionCookie creates a cookie to unset the user's authentication cookie stored in the user's session

func (*OAuthProxy) ErrorJSON 

func (p *OAuthProxy) ErrorJSON(rw http.ResponseWriter, code int)

ErrorJSON returns the error code with an application/json mime type

func (*OAuthProxy) ErrorPage 

func (p *OAuthProxy) ErrorPage(rw http.ResponseWriter, code int, title string, message string)

ErrorPage writes an error response

func (*OAuthProxy) GetRedirect 

func (p *OAuthProxy) GetRedirect(req *http.Request) (redirect string, err error)

GetRedirect reads the query parameter to get the URL to redirect clients to once authenticated with the OAuthProxy

func (*OAuthProxy) GetRedirectURI 

func (p *OAuthProxy) GetRedirectURI(host string) string

GetRedirectURI returns the redirectURL that the upstream OAuth Provider will redirect clients to once authenticated

func (*OAuthProxy) IsValidRedirect 

func (p *OAuthProxy) IsValidRedirect(redirect string) bool

IsValidRedirect checks whether the redirect URL is whitelisted

func (*OAuthProxy) IsWhitelistedPath 

func (p *OAuthProxy) IsWhitelistedPath(path string) bool

IsWhitelistedPath is used to check if the request path is allowed without auth

func (*OAuthProxy) IsWhitelistedRequest 

func (p *OAuthProxy) IsWhitelistedRequest(req *http.Request) bool

IsWhitelistedRequest is used to check if auth should be skipped for this request

func (*OAuthProxy) LoadCookiedSession 

func (p *OAuthProxy) LoadCookiedSession(req *http.Request) (*sessionsapi.SessionState, error)

LoadCookiedSession reads the user's authentication details from the request

func (*OAuthProxy) MakeCSRFCookie 

func (p *OAuthProxy) MakeCSRFCookie(req *http.Request, value string, expiration time.Duration, now time.Time) *http.Cookie

MakeCSRFCookie creates a cookie for CSRF

func (*OAuthProxy) OAuthCallback 

func (p *OAuthProxy) OAuthCallback(rw http.ResponseWriter, req *http.Request)

OAuthCallback is the OAuth2 authentication flow callback that finishes the OAuth2 authentication flow

func (*OAuthProxy) OAuthStart 

func (p *OAuthProxy) OAuthStart(rw http.ResponseWriter, req *http.Request)

OAuthStart starts the OAuth2 authentication flow

func (*OAuthProxy) Proxy 

func (p *OAuthProxy) Proxy(rw http.ResponseWriter, req *http.Request)

Proxy proxies the user request if the user is authenticated else it prompts them to authenticate

func (*OAuthProxy) RobotsTxt 

func (p *OAuthProxy) RobotsTxt(rw http.ResponseWriter)

RobotsTxt disallows scraping pages from the OAuthProxy

func (*OAuthProxy) SaveSession 

func (p *OAuthProxy) SaveSession(rw http.ResponseWriter, req *http.Request, s *sessionsapi.SessionState) error

SaveSession creates a new session cookie value and sets this on the response

func (*OAuthProxy) ServeHTTP 

func (p *OAuthProxy) ServeHTTP(rw http.ResponseWriter, req *http.Request)

func (*OAuthProxy) SetCSRFCookie 

func (p *OAuthProxy) SetCSRFCookie(rw http.ResponseWriter, req *http.Request, val string)

SetCSRFCookie adds a CSRF cookie to the response

func (*OAuthProxy) SignOut 

func (p *OAuthProxy) SignOut(rw http.ResponseWriter, req *http.Request)

SignOut sends a response to clear the authentication cookie

func (*OAuthProxy) SkipAuthProxy 

func (p *OAuthProxy) SkipAuthProxy(rw http.ResponseWriter, req *http.Request)

SkipAuthProxy proxies whitelisted requests and skips authentication

func (*OAuthProxy) UserInfo 

func (p *OAuthProxy) UserInfo(rw http.ResponseWriter, req *http.Request)

UserInfo endpoint outputs session email and preferred username in JSON format

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.