Documentation ¶
Index ¶
- Constants
- Variables
- func NewFileServer(path string, filesystemPath string) (proxy http.Handler)
- func NewReverseProxy(target *url.URL) (proxy *httputil.ReverseProxy)
- func RequestUnparsedResponse(url string, header http.Header) (resp *http.Response, err error)
- type GitHubProvider
- type OAuthProxy
- func (p *OAuthProxy) Authenticate(rw http.ResponseWriter, req *http.Request) int
- func (p *OAuthProxy) ClearCSRFCookie(rw http.ResponseWriter, req *http.Request)
- func (p *OAuthProxy) ClearSessionCookie(rw http.ResponseWriter, req *http.Request)
- func (p *OAuthProxy) ErrorPage(rw http.ResponseWriter, code int, title string, message string)
- func (p *OAuthProxy) GetRedirect(req *http.Request) (redirect string, err error)
- func (p *OAuthProxy) GetRedirectURI(host string) string
- func (p *OAuthProxy) IsWhitelistedPath(path string) (ok bool)
- func (p *OAuthProxy) IsWhitelistedRequest(req *http.Request) (ok bool)
- func (p *OAuthProxy) LoadCookiedSession(req *http.Request) (*SessionState, time.Duration, error)
- func (p *OAuthProxy) MakeCSRFCookie(req *http.Request, value string, expiration time.Duration, now time.Time) *http.Cookie
- func (p *OAuthProxy) MakeSessionCookie(req *http.Request, value string, expiration time.Duration, now time.Time) *http.Cookie
- func (p *OAuthProxy) OAuthCallback(rw http.ResponseWriter, req *http.Request)
- func (p *OAuthProxy) OAuthStart(rw http.ResponseWriter, req *http.Request)
- func (p *OAuthProxy) PingPage(rw http.ResponseWriter)
- func (p *OAuthProxy) Proxy(rw http.ResponseWriter, req *http.Request)
- func (p *OAuthProxy) RobotsTxt(rw http.ResponseWriter)
- func (p *OAuthProxy) SaveSession(rw http.ResponseWriter, req *http.Request, s *SessionState) error
- func (p *OAuthProxy) ServeHTTP(rw http.ResponseWriter, req *http.Request)
- func (p *OAuthProxy) SetCSRFCookie(rw http.ResponseWriter, req *http.Request, val string)
- func (p *OAuthProxy) SetSessionCookie(rw http.ResponseWriter, req *http.Request, val string)
- type Options
- type Provider
- type ProviderData
- func (p *ProviderData) CookieForSession(s *SessionState, c *cookie.Cipher) (string, error)
- func (p *ProviderData) Data() *ProviderData
- func (p *ProviderData) GetEmailAddress(s *SessionState) (string, error)
- func (p *ProviderData) GetLoginURL(redirectURI, state string) string
- func (p *ProviderData) Redeem(redirectURL, code string) (s *SessionState, err error)
- func (p *ProviderData) RefreshSessionIfNeeded(s *SessionState) (bool, error)
- func (p *ProviderData) SessionFromCookie(v string, c *cookie.Cipher) (s *SessionState, err error)
- func (p *ProviderData) ValidateGroup(email string) bool
- func (p *ProviderData) ValidateSessionState(s *SessionState) bool
- type SessionState
- type SignatureData
- type UpstreamProxy
Constants ¶
View Source
const SignatureHeader = "GAP-Signature"
Variables ¶
View Source
var ( ConnectionHeaderKey = http.CanonicalHeaderKey("connection") SetCookieHeaderKey = http.CanonicalHeaderKey("set-cookie") UpgradeHeaderKey = http.CanonicalHeaderKey("upgrade") WSKeyHeaderKey = http.CanonicalHeaderKey("sec-websocket-key") WSProtocolHeaderKey = http.CanonicalHeaderKey("sec-websocket-protocol") WSVersionHeaderKey = http.CanonicalHeaderKey("sec-websocket-version") WSExtensionsHeaderKey = http.CanonicalHeaderKey("sec-websocket-extensions") ConnectionHeaderValue = "Upgrade" UpgradeHeaderValue = "websocket" HandshakeHeaders = []string{ConnectionHeaderKey, UpgradeHeaderKey, WSVersionHeaderKey, WSKeyHeaderKey, WSExtensionsHeaderKey} UpgradeHeaders = []string{SetCookieHeaderKey, WSProtocolHeaderKey} )
View Source
var SignatureHeaders []string = []string{
"Content-Length",
"Content-Md5",
"Content-Type",
"Date",
"Authorization",
"X-Forwarded-User",
"X-Forwarded-Email",
"X-Forwarded-Access-Token",
"Cookie",
"Gap-Auth",
}
Functions ¶
func NewReverseProxy ¶
func NewReverseProxy(target *url.URL) (proxy *httputil.ReverseProxy)
Types ¶
type GitHubProvider ¶
type GitHubProvider struct { *ProviderData Org string Team string }
func NewGitHubProvider ¶
func NewGitHubProvider(p *ProviderData) *GitHubProvider
func (*GitHubProvider) GetEmailAddress ¶
func (p *GitHubProvider) GetEmailAddress(s *SessionState) (string, error)
func (*GitHubProvider) SetOrgTeam ¶
func (p *GitHubProvider) SetOrgTeam(org, team string)
type OAuthProxy ¶
type OAuthProxy struct { CookieSeed string CookieName string CSRFCookieName string CookieDomain string CookieSecure bool CookieHttpOnly bool CookieExpire time.Duration CookieRefresh time.Duration Validator func(string) bool RobotsPath string MetricsPath string PingPath string OAuthStartPath string OAuthCallbackPath string ProxyPrefix string SignInMessage string SetXAuthRequest bool SkipProviderButton bool PassUserHeaders bool PassAccessToken bool CookieCipher *cookie.Cipher TLS []tls.Certificate // contains filtered or unexported fields }
func NewOAuthProxy ¶
func NewOAuthProxy(opts *Options, validator func(string) bool) *OAuthProxy
func (*OAuthProxy) Authenticate ¶
func (p *OAuthProxy) Authenticate(rw http.ResponseWriter, req *http.Request) int
func (*OAuthProxy) ClearCSRFCookie ¶
func (p *OAuthProxy) ClearCSRFCookie(rw http.ResponseWriter, req *http.Request)
func (*OAuthProxy) ClearSessionCookie ¶
func (p *OAuthProxy) ClearSessionCookie(rw http.ResponseWriter, req *http.Request)
func (*OAuthProxy) ErrorPage ¶
func (p *OAuthProxy) ErrorPage(rw http.ResponseWriter, code int, title string, message string)
func (*OAuthProxy) GetRedirect ¶
func (p *OAuthProxy) GetRedirect(req *http.Request) (redirect string, err error)
func (*OAuthProxy) GetRedirectURI ¶
func (p *OAuthProxy) GetRedirectURI(host string) string
func (*OAuthProxy) IsWhitelistedPath ¶
func (p *OAuthProxy) IsWhitelistedPath(path string) (ok bool)
func (*OAuthProxy) IsWhitelistedRequest ¶
func (p *OAuthProxy) IsWhitelistedRequest(req *http.Request) (ok bool)
func (*OAuthProxy) LoadCookiedSession ¶
func (p *OAuthProxy) LoadCookiedSession(req *http.Request) (*SessionState, time.Duration, error)
func (*OAuthProxy) MakeCSRFCookie ¶
func (*OAuthProxy) MakeSessionCookie ¶
func (*OAuthProxy) OAuthCallback ¶
func (p *OAuthProxy) OAuthCallback(rw http.ResponseWriter, req *http.Request)
func (*OAuthProxy) OAuthStart ¶
func (p *OAuthProxy) OAuthStart(rw http.ResponseWriter, req *http.Request)
func (*OAuthProxy) PingPage ¶
func (p *OAuthProxy) PingPage(rw http.ResponseWriter)
func (*OAuthProxy) Proxy ¶
func (p *OAuthProxy) Proxy(rw http.ResponseWriter, req *http.Request)
func (*OAuthProxy) RobotsTxt ¶
func (p *OAuthProxy) RobotsTxt(rw http.ResponseWriter)
func (*OAuthProxy) SaveSession ¶
func (p *OAuthProxy) SaveSession(rw http.ResponseWriter, req *http.Request, s *SessionState) error
func (*OAuthProxy) ServeHTTP ¶
func (p *OAuthProxy) ServeHTTP(rw http.ResponseWriter, req *http.Request)
func (*OAuthProxy) SetCSRFCookie ¶
func (p *OAuthProxy) SetCSRFCookie(rw http.ResponseWriter, req *http.Request, val string)
func (*OAuthProxy) SetSessionCookie ¶
func (p *OAuthProxy) SetSessionCookie(rw http.ResponseWriter, req *http.Request, val string)
type Options ¶
type Options struct { ProxyPrefix string `flag:"proxy-prefix" cfg:"proxy-prefix"` HttpAddress string `flag:"http-address" cfg:"http_address"` HttpsAddress string `flag:"https-address" cfg:"https_address"` RedirectURL string `flag:"redirect-url" cfg:"redirect_url"` ClientID string `flag:"client-id" cfg:"client_id" env:"OAUTH2_PROXY_CLIENT_ID"` ClientSecret string `flag:"client-secret" cfg:"client_secret" env:"OAUTH2_PROXY_CLIENT_SECRET"` TLSCertFile string `flag:"tls-cert" cfg:"tls_cert_file"` TLSKeyFile string `flag:"tls-key" cfg:"tls_key_file"` AuthenticatedEmailsFile string `flag:"authenticated-emails-file" cfg:"authenticated_emails_file"` AzureTenant string `flag:"azure-tenant" cfg:"azure_tenant"` EmailDomains []string `flag:"email-domain" cfg:"email_domains"` GitHubOrg string `flag:"github-org" cfg:"github_org"` GitHubTeam string `flag:"github-team" cfg:"github_team"` GoogleGroups []string `flag:"google-group" cfg:"google_group"` GoogleAdminEmail string `flag:"google-admin-email" cfg:"google_admin_email"` GoogleServiceAccountJSON string `flag:"google-service-account-json" cfg:"google_service_account_json"` HtpasswdFile string `flag:"htpasswd-file" cfg:"htpasswd_file"` DisplayHtpasswdForm bool `flag:"display-htpasswd-form" cfg:"display_htpasswd_form"` CustomTemplatesDir string `flag:"custom-templates-dir" cfg:"custom_templates_dir"` CookieName string `flag:"cookie-name" cfg:"cookie_name" env:"OAUTH2_PROXY_COOKIE_NAME"` CookieSecret string `flag:"cookie-secret" cfg:"cookie_secret" env:"OAUTH2_PROXY_COOKIE_SECRET"` CookieDomain string `flag:"cookie-domain" cfg:"cookie_domain" env:"OAUTH2_PROXY_COOKIE_DOMAIN"` CookieExpire time.Duration `flag:"cookie-expire" cfg:"cookie_expire" env:"OAUTH2_PROXY_COOKIE_EXPIRE"` CookieRefresh time.Duration `flag:"cookie-refresh" cfg:"cookie_refresh" env:"OAUTH2_PROXY_COOKIE_REFRESH"` CookieSecure bool `flag:"cookie-secure" cfg:"cookie_secure"` CookieHttpOnly bool `flag:"cookie-httponly" cfg:"cookie_httponly"` Upstreams []string `flag:"upstream" cfg:"upstreams"` SkipAuthRegex []string `flag:"skip-auth-regex" cfg:"skip_auth_regex"` PassBasicAuth bool `flag:"pass-basic-auth" cfg:"pass_basic_auth"` BasicAuthPassword string `flag:"basic-auth-password" cfg:"basic_auth_password"` PassAccessToken bool `flag:"pass-access-token" cfg:"pass_access_token"` PassHostHeader bool `flag:"pass-host-header" cfg:"pass_host_header"` SkipProviderButton bool `flag:"skip-provider-button" cfg:"skip_provider_button"` PassUserHeaders bool `flag:"pass-user-headers" cfg:"pass_user_headers"` SSLInsecureSkipVerify bool `flag:"ssl-insecure-skip-verify" cfg:"ssl_insecure_skip_verify"` SetXAuthRequest bool `flag:"set-xauthrequest" cfg:"set_xauthrequest"` SkipAuthPreflight bool `flag:"skip-auth-preflight" cfg:"skip_auth_preflight"` // These options allow for other providers besides Google, with // potential overrides. Provider string `flag:"provider" cfg:"provider"` LoginURL string `flag:"login-url" cfg:"login_url"` RedeemURL string `flag:"redeem-url" cfg:"redeem_url"` ProfileURL string `flag:"profile-url" cfg:"profile_url"` ProtectedResource string `flag:"resource" cfg:"resource"` ValidateURL string `flag:"validate-url" cfg:"validate_url"` JWTKeysURL string `flag:"jwt-keys-url" cfg:"jwt_keys_url"` Scope string `flag:"scope" cfg:"scope"` ApprovalPrompt string `flag:"approval-prompt" cfg:"approval_prompt"` RequestLogging bool `flag:"request-logging" cfg:"request_logging"` SignatureKey string `flag:"signature-key" cfg:"signature_key" env:"OAUTH2_PROXY_SIGNATURE_KEY"` CompiledRegex []*regexp.Regexp // contains filtered or unexported fields }
Configuration Options that can be set by Command Line Flag, or Config File
func NewOptions ¶
func NewOptions() *Options
type Provider ¶
type Provider interface { Data() *ProviderData GetEmailAddress(*SessionState) (string, error) Redeem(string, string) (*SessionState, error) ValidateGroup(string) bool ValidateSessionState(*SessionState) bool GetLoginURL(redirectURI, finalRedirect string) string RefreshSessionIfNeeded(*SessionState) (bool, error) SessionFromCookie(string, *cookie.Cipher) (*SessionState, error) CookieForSession(*SessionState, *cookie.Cipher) (string, error) }
type ProviderData ¶
type ProviderData struct { ProviderName string ClientID string ClientSecret string LoginURL *url.URL RedeemURL *url.URL ProfileURL *url.URL ProtectedResource *url.URL ValidateURL *url.URL Scope string ApprovalPrompt string JWTKeysURL *url.URL }
func (*ProviderData) CookieForSession ¶
func (p *ProviderData) CookieForSession(s *SessionState, c *cookie.Cipher) (string, error)
CookieForSession serializes a session state for storage in a cookie
func (*ProviderData) Data ¶
func (p *ProviderData) Data() *ProviderData
func (*ProviderData) GetEmailAddress ¶
func (p *ProviderData) GetEmailAddress(s *SessionState) (string, error)
func (*ProviderData) GetLoginURL ¶
func (p *ProviderData) GetLoginURL(redirectURI, state string) string
GetLoginURL with typical oauth parameters
func (*ProviderData) Redeem ¶
func (p *ProviderData) Redeem(redirectURL, code string) (s *SessionState, err error)
func (*ProviderData) RefreshSessionIfNeeded ¶
func (p *ProviderData) RefreshSessionIfNeeded(s *SessionState) (bool, error)
RefreshSessionIfNeeded
func (*ProviderData) SessionFromCookie ¶
func (p *ProviderData) SessionFromCookie(v string, c *cookie.Cipher) (s *SessionState, err error)
SessionFromCookie deserializes a session from a cookie value
func (*ProviderData) ValidateGroup ¶
func (p *ProviderData) ValidateGroup(email string) bool
ValidateGroup validates that the provided email exists in the configured provider email group(s).
func (*ProviderData) ValidateSessionState ¶
func (p *ProviderData) ValidateSessionState(s *SessionState) bool
type SessionState ¶
type SessionState struct { AccessToken string ExpiresOn time.Time RefreshToken string Email string User string }
func DecodeSessionState ¶
func DecodeSessionState(v string, c *cookie.Cipher) (s *SessionState, err error)
func (*SessionState) EncodeSessionState ¶
func (s *SessionState) EncodeSessionState(c *cookie.Cipher) (string, error)
func (*SessionState) EncryptedString ¶
func (s *SessionState) EncryptedString(c *cookie.Cipher) (string, error)
func (*SessionState) IsExpired ¶
func (s *SessionState) IsExpired() bool
func (*SessionState) String ¶
func (s *SessionState) String() string
type SignatureData ¶
type SignatureData struct {
// contains filtered or unexported fields
}
type UpstreamProxy ¶
type UpstreamProxy struct {
// contains filtered or unexported fields
}
func (*UpstreamProxy) ServeHTTP ¶
func (u *UpstreamProxy) ServeHTTP(w http.ResponseWriter, r *http.Request)
Source Files ¶
Click to show internal directories.
Click to hide internal directories.