oauth2

package
v0.2.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 27, 2020 License: Apache-2.0 Imports: 28 Imported by: 0

Documentation

Index

Constants

View Source 
const SignatureHeader = "GAP-Signature"

Variables

View Source 
var (
	ConnectionHeaderKey   = http.CanonicalHeaderKey("connection")
	SetCookieHeaderKey    = http.CanonicalHeaderKey("set-cookie")
	UpgradeHeaderKey      = http.CanonicalHeaderKey("upgrade")
	WSKeyHeaderKey        = http.CanonicalHeaderKey("sec-websocket-key")
	WSProtocolHeaderKey   = http.CanonicalHeaderKey("sec-websocket-protocol")
	WSVersionHeaderKey    = http.CanonicalHeaderKey("sec-websocket-version")
	WSExtensionsHeaderKey = http.CanonicalHeaderKey("sec-websocket-extensions")

	ConnectionHeaderValue = "Upgrade"
	UpgradeHeaderValue    = "websocket"

	HandshakeHeaders = []string{ConnectionHeaderKey, UpgradeHeaderKey, WSVersionHeaderKey, WSKeyHeaderKey, WSExtensionsHeaderKey}
	UpgradeHeaders   = []string{SetCookieHeaderKey, WSProtocolHeaderKey}
)
View Source 
var SignatureHeaders []string = []string{
	"Content-Length",
	"Content-Md5",
	"Content-Type",
	"Date",
	"Authorization",
	"X-Forwarded-User",
	"X-Forwarded-Email",
	"X-Forwarded-Access-Token",
	"Cookie",
	"Gap-Auth",
}

Functions

func NewFileServer 

func NewFileServer(path string, filesystemPath string) (proxy http.Handler)

func NewReverseProxy 

func NewReverseProxy(target *url.URL) (proxy *httputil.ReverseProxy)

func RequestUnparsedResponse 

func RequestUnparsedResponse(url string, header http.Header) (resp *http.Response, err error)

Types

type GitHubProvider 

type GitHubProvider struct {
	*ProviderData
	Org  string
	Team string
}

func NewGitHubProvider 

func NewGitHubProvider(p *ProviderData) *GitHubProvider

func (*GitHubProvider) GetEmailAddress 

func (p *GitHubProvider) GetEmailAddress(s *SessionState) (string, error)

func (*GitHubProvider) SetOrgTeam 

func (p *GitHubProvider) SetOrgTeam(org, team string)

type OAuthProxy 

type OAuthProxy struct {
	CookieSeed     string
	CookieName     string
	CSRFCookieName string
	CookieDomain   string
	CookieSecure   bool
	CookieHttpOnly bool
	CookieExpire   time.Duration
	CookieRefresh  time.Duration
	Validator      func(string) bool

	RobotsPath        string
	MetricsPath       string
	PingPath          string
	OAuthStartPath    string
	OAuthCallbackPath string

	ProxyPrefix   string
	SignInMessage string

	SetXAuthRequest    bool
	SkipProviderButton bool
	PassUserHeaders    bool
	PassAccessToken    bool
	CookieCipher       *cookie.Cipher

	Footer string
	TLS    []tls.Certificate
	// contains filtered or unexported fields
}

func NewOAuthProxy 

func NewOAuthProxy(opts *Options, validator func(string) bool) *OAuthProxy

func (*OAuthProxy) Authenticate 

func (p *OAuthProxy) Authenticate(rw http.ResponseWriter, req *http.Request) int

func (*OAuthProxy) ClearCSRFCookie 

func (p *OAuthProxy) ClearCSRFCookie(rw http.ResponseWriter, req *http.Request)

func (*OAuthProxy) ClearSessionCookie 

func (p *OAuthProxy) ClearSessionCookie(rw http.ResponseWriter, req *http.Request)

func (*OAuthProxy) ErrorPage 

func (p *OAuthProxy) ErrorPage(rw http.ResponseWriter, code int, title string, message string)

func (*OAuthProxy) GetRedirect 

func (p *OAuthProxy) GetRedirect(req *http.Request) (redirect string, err error)

func (*OAuthProxy) GetRedirectURI 

func (p *OAuthProxy) GetRedirectURI(host string) string

func (*OAuthProxy) IsWhitelistedPath 

func (p *OAuthProxy) IsWhitelistedPath(path string) (ok bool)

func (*OAuthProxy) IsWhitelistedRequest 

func (p *OAuthProxy) IsWhitelistedRequest(req *http.Request) (ok bool)

func (*OAuthProxy) LoadCookiedSession 

func (p *OAuthProxy) LoadCookiedSession(req *http.Request) (*SessionState, time.Duration, error)

func (*OAuthProxy) MakeCSRFCookie 

func (p *OAuthProxy) MakeCSRFCookie(req *http.Request, value string, expiration time.Duration, now time.Time) *http.Cookie

func (*OAuthProxy) MakeSessionCookie 

func (p *OAuthProxy) MakeSessionCookie(req *http.Request, value string, expiration time.Duration, now time.Time) *http.Cookie

func (*OAuthProxy) OAuthCallback 

func (p *OAuthProxy) OAuthCallback(rw http.ResponseWriter, req *http.Request)

func (*OAuthProxy) OAuthStart 

func (p *OAuthProxy) OAuthStart(rw http.ResponseWriter, req *http.Request)

func (*OAuthProxy) PingPage 

func (p *OAuthProxy) PingPage(rw http.ResponseWriter)

func (*OAuthProxy) Proxy 

func (p *OAuthProxy) Proxy(rw http.ResponseWriter, req *http.Request)

func (*OAuthProxy) RobotsTxt 

func (p *OAuthProxy) RobotsTxt(rw http.ResponseWriter)

func (*OAuthProxy) SaveSession 

func (p *OAuthProxy) SaveSession(rw http.ResponseWriter, req *http.Request, s *SessionState) error

func (*OAuthProxy) ServeHTTP 

func (p *OAuthProxy) ServeHTTP(rw http.ResponseWriter, req *http.Request)

func (*OAuthProxy) SetCSRFCookie 

func (p *OAuthProxy) SetCSRFCookie(rw http.ResponseWriter, req *http.Request, val string)

func (*OAuthProxy) SetSessionCookie 

func (p *OAuthProxy) SetSessionCookie(rw http.ResponseWriter, req *http.Request, val string)

type Options 

type Options struct {
	ProxyPrefix  string `flag:"proxy-prefix" cfg:"proxy-prefix"`
	HttpAddress  string `flag:"http-address" cfg:"http_address"`
	HttpsAddress string `flag:"https-address" cfg:"https_address"`
	RedirectURL  string `flag:"redirect-url" cfg:"redirect_url"`
	ClientID     string `flag:"client-id" cfg:"client_id" env:"OAUTH2_PROXY_CLIENT_ID"`
	ClientSecret string `flag:"client-secret" cfg:"client_secret" env:"OAUTH2_PROXY_CLIENT_SECRET"`
	TLSCertFile  string `flag:"tls-cert" cfg:"tls_cert_file"`
	TLSKeyFile   string `flag:"tls-key" cfg:"tls_key_file"`

	AuthenticatedEmailsFile  string   `flag:"authenticated-emails-file" cfg:"authenticated_emails_file"`
	AzureTenant              string   `flag:"azure-tenant" cfg:"azure_tenant"`
	EmailDomains             []string `flag:"email-domain" cfg:"email_domains"`
	GitHubOrg                string   `flag:"github-org" cfg:"github_org"`
	GitHubTeam               string   `flag:"github-team" cfg:"github_team"`
	GoogleGroups             []string `flag:"google-group" cfg:"google_group"`
	GoogleAdminEmail         string   `flag:"google-admin-email" cfg:"google_admin_email"`
	GoogleServiceAccountJSON string   `flag:"google-service-account-json" cfg:"google_service_account_json"`
	HtpasswdFile             string   `flag:"htpasswd-file" cfg:"htpasswd_file"`
	DisplayHtpasswdForm      bool     `flag:"display-htpasswd-form" cfg:"display_htpasswd_form"`
	CustomTemplatesDir       string   `flag:"custom-templates-dir" cfg:"custom_templates_dir"`
	Footer                   string   `flag:"footer" cfg:"footer"`

	CookieName     string        `flag:"cookie-name" cfg:"cookie_name" env:"OAUTH2_PROXY_COOKIE_NAME"`
	CookieSecret   string        `flag:"cookie-secret" cfg:"cookie_secret" env:"OAUTH2_PROXY_COOKIE_SECRET"`
	CookieDomain   string        `flag:"cookie-domain" cfg:"cookie_domain" env:"OAUTH2_PROXY_COOKIE_DOMAIN"`
	CookieExpire   time.Duration `flag:"cookie-expire" cfg:"cookie_expire" env:"OAUTH2_PROXY_COOKIE_EXPIRE"`
	CookieRefresh  time.Duration `flag:"cookie-refresh" cfg:"cookie_refresh" env:"OAUTH2_PROXY_COOKIE_REFRESH"`
	CookieSecure   bool          `flag:"cookie-secure" cfg:"cookie_secure"`
	CookieHttpOnly bool          `flag:"cookie-httponly" cfg:"cookie_httponly"`

	Upstreams             []string `flag:"upstream" cfg:"upstreams"`
	SkipAuthRegex         []string `flag:"skip-auth-regex" cfg:"skip_auth_regex"`
	PassBasicAuth         bool     `flag:"pass-basic-auth" cfg:"pass_basic_auth"`
	BasicAuthPassword     string   `flag:"basic-auth-password" cfg:"basic_auth_password"`
	PassAccessToken       bool     `flag:"pass-access-token" cfg:"pass_access_token"`
	PassHostHeader        bool     `flag:"pass-host-header" cfg:"pass_host_header"`
	SkipProviderButton    bool     `flag:"skip-provider-button" cfg:"skip_provider_button"`
	PassUserHeaders       bool     `flag:"pass-user-headers" cfg:"pass_user_headers"`
	SSLInsecureSkipVerify bool     `flag:"ssl-insecure-skip-verify" cfg:"ssl_insecure_skip_verify"`
	SetXAuthRequest       bool     `flag:"set-xauthrequest" cfg:"set_xauthrequest"`
	SkipAuthPreflight     bool     `flag:"skip-auth-preflight" cfg:"skip_auth_preflight"`

	// These options allow for other providers besides Google, with
	// potential overrides.
	Provider          string `flag:"provider" cfg:"provider"`
	LoginURL          string `flag:"login-url" cfg:"login_url"`
	RedeemURL         string `flag:"redeem-url" cfg:"redeem_url"`
	ProfileURL        string `flag:"profile-url" cfg:"profile_url"`
	ProtectedResource string `flag:"resource" cfg:"resource"`
	ValidateURL       string `flag:"validate-url" cfg:"validate_url"`
	JWTKeysURL        string `flag:"jwt-keys-url" cfg:"jwt_keys_url"`
	Scope             string `flag:"scope" cfg:"scope"`
	ApprovalPrompt    string `flag:"approval-prompt" cfg:"approval_prompt"`

	RequestLogging bool `flag:"request-logging" cfg:"request_logging"`

	SignatureKey string `flag:"signature-key" cfg:"signature_key" env:"OAUTH2_PROXY_SIGNATURE_KEY"`

	CompiledRegex []*regexp.Regexp
	// contains filtered or unexported fields
}

Configuration Options that can be set by Command Line Flag, or Config File

func NewOptions 

func NewOptions() *Options

func (*Options) Validate 

func (o *Options) Validate() error

type Provider 

type Provider interface {
	Data() *ProviderData
	GetEmailAddress(*SessionState) (string, error)
	Redeem(string, string) (*SessionState, error)
	ValidateGroup(string) bool
	ValidateSessionState(*SessionState) bool
	GetLoginURL(redirectURI, finalRedirect string) string
	RefreshSessionIfNeeded(*SessionState) (bool, error)
	SessionFromCookie(string, *cookie.Cipher) (*SessionState, error)
	CookieForSession(*SessionState, *cookie.Cipher) (string, error)
}

type ProviderData 

type ProviderData struct {
	ProviderName      string
	ClientID          string
	ClientSecret      string
	LoginURL          *url.URL
	RedeemURL         *url.URL
	ProfileURL        *url.URL
	ProtectedResource *url.URL
	ValidateURL       *url.URL
	Scope             string
	ApprovalPrompt    string
	JWTKeysURL        *url.URL
}

func (*ProviderData) CookieForSession 

func (p *ProviderData) CookieForSession(s *SessionState, c *cookie.Cipher) (string, error)

CookieForSession serializes a session state for storage in a cookie

func (*ProviderData) Data 

func (p *ProviderData) Data() *ProviderData

func (*ProviderData) GetEmailAddress 

func (p *ProviderData) GetEmailAddress(s *SessionState) (string, error)

func (*ProviderData) GetLoginURL 

func (p *ProviderData) GetLoginURL(redirectURI, state string) string

GetLoginURL with typical oauth parameters

func (*ProviderData) Redeem 

func (p *ProviderData) Redeem(redirectURL, code string) (s *SessionState, err error)

func (*ProviderData) RefreshSessionIfNeeded 

func (p *ProviderData) RefreshSessionIfNeeded(s *SessionState) (bool, error)

RefreshSessionIfNeeded

func (*ProviderData) SessionFromCookie 

func (p *ProviderData) SessionFromCookie(v string, c *cookie.Cipher) (s *SessionState, err error)

SessionFromCookie deserializes a session from a cookie value

func (*ProviderData) ValidateGroup 

func (p *ProviderData) ValidateGroup(email string) bool

ValidateGroup validates that the provided email exists in the configured provider email group(s).

func (*ProviderData) ValidateSessionState 

func (p *ProviderData) ValidateSessionState(s *SessionState) bool

type SessionState 

type SessionState struct {
	AccessToken  string
	ExpiresOn    time.Time
	RefreshToken string
	Email        string
	User         string
}

func DecodeSessionState 

func DecodeSessionState(v string, c *cookie.Cipher) (s *SessionState, err error)

func (*SessionState) EncodeSessionState 

func (s *SessionState) EncodeSessionState(c *cookie.Cipher) (string, error)

func (*SessionState) EncryptedString 

func (s *SessionState) EncryptedString(c *cookie.Cipher) (string, error)

func (*SessionState) IsExpired 

func (s *SessionState) IsExpired() bool

func (*SessionState) String 

func (s *SessionState) String() string

type SignatureData 

type SignatureData struct {
	// contains filtered or unexported fields
}

type UpstreamProxy 

type UpstreamProxy struct {
	// contains filtered or unexported fields
}

func (*UpstreamProxy) ServeHTTP 

func (u *UpstreamProxy) ServeHTTP(w http.ResponseWriter, r *http.Request)

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.