server

Documentation

Index

• Constants
• Variables
• func NewMetrics(namespace, subsystem string, constLabels prometheus.Labels, buckets ...float64) metrics.RequestMetrics
• type Auth
• type Configuration
  • func GetConfiguration(f *flag.FlagSet, args ...string) (Configuration, error)
• type Domain
  • func NewDomain(domain string) (Domain, error)
  • func (d Domain) Matches(u *url.URL) bool
• type Server
  • func New(ctx context.Context, config Configuration, metrics metrics.RequestMetrics, ...) Server
• type Session
• type Whitelist
  • func NewWhitelist(emails []string) (Whitelist, error)
  • func (w *Whitelist) Add(s ...string) error
  • func (w *Whitelist) Match(email string) bool

Constants

const OAUTHPath = "/_oauth"

Variables

var DefaultConfiguration = Configuration{
	Addr: ":8080",
	Session: Session{
		CookieName: "_traefik_simple_auth",
		Expiration: 30 * 24 * time.Hour,
	},
	Auth: Auth{
		Provider:   "google",
		IssuerURL:  "https://accounts.google.com",
		AuthPrefix: "auth",
	},
	CSRFConfiguration: csrf.Configuration{
		TTL:   10 * time.Minute,
		Redis: csrf.RedisConfiguration{Namespace: "github.com/clambin/traefik-simple-auth/state"},
	},
	Log:  flagger.DefaultLog,
	Prom: flagger.DefaultProm,
}

Functions

func NewMetrics

func NewMetrics(namespace, subsystem string, constLabels prometheus.Labels, buckets ...float64) metrics.RequestMetrics

Types

type Auth

type Auth struct {
	Provider     string `flagger.usage:"OAuth2 provider"`
	IssuerURL    string `flagger.name:"issuer-url" flagger.usage:"The Auth Issuer URL to use (only used when provider is oidc)"`
	ClientID     string `flagger.name:"client-id" flagger.usage:"OAuth2 Client ID"`
	ClientSecret string `flagger.name:"client-secret" flagger.usage:"OAuth2 Client Secret"`
	AuthPrefix   string `flagger.name:"auth-prefix" flagger.usage:"Prefix to construct the authRedirect URL from the domain"`
}

type Configuration

type Configuration struct {
	Whitelist Whitelist `flagger.skip:"true"`
	Auth
	flagger.Log
	flagger.Prom
	Session
	Addr              string             `flagger.usage:"The address to listen on for HTTP requests"`
	PProfAddr         string             `flagger.name:"pprof.addr" flagger.usage:"The address to listen on for Go pprof profiler (default: no pprof profiler)"`
	Domain            Domain             `flagger.skip:"true"`
	CSRFConfiguration csrf.Configuration `flagger.name:"csrf"`
}

func GetConfiguration

func GetConfiguration(f *flag.FlagSet, args ...string) (Configuration, error)

type Domain

type Domain string

A Domain groups a set of hostnames (e.g. .example.com covers www.example.com, www2.example.com, etc), that the authorizer should accept.

func NewDomain

func NewDomain(domain string) (Domain, error)

NewDomain returns a new Domain. If domain is not valid, an error is returned.

func (Domain) Matches

func (d Domain) Matches(u *url.URL) bool

Matches returns true if the url is part of the Domain.

type Server

type Server struct {
	http.Handler
	// contains filtered or unexported fields
}

func New

func New(ctx context.Context, config Configuration, metrics metrics.RequestMetrics, logger *slog.Logger) Server

New returns a new Server that handles traefik's forward-auth requests, and the associated authn flow. It panics if config.Provider is invalid.

type Session

type Session struct {
	CookieName string        `flagger.name:"cookie-name" flagger.usage:"The cookie name to use for authentication"`
	Secret     []byte        `flagger.skip:"true"`
	Expiration time.Duration `flagger.usage:"How long the session should remain valid"`
}

type Whitelist

type Whitelist map[string]struct{}

A Whitelist is a list of valid email addresses that the authorizer should accept.

func NewWhitelist

func NewWhitelist(emails []string) (Whitelist, error)

NewWhitelist creates a new Whitelist for the provided email addresses.

func (*Whitelist) Add

func (w *Whitelist) Add(s ...string) error

func (*Whitelist) Match

func (w *Whitelist) Match(email string) bool

Match returns true if the email address is on the whitelist, or if the whitelist is empty.