2012-12-11 01:59:23 +00:00
package main
import (
"flag"
2012-12-17 18:38:33 +00:00
"fmt"
2012-12-11 01:59:23 +00:00
"log"
"net"
"net/http"
2014-08-07 20:16:39 +00:00
"os"
2012-12-11 01:59:23 +00:00
"strings"
2014-11-08 18:26:55 +00:00
"time"
2012-12-11 01:59:23 +00:00
2014-11-09 19:51:10 +00:00
"github.com/BurntSushi/toml"
"github.com/mreiferson/go-options"
2012-12-11 01:59:23 +00:00
)
func main ( ) {
2014-11-09 19:51:10 +00:00
flagSet := flag . NewFlagSet ( "google_auth_proxy" , flag . ExitOnError )
googleAppsDomains := StringArray { }
upstreams := StringArray { }
config := flagSet . String ( "config" , "" , "path to config file" )
showVersion := flagSet . Bool ( "version" , false , "print version string" )
flagSet . String ( "http-address" , "127.0.0.1:4180" , "<addr>:<port> to listen on for HTTP clients" )
flagSet . String ( "redirect-url" , "" , "the OAuth Redirect URL. ie: \"https://internalapp.yourcompany.com/oauth2/callback\"" )
flagSet . Var ( & upstreams , "upstream" , "the http url(s) of the upstream endpoint. If multiple, routing is based on path" )
flagSet . Bool ( "pass-basic-auth" , true , "pass HTTP Basic Auth, X-Forwarded-User and X-Forwarded-Email information to upstream" )
flagSet . Var ( & googleAppsDomains , "google-apps-domain" , "authenticate against the given Google apps domain (may be given multiple times)" )
flagSet . String ( "client-id" , "" , "the Google OAuth Client ID: ie: \"123456.apps.googleusercontent.com\"" )
flagSet . String ( "client-secret" , "" , "the OAuth Client Secret" )
flagSet . String ( "authenticated-emails-file" , "" , "authenticate against emails via file (one per line)" )
flagSet . String ( "htpasswd-file" , "" , "additionally authenticate against a htpasswd file. Entries must be created with \"htpasswd -s\" for SHA encryption" )
2013-07-30 21:31:59 +00:00
2014-11-09 19:51:10 +00:00
flagSet . String ( "cookie-secret" , "" , "the seed string for secure cookies" )
2014-11-10 02:07:02 +00:00
flagSet . String ( "cookie-domain" , "" , "an optional cookie domain to force cookies to (ie: .yourcompany.com)*" )
2014-11-09 19:51:10 +00:00
flagSet . Duration ( "cookie-expire" , time . Duration ( 168 ) * time . Hour , "expire timeframe for cookie" )
2014-11-10 03:21:46 +00:00
flagSet . Bool ( "cookie-https-only" , true , "set HTTPS only cookie" )
2014-11-09 19:51:10 +00:00
flagSet . Parse ( os . Args [ 1 : ] )
2014-11-10 02:07:02 +00:00
if * showVersion {
fmt . Printf ( "google_auth_proxy v%s\n" , VERSION )
return
}
2014-11-09 19:51:10 +00:00
opts := NewOptions ( )
2014-11-15 04:06:07 +00:00
cfg := make ( EnvOptions )
2014-11-09 19:51:10 +00:00
if * config != "" {
_ , err := toml . DecodeFile ( * config , & cfg )
if err != nil {
log . Fatalf ( "ERROR: failed to load config file %s - %s" , * config , err )
}
}
2014-11-15 04:06:07 +00:00
cfg . LoadEnvForStruct ( opts )
2014-11-09 19:51:10 +00:00
options . Resolve ( opts , flagSet , cfg )
2012-12-11 01:59:23 +00:00
2014-11-09 19:51:10 +00:00
err := opts . Validate ( )
2012-12-11 01:59:23 +00:00
if err != nil {
2014-11-09 19:51:10 +00:00
log . Printf ( "%s" , err )
os . Exit ( 1 )
2012-12-11 01:59:23 +00:00
}
2014-11-09 19:51:10 +00:00
validator := NewValidator ( opts . GoogleAppsDomains , opts . AuthenticatedEmailsFile )
oauthproxy := NewOauthProxy ( opts , validator )
if len ( opts . GoogleAppsDomains ) != 0 && opts . AuthenticatedEmailsFile == "" {
if len ( opts . GoogleAppsDomains ) > 1 {
oauthproxy . SignInMessage = fmt . Sprintf ( "Authenticate using one of the following domains: %v" , strings . Join ( opts . GoogleAppsDomains , ", " ) )
2014-11-09 05:26:52 +00:00
} else {
2014-11-09 19:51:10 +00:00
oauthproxy . SignInMessage = fmt . Sprintf ( "Authenticate using %v" , opts . GoogleAppsDomains [ 0 ] )
2014-11-09 05:26:52 +00:00
}
2012-12-11 01:59:23 +00:00
}
2014-11-09 19:51:10 +00:00
if opts . HtpasswdFile != "" {
2014-11-10 02:07:02 +00:00
log . Printf ( "using htpasswd file %s" , opts . HtpasswdFile )
2014-11-09 19:51:10 +00:00
oauthproxy . HtpasswdFile , err = NewHtpasswdFromFile ( opts . HtpasswdFile )
2012-12-17 18:38:33 +00:00
if err != nil {
2014-11-09 19:51:10 +00:00
log . Fatalf ( "FATAL: unable to open %s %s" , opts . HtpasswdFile , err )
2012-12-17 18:38:33 +00:00
}
2012-12-11 01:59:23 +00:00
}
2014-11-09 19:51:10 +00:00
listener , err := net . Listen ( "tcp" , opts . HttpAddress )
2012-12-11 01:59:23 +00:00
if err != nil {
2014-11-09 19:51:10 +00:00
log . Fatalf ( "FATAL: listen (%s) failed - %s" , opts . HttpAddress , err )
2012-12-11 01:59:23 +00:00
}
2014-11-09 19:51:10 +00:00
log . Printf ( "listening on %s" , opts . HttpAddress )
2012-12-11 01:59:23 +00:00
server := & http . Server { Handler : oauthproxy }
err = server . Serve ( listener )
if err != nil && ! strings . Contains ( err . Error ( ) , "use of closed network connection" ) {
2014-11-09 19:51:10 +00:00
log . Printf ( "ERROR: http.Serve() - %s" , err )
2012-12-11 01:59:23 +00:00
}
2014-11-09 19:51:10 +00:00
log . Printf ( "HTTP: closing %s" , listener . Addr ( ) )
2012-12-11 01:59:23 +00:00
}