oauth2_proxy/main.go

100 lines
3.4 KiB
Go
Raw Normal View History

2012-12-11 01:59:23 +00:00
package main
import (
"flag"
2012-12-17 18:38:33 +00:00
"fmt"
2012-12-11 01:59:23 +00:00
"log"
"net"
"net/http"
2014-08-07 20:16:39 +00:00
"os"
2012-12-11 01:59:23 +00:00
"strings"
"time"
2012-12-11 01:59:23 +00:00
2014-11-09 19:51:10 +00:00
"github.com/BurntSushi/toml"
"github.com/mreiferson/go-options"
2012-12-11 01:59:23 +00:00
)
func main() {
2014-11-09 19:51:10 +00:00
flagSet := flag.NewFlagSet("google_auth_proxy", flag.ExitOnError)
googleAppsDomains := StringArray{}
upstreams := StringArray{}
config := flagSet.String("config", "", "path to config file")
showVersion := flagSet.Bool("version", false, "print version string")
flagSet.String("http-address", "127.0.0.1:4180", "<addr>:<port> to listen on for HTTP clients")
flagSet.String("redirect-url", "", "the OAuth Redirect URL. ie: \"https://internalapp.yourcompany.com/oauth2/callback\"")
flagSet.Var(&upstreams, "upstream", "the http url(s) of the upstream endpoint. If multiple, routing is based on path")
flagSet.Bool("pass-basic-auth", true, "pass HTTP Basic Auth, X-Forwarded-User and X-Forwarded-Email information to upstream")
flagSet.Var(&googleAppsDomains, "google-apps-domain", "authenticate against the given Google apps domain (may be given multiple times)")
flagSet.String("client-id", "", "the Google OAuth Client ID: ie: \"123456.apps.googleusercontent.com\"")
flagSet.String("client-secret", "", "the OAuth Client Secret")
flagSet.String("authenticated-emails-file", "", "authenticate against emails via file (one per line)")
flagSet.String("htpasswd-file", "", "additionally authenticate against a htpasswd file. Entries must be created with \"htpasswd -s\" for SHA encryption")
2014-11-09 19:51:10 +00:00
flagSet.String("cookie-secret", "", "the seed string for secure cookies")
2014-11-10 02:07:02 +00:00
flagSet.String("cookie-domain", "", "an optional cookie domain to force cookies to (ie: .yourcompany.com)*")
2014-11-09 19:51:10 +00:00
flagSet.Duration("cookie-expire", time.Duration(168)*time.Hour, "expire timeframe for cookie")
flagSet.Bool("cookie-https-only", false, "set HTTPS only cookie")
flagSet.Parse(os.Args[1:])
2014-11-10 02:07:02 +00:00
if *showVersion {
fmt.Printf("google_auth_proxy v%s\n", VERSION)
return
}
2014-11-09 19:51:10 +00:00
opts := NewOptions()
var cfg map[string]interface{}
if *config != "" {
_, err := toml.DecodeFile(*config, &cfg)
if err != nil {
log.Fatalf("ERROR: failed to load config file %s - %s", *config, err)
}
}
2014-11-10 02:07:02 +00:00
LoadOptionsFromEnv(opts, cfg)
2014-11-09 19:51:10 +00:00
options.Resolve(opts, flagSet, cfg)
2012-12-11 01:59:23 +00:00
2014-11-09 19:51:10 +00:00
err := opts.Validate()
2012-12-11 01:59:23 +00:00
if err != nil {
2014-11-09 19:51:10 +00:00
log.Printf("%s", err)
os.Exit(1)
2012-12-11 01:59:23 +00:00
}
2014-11-09 19:51:10 +00:00
validator := NewValidator(opts.GoogleAppsDomains, opts.AuthenticatedEmailsFile)
oauthproxy := NewOauthProxy(opts, validator)
if len(opts.GoogleAppsDomains) != 0 && opts.AuthenticatedEmailsFile == "" {
if len(opts.GoogleAppsDomains) > 1 {
oauthproxy.SignInMessage = fmt.Sprintf("Authenticate using one of the following domains: %v", strings.Join(opts.GoogleAppsDomains, ", "))
2014-11-09 05:26:52 +00:00
} else {
2014-11-09 19:51:10 +00:00
oauthproxy.SignInMessage = fmt.Sprintf("Authenticate using %v", opts.GoogleAppsDomains[0])
2014-11-09 05:26:52 +00:00
}
2012-12-11 01:59:23 +00:00
}
2014-11-09 19:51:10 +00:00
if opts.HtpasswdFile != "" {
2014-11-10 02:07:02 +00:00
log.Printf("using htpasswd file %s", opts.HtpasswdFile)
2014-11-09 19:51:10 +00:00
oauthproxy.HtpasswdFile, err = NewHtpasswdFromFile(opts.HtpasswdFile)
2012-12-17 18:38:33 +00:00
if err != nil {
2014-11-09 19:51:10 +00:00
log.Fatalf("FATAL: unable to open %s %s", opts.HtpasswdFile, err)
2012-12-17 18:38:33 +00:00
}
2012-12-11 01:59:23 +00:00
}
2014-11-09 19:51:10 +00:00
listener, err := net.Listen("tcp", opts.HttpAddress)
2012-12-11 01:59:23 +00:00
if err != nil {
2014-11-09 19:51:10 +00:00
log.Fatalf("FATAL: listen (%s) failed - %s", opts.HttpAddress, err)
2012-12-11 01:59:23 +00:00
}
2014-11-09 19:51:10 +00:00
log.Printf("listening on %s", opts.HttpAddress)
2012-12-11 01:59:23 +00:00
server := &http.Server{Handler: oauthproxy}
err = server.Serve(listener)
if err != nil && !strings.Contains(err.Error(), "use of closed network connection") {
2014-11-09 19:51:10 +00:00
log.Printf("ERROR: http.Serve() - %s", err)
2012-12-11 01:59:23 +00:00
}
2014-11-09 19:51:10 +00:00
log.Printf("HTTP: closing %s", listener.Addr())
2012-12-11 01:59:23 +00:00
}