Allow specifying multiple google apps domains.
This commit is contained in:
parent
7d0a8231cc
commit
964929a56d
9
main.go
9
main.go
@ -23,12 +23,13 @@ var (
|
|||||||
htpasswdFile = flag.String("htpasswd-file", "", "additionally authenticate against a htpasswd file. Entries must be created with \"htpasswd -s\" for SHA encryption")
|
htpasswdFile = flag.String("htpasswd-file", "", "additionally authenticate against a htpasswd file. Entries must be created with \"htpasswd -s\" for SHA encryption")
|
||||||
cookieSecret = flag.String("cookie-secret", "", "the seed string for secure cookies")
|
cookieSecret = flag.String("cookie-secret", "", "the seed string for secure cookies")
|
||||||
cookieDomain = flag.String("cookie-domain", "", "an optional cookie domain to force cookies to")
|
cookieDomain = flag.String("cookie-domain", "", "an optional cookie domain to force cookies to")
|
||||||
googleAppsDomain = flag.String("google-apps-domain", "", "authenticate against the given google apps domain")
|
|
||||||
authenticatedEmailsFile = flag.String("authenticated-emails-file", "", "authenticate against emails via file (one per line)")
|
authenticatedEmailsFile = flag.String("authenticated-emails-file", "", "authenticate against emails via file (one per line)")
|
||||||
|
googleAppsDomains = StringArray{}
|
||||||
upstreams = StringArray{}
|
upstreams = StringArray{}
|
||||||
)
|
)
|
||||||
|
|
||||||
func init() {
|
func init() {
|
||||||
|
flag.Var(&googleAppsDomains, "google-apps-domain", "authenticate against the given google apps domain (may be given multiple times)")
|
||||||
flag.Var(&upstreams, "upstream", "the http url(s) of the upstream endpoint. If multiple, routing is based on path")
|
flag.Var(&upstreams, "upstream", "the http url(s) of the upstream endpoint. If multiple, routing is based on path")
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -78,11 +79,11 @@ func main() {
|
|||||||
log.Fatalf("error parsing --redirect-url %s", err.Error())
|
log.Fatalf("error parsing --redirect-url %s", err.Error())
|
||||||
}
|
}
|
||||||
|
|
||||||
validator := NewValidator(*googleAppsDomain, *authenticatedEmailsFile)
|
validator := NewValidator(googleAppsDomains, *authenticatedEmailsFile)
|
||||||
oauthproxy := NewOauthProxy(upstreamUrls, *clientID, *clientSecret, validator)
|
oauthproxy := NewOauthProxy(upstreamUrls, *clientID, *clientSecret, validator)
|
||||||
oauthproxy.SetRedirectUrl(redirectUrl)
|
oauthproxy.SetRedirectUrl(redirectUrl)
|
||||||
if *googleAppsDomain != "" && *authenticatedEmailsFile == "" {
|
if len(googleAppsDomains) != 0 && *authenticatedEmailsFile == "" {
|
||||||
oauthproxy.SignInMessage = fmt.Sprintf("using a %s email address", *googleAppsDomain)
|
oauthproxy.SignInMessage = fmt.Sprintf("using a email address from the following domains: %v", strings.Join(googleAppsDomains, ", "))
|
||||||
}
|
}
|
||||||
if *htpasswdFile != "" {
|
if *htpasswdFile != "" {
|
||||||
oauthproxy.HtpasswdFile, err = NewHtpasswdFromFile(*htpasswdFile)
|
oauthproxy.HtpasswdFile, err = NewHtpasswdFromFile(*htpasswdFile)
|
||||||
|
14
validator.go
14
validator.go
@ -8,13 +8,8 @@ import (
|
|||||||
"strings"
|
"strings"
|
||||||
)
|
)
|
||||||
|
|
||||||
func NewValidator(domain string, usersFile string) func(string) bool {
|
func NewValidator(domains []string, usersFile string) func(string) bool {
|
||||||
|
|
||||||
validUsers := make(map[string]bool)
|
validUsers := make(map[string]bool)
|
||||||
emailSuffix := ""
|
|
||||||
if domain != "" {
|
|
||||||
emailSuffix = fmt.Sprintf("@%s", domain)
|
|
||||||
}
|
|
||||||
|
|
||||||
if usersFile != "" {
|
if usersFile != "" {
|
||||||
r, err := os.Open(usersFile)
|
r, err := os.Open(usersFile)
|
||||||
@ -32,9 +27,10 @@ func NewValidator(domain string, usersFile string) func(string) bool {
|
|||||||
}
|
}
|
||||||
|
|
||||||
validator := func(email string) bool {
|
validator := func(email string) bool {
|
||||||
var valid bool
|
valid := false
|
||||||
if emailSuffix != "" {
|
for _, domain := range domains {
|
||||||
valid = strings.HasSuffix(email, emailSuffix)
|
emailSuffix := fmt.Sprintf("@%s", domain)
|
||||||
|
valid = valid || strings.HasSuffix(email, emailSuffix)
|
||||||
}
|
}
|
||||||
if !valid {
|
if !valid {
|
||||||
_, valid = validUsers[email]
|
_, valid = validUsers[email]
|
||||||
|
Loading…
Reference in New Issue
Block a user