Merge pull request #50 from vishnuchilamakuru/master

Support for multi white listed urls with regex url match.
2015-01-12 08:51:05 -05:00 · 2015-01-12 08:51:05 -05:00 · 9d264f304f
commit 9d264f304f
parent 73953259da c4d25d271f
3 changed files with 31 additions and 0 deletions
--- a/main.go
+++ b/main.go
@ -19,6 +19,7 @@ func main() {

 	googleAppsDomains := StringArray{}
 	upstreams := StringArray{}
+	skipAuthRegex := StringArray{}

 	config := flagSet.String("config", "", "path to config file")
 	showVersion := flagSet.Bool("version", false, "print version string")
@ -27,6 +28,7 @@ func main() {
 	flagSet.String("redirect-url", "", "the OAuth Redirect URL. ie: \"https://internalapp.yourcompany.com/oauth2/callback\"")
 	flagSet.Var(&upstreams, "upstream", "the http url(s) of the upstream endpoint. If multiple, routing is based on path")
 	flagSet.Bool("pass-basic-auth", true, "pass HTTP Basic Auth, X-Forwarded-User and X-Forwarded-Email information to upstream")
+	flagSet.Var(&skipAuthRegex, "skip-auth-regex", "bypass authentication for requests path's that match (may be given multiple times)")

 	flagSet.Var(&googleAppsDomains, "google-apps-domain", "authenticate against the given Google apps domain (may be given multiple times)")
 	flagSet.String("client-id", "", "the Google OAuth Client ID: ie: \"123456.apps.googleusercontent.com\"")
--- a/oauthproxy.go
+++ b/oauthproxy.go
@ -12,6 +12,7 @@ import (
 	"net/url"
 	"strings"
 	"time"
+	"regexp"

 	"github.com/bitly/go-simplejson"
 )
@ -40,6 +41,8 @@ type OauthProxy struct {
 	DisplayHtpasswdForm bool
 	serveMux            *http.ServeMux
 	PassBasicAuth       bool
+	skipAuthRegex       []string
+	compiledRegex       []*regexp.Regexp
 }

 func NewOauthProxy(opts *Options, validator func(string) bool) *OauthProxy {
@ -52,6 +55,10 @@ func NewOauthProxy(opts *Options, validator func(string) bool) *OauthProxy {
 		log.Printf("mapping path %q => upstream %q", path, u)
 		serveMux.Handle(path, httputil.NewSingleHostReverseProxy(u))
 	}
+	for _, u := range opts.CompiledRegex {
+		log.Printf("compiled skip-auth-regex => %q", u)
+	}
+
 	redirectUrl := opts.redirectUrl
 	redirectUrl.Path = oauthCallbackPath

@ -76,6 +83,8 @@ func NewOauthProxy(opts *Options, validator func(string) bool) *OauthProxy {
 		oauthLoginUrl:      login,
 		serveMux:           serveMux,
 		redirectUrl:        redirectUrl,
+		skipAuthRegex:      opts.SkipAuthRegex,
+		compiledRegex:      opts.CompiledRegex, 
 		PassBasicAuth:      opts.PassBasicAuth,
 	}
 }
@ -299,6 +308,15 @@ func (p *OauthProxy) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
 		return
 	}

+	for _, u := range p.compiledRegex {
+		match := u.MatchString(req.URL.Path)
+		if match {
+			p.serveMux.ServeHTTP(rw, req)
+			return
+		}
+
+	}
+
 	if req.URL.Path == signInPath {
 		redirect, err := p.GetRedirect(req)
 		if err != nil {
--- a/options.go
+++ b/options.go
@ -5,6 +5,7 @@ import (
 	"fmt"
 	"net/url"
 	"time"
+	"regexp"
 )

 // Configuration Options that can be set by Command Line Flag, or Config File
@ -23,10 +24,12 @@ type Options struct {
 	AuthenticatedEmailsFile string        `flag:"authenticated-emails-file" cfg:"authenticated_emails_file"`
 	GoogleAppsDomains       []string      `flag:"google-apps-domain" cfg:"google_apps_domains"`
 	Upstreams               []string      `flag:"upstream" cfg:"upstreams"`
+	SkipAuthRegex           []string      `flag:"skip-auth-regex" cfg:"skip_auth_regex"`

 	// internal values that are set after config validation
 	redirectUrl *url.URL
 	proxyUrls   []*url.URL
+	CompiledRegex []*regexp.Regexp
 }

 func NewOptions() *Options {
@ -70,5 +73,13 @@ func (o *Options) Validate() error {
 		o.proxyUrls = append(o.proxyUrls, upstreamUrl)
 	}

+	for _, u := range o.SkipAuthRegex {
+		CompiledRegex, err := regexp.Compile(u)
+		if err != nil {
+			return fmt.Errorf("error compiling regex=%q %s", u, err)
+		}
+		o.CompiledRegex = append(o.CompiledRegex, CompiledRegex)
+	}
+
 	return nil
 }