Adding Support for multi white listed urls with regex url match.
This commit is contained in:
parent
a80b93130c
commit
c4d25d271f
2
main.go
2
main.go
@ -19,6 +19,7 @@ func main() {
|
|||||||
|
|
||||||
googleAppsDomains := StringArray{}
|
googleAppsDomains := StringArray{}
|
||||||
upstreams := StringArray{}
|
upstreams := StringArray{}
|
||||||
|
skipAuthRegex := StringArray{}
|
||||||
|
|
||||||
config := flagSet.String("config", "", "path to config file")
|
config := flagSet.String("config", "", "path to config file")
|
||||||
showVersion := flagSet.Bool("version", false, "print version string")
|
showVersion := flagSet.Bool("version", false, "print version string")
|
||||||
@ -27,6 +28,7 @@ func main() {
|
|||||||
flagSet.String("redirect-url", "", "the OAuth Redirect URL. ie: \"https://internalapp.yourcompany.com/oauth2/callback\"")
|
flagSet.String("redirect-url", "", "the OAuth Redirect URL. ie: \"https://internalapp.yourcompany.com/oauth2/callback\"")
|
||||||
flagSet.Var(&upstreams, "upstream", "the http url(s) of the upstream endpoint. If multiple, routing is based on path")
|
flagSet.Var(&upstreams, "upstream", "the http url(s) of the upstream endpoint. If multiple, routing is based on path")
|
||||||
flagSet.Bool("pass-basic-auth", true, "pass HTTP Basic Auth, X-Forwarded-User and X-Forwarded-Email information to upstream")
|
flagSet.Bool("pass-basic-auth", true, "pass HTTP Basic Auth, X-Forwarded-User and X-Forwarded-Email information to upstream")
|
||||||
|
flagSet.Var(&skipAuthRegex, "skip-auth-regex", "bypass authentication for requests path's that match (may be given multiple times)")
|
||||||
|
|
||||||
flagSet.Var(&googleAppsDomains, "google-apps-domain", "authenticate against the given Google apps domain (may be given multiple times)")
|
flagSet.Var(&googleAppsDomains, "google-apps-domain", "authenticate against the given Google apps domain (may be given multiple times)")
|
||||||
flagSet.String("client-id", "", "the Google OAuth Client ID: ie: \"123456.apps.googleusercontent.com\"")
|
flagSet.String("client-id", "", "the Google OAuth Client ID: ie: \"123456.apps.googleusercontent.com\"")
|
||||||
|
@ -12,6 +12,7 @@ import (
|
|||||||
"net/url"
|
"net/url"
|
||||||
"strings"
|
"strings"
|
||||||
"time"
|
"time"
|
||||||
|
"regexp"
|
||||||
|
|
||||||
"github.com/bitly/go-simplejson"
|
"github.com/bitly/go-simplejson"
|
||||||
)
|
)
|
||||||
@ -40,6 +41,8 @@ type OauthProxy struct {
|
|||||||
DisplayHtpasswdForm bool
|
DisplayHtpasswdForm bool
|
||||||
serveMux *http.ServeMux
|
serveMux *http.ServeMux
|
||||||
PassBasicAuth bool
|
PassBasicAuth bool
|
||||||
|
skipAuthRegex []string
|
||||||
|
compiledRegex []*regexp.Regexp
|
||||||
}
|
}
|
||||||
|
|
||||||
func NewOauthProxy(opts *Options, validator func(string) bool) *OauthProxy {
|
func NewOauthProxy(opts *Options, validator func(string) bool) *OauthProxy {
|
||||||
@ -52,6 +55,10 @@ func NewOauthProxy(opts *Options, validator func(string) bool) *OauthProxy {
|
|||||||
log.Printf("mapping path %q => upstream %q", path, u)
|
log.Printf("mapping path %q => upstream %q", path, u)
|
||||||
serveMux.Handle(path, httputil.NewSingleHostReverseProxy(u))
|
serveMux.Handle(path, httputil.NewSingleHostReverseProxy(u))
|
||||||
}
|
}
|
||||||
|
for _, u := range opts.CompiledRegex {
|
||||||
|
log.Printf("compiled skip-auth-regex => %q", u)
|
||||||
|
}
|
||||||
|
|
||||||
redirectUrl := opts.redirectUrl
|
redirectUrl := opts.redirectUrl
|
||||||
redirectUrl.Path = oauthCallbackPath
|
redirectUrl.Path = oauthCallbackPath
|
||||||
|
|
||||||
@ -76,6 +83,8 @@ func NewOauthProxy(opts *Options, validator func(string) bool) *OauthProxy {
|
|||||||
oauthLoginUrl: login,
|
oauthLoginUrl: login,
|
||||||
serveMux: serveMux,
|
serveMux: serveMux,
|
||||||
redirectUrl: redirectUrl,
|
redirectUrl: redirectUrl,
|
||||||
|
skipAuthRegex: opts.SkipAuthRegex,
|
||||||
|
compiledRegex: opts.CompiledRegex,
|
||||||
PassBasicAuth: opts.PassBasicAuth,
|
PassBasicAuth: opts.PassBasicAuth,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -299,6 +308,15 @@ func (p *OauthProxy) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
|
|||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
for _, u := range p.compiledRegex {
|
||||||
|
match := u.MatchString(req.URL.Path)
|
||||||
|
if match {
|
||||||
|
p.serveMux.ServeHTTP(rw, req)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
if req.URL.Path == signInPath {
|
if req.URL.Path == signInPath {
|
||||||
redirect, err := p.GetRedirect(req)
|
redirect, err := p.GetRedirect(req)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
11
options.go
11
options.go
@ -5,6 +5,7 @@ import (
|
|||||||
"fmt"
|
"fmt"
|
||||||
"net/url"
|
"net/url"
|
||||||
"time"
|
"time"
|
||||||
|
"regexp"
|
||||||
)
|
)
|
||||||
|
|
||||||
// Configuration Options that can be set by Command Line Flag, or Config File
|
// Configuration Options that can be set by Command Line Flag, or Config File
|
||||||
@ -23,10 +24,12 @@ type Options struct {
|
|||||||
AuthenticatedEmailsFile string `flag:"authenticated-emails-file" cfg:"authenticated_emails_file"`
|
AuthenticatedEmailsFile string `flag:"authenticated-emails-file" cfg:"authenticated_emails_file"`
|
||||||
GoogleAppsDomains []string `flag:"google-apps-domain" cfg:"google_apps_domains"`
|
GoogleAppsDomains []string `flag:"google-apps-domain" cfg:"google_apps_domains"`
|
||||||
Upstreams []string `flag:"upstream" cfg:"upstreams"`
|
Upstreams []string `flag:"upstream" cfg:"upstreams"`
|
||||||
|
SkipAuthRegex []string `flag:"skip-auth-regex" cfg:"skip_auth_regex"`
|
||||||
|
|
||||||
// internal values that are set after config validation
|
// internal values that are set after config validation
|
||||||
redirectUrl *url.URL
|
redirectUrl *url.URL
|
||||||
proxyUrls []*url.URL
|
proxyUrls []*url.URL
|
||||||
|
CompiledRegex []*regexp.Regexp
|
||||||
}
|
}
|
||||||
|
|
||||||
func NewOptions() *Options {
|
func NewOptions() *Options {
|
||||||
@ -70,5 +73,13 @@ func (o *Options) Validate() error {
|
|||||||
o.proxyUrls = append(o.proxyUrls, upstreamUrl)
|
o.proxyUrls = append(o.proxyUrls, upstreamUrl)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
for _, u := range o.SkipAuthRegex {
|
||||||
|
CompiledRegex, err := regexp.Compile(u)
|
||||||
|
if err != nil {
|
||||||
|
return fmt.Errorf("error compiling regex=%q %s", u, err)
|
||||||
|
}
|
||||||
|
o.CompiledRegex = append(o.CompiledRegex, CompiledRegex)
|
||||||
|
}
|
||||||
|
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user