Adding Support for multi white listed urls with regex url match.

This commit is contained in:
vishnu chilamakuru 2015-01-12 14:48:41 +05:30
parent a80b93130c
commit c4d25d271f
3 changed files with 31 additions and 0 deletions

View File

@ -19,6 +19,7 @@ func main() {
googleAppsDomains := StringArray{} googleAppsDomains := StringArray{}
upstreams := StringArray{} upstreams := StringArray{}
skipAuthRegex := StringArray{}
config := flagSet.String("config", "", "path to config file") config := flagSet.String("config", "", "path to config file")
showVersion := flagSet.Bool("version", false, "print version string") showVersion := flagSet.Bool("version", false, "print version string")
@ -27,6 +28,7 @@ func main() {
flagSet.String("redirect-url", "", "the OAuth Redirect URL. ie: \"https://internalapp.yourcompany.com/oauth2/callback\"") flagSet.String("redirect-url", "", "the OAuth Redirect URL. ie: \"https://internalapp.yourcompany.com/oauth2/callback\"")
flagSet.Var(&upstreams, "upstream", "the http url(s) of the upstream endpoint. If multiple, routing is based on path") flagSet.Var(&upstreams, "upstream", "the http url(s) of the upstream endpoint. If multiple, routing is based on path")
flagSet.Bool("pass-basic-auth", true, "pass HTTP Basic Auth, X-Forwarded-User and X-Forwarded-Email information to upstream") flagSet.Bool("pass-basic-auth", true, "pass HTTP Basic Auth, X-Forwarded-User and X-Forwarded-Email information to upstream")
flagSet.Var(&skipAuthRegex, "skip-auth-regex", "bypass authentication for requests path's that match (may be given multiple times)")
flagSet.Var(&googleAppsDomains, "google-apps-domain", "authenticate against the given Google apps domain (may be given multiple times)") flagSet.Var(&googleAppsDomains, "google-apps-domain", "authenticate against the given Google apps domain (may be given multiple times)")
flagSet.String("client-id", "", "the Google OAuth Client ID: ie: \"123456.apps.googleusercontent.com\"") flagSet.String("client-id", "", "the Google OAuth Client ID: ie: \"123456.apps.googleusercontent.com\"")

View File

@ -12,6 +12,7 @@ import (
"net/url" "net/url"
"strings" "strings"
"time" "time"
"regexp"
"github.com/bitly/go-simplejson" "github.com/bitly/go-simplejson"
) )
@ -40,6 +41,8 @@ type OauthProxy struct {
DisplayHtpasswdForm bool DisplayHtpasswdForm bool
serveMux *http.ServeMux serveMux *http.ServeMux
PassBasicAuth bool PassBasicAuth bool
skipAuthRegex []string
compiledRegex []*regexp.Regexp
} }
func NewOauthProxy(opts *Options, validator func(string) bool) *OauthProxy { func NewOauthProxy(opts *Options, validator func(string) bool) *OauthProxy {
@ -52,6 +55,10 @@ func NewOauthProxy(opts *Options, validator func(string) bool) *OauthProxy {
log.Printf("mapping path %q => upstream %q", path, u) log.Printf("mapping path %q => upstream %q", path, u)
serveMux.Handle(path, httputil.NewSingleHostReverseProxy(u)) serveMux.Handle(path, httputil.NewSingleHostReverseProxy(u))
} }
for _, u := range opts.CompiledRegex {
log.Printf("compiled skip-auth-regex => %q", u)
}
redirectUrl := opts.redirectUrl redirectUrl := opts.redirectUrl
redirectUrl.Path = oauthCallbackPath redirectUrl.Path = oauthCallbackPath
@ -76,6 +83,8 @@ func NewOauthProxy(opts *Options, validator func(string) bool) *OauthProxy {
oauthLoginUrl: login, oauthLoginUrl: login,
serveMux: serveMux, serveMux: serveMux,
redirectUrl: redirectUrl, redirectUrl: redirectUrl,
skipAuthRegex: opts.SkipAuthRegex,
compiledRegex: opts.CompiledRegex,
PassBasicAuth: opts.PassBasicAuth, PassBasicAuth: opts.PassBasicAuth,
} }
} }
@ -299,6 +308,15 @@ func (p *OauthProxy) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
return return
} }
for _, u := range p.compiledRegex {
match := u.MatchString(req.URL.Path)
if match {
p.serveMux.ServeHTTP(rw, req)
return
}
}
if req.URL.Path == signInPath { if req.URL.Path == signInPath {
redirect, err := p.GetRedirect(req) redirect, err := p.GetRedirect(req)
if err != nil { if err != nil {

View File

@ -5,6 +5,7 @@ import (
"fmt" "fmt"
"net/url" "net/url"
"time" "time"
"regexp"
) )
// Configuration Options that can be set by Command Line Flag, or Config File // Configuration Options that can be set by Command Line Flag, or Config File
@ -23,10 +24,12 @@ type Options struct {
AuthenticatedEmailsFile string `flag:"authenticated-emails-file" cfg:"authenticated_emails_file"` AuthenticatedEmailsFile string `flag:"authenticated-emails-file" cfg:"authenticated_emails_file"`
GoogleAppsDomains []string `flag:"google-apps-domain" cfg:"google_apps_domains"` GoogleAppsDomains []string `flag:"google-apps-domain" cfg:"google_apps_domains"`
Upstreams []string `flag:"upstream" cfg:"upstreams"` Upstreams []string `flag:"upstream" cfg:"upstreams"`
SkipAuthRegex []string `flag:"skip-auth-regex" cfg:"skip_auth_regex"`
// internal values that are set after config validation // internal values that are set after config validation
redirectUrl *url.URL redirectUrl *url.URL
proxyUrls []*url.URL proxyUrls []*url.URL
CompiledRegex []*regexp.Regexp
} }
func NewOptions() *Options { func NewOptions() *Options {
@ -70,5 +73,13 @@ func (o *Options) Validate() error {
o.proxyUrls = append(o.proxyUrls, upstreamUrl) o.proxyUrls = append(o.proxyUrls, upstreamUrl)
} }
for _, u := range o.SkipAuthRegex {
CompiledRegex, err := regexp.Compile(u)
if err != nil {
return fmt.Errorf("error compiling regex=%q %s", u, err)
}
o.CompiledRegex = append(o.CompiledRegex, CompiledRegex)
}
return nil return nil
} }