Merging changes

2019-04-12 09:26:44 -07:00 · 2019-04-12 09:26:44 -07:00 · d77119be55
commit d77119be55
parent 1f15631547
5 changed files with 19 additions and 76 deletions
--- a/Gopkg.lock
+++ b/Gopkg.lock
@ -222,6 +222,7 @@
    "github.com/mreiferson/go-options",
    "github.com/stretchr/testify/assert",
    "github.com/stretchr/testify/require",
+    "github.com/yhat/wsutil",
    "golang.org/x/crypto/bcrypt",
    "golang.org/x/net/websocket",
    "golang.org/x/oauth2",
--- a/logging_handler.go
+++ b/logging_handler.go
@ -4,6 +4,9 @@
 package main

 import (
+	"bufio"
+	"errors"
+	"net"
 	"net/http"
 	"time"

--- a/main.go
+++ b/main.go
@ -3,7 +3,6 @@ package main
 import (
 	"flag"
 	"fmt"
-	"log"
 	"math/rand"
 	"net/http"
 	"os"
@ -13,6 +12,7 @@ import (

 	"github.com/BurntSushi/toml"
 	options "github.com/mreiferson/go-options"
+	"github.com/pusher/oauth2_proxy/logger"
 )

 func main() {
@ -20,7 +20,7 @@ func main() {
 	flagSet := flag.NewFlagSet("oauth2_proxy", flag.ExitOnError)

 	emailDomains := StringArray{}
-	whitelistDomains := StringArray{}
+	whitelistandardomains := StringArray{}
 	upstreams := StringArray{}
 	skipAuthRegex := StringArray{}
 	googleGroups := StringArray{}
@ -49,7 +49,7 @@ func main() {
 	flagSet.Duration("flush-interval", time.Duration(1)*time.Second, "period between response flushing when streaming responses")

 	flagSet.Var(&emailDomains, "email-domain", "authenticate emails with the specified domain (may be given multiple times). Use * to authenticate any email")
-	flagSet.Var(&whitelistDomains, "whitelist-domain", "allowed domains for redirection after authentication. Prefix domain with a . to allow subdomains (eg .example.com)")
+	flagSet.Var(&whitelistandardomains, "whitelist-domain", "allowed domains for redirection after authentication. Prefix domain with a . to allow subdomains (eg .example.com)")
 	flagSet.String("azure-tenant", "common", "go to a tenant-specific or common (tenant-independent) endpoint.")
 	flagSet.String("github-org", "", "restrict logins to members of this organisation")
 	flagSet.String("github-team", "", "restrict logins to members of this team")
@ -158,16 +158,12 @@ func main() {

 	var handler http.Handler
 	if opts.GCPHealthChecks {
-		handler = gcpHealthcheck(LoggingHandler(os.Stdout, oauthproxy, opts.RequestLogging, opts.RequestLoggingFormat))
+		handler = gcpHealthcheck(LoggingHandler(oauthproxy))
 	} else {
-		handler = LoggingHandler(os.Stdout, oauthproxy, opts.RequestLogging, opts.RequestLoggingFormat)
+		handler = LoggingHandler(oauthproxy)
 	}
 	s := &Server{
-<<<<<<< HEAD
 		Handler: handler,
-=======
-		Handler: LoggingHandler(oauthproxy),
->>>>>>> Auth and standard logging with file rolling
 		Opts:    opts,
 	}
 	s.ListenAndServe()
--- a/oauthproxy.go
+++ b/oauthproxy.go
@ -185,23 +185,10 @@ func NewOAuthProxy(opts *Options, validator func(string) bool) *OAuthProxy {
 		path := u.Path
 		switch u.Scheme {
 		case httpScheme, httpsScheme:
-<<<<<<< HEAD
-			log.Printf("mapping path %q => upstream %q", path, u)
+			logger.Printf("mapping path %q => upstream %q", path, u)
 			proxy := NewWebSocketOrRestReverseProxy(u, opts, auth)
 			serveMux.Handle(path, proxy)

-=======
-			u.Path = ""
-			logger.Printf("mapping path %q => upstream %q", path, u)
-			proxy := NewReverseProxy(u, opts.FlushInterval)
-			if !opts.PassHostHeader {
-				setProxyUpstreamHostHeader(proxy, u)
-			} else {
-				setProxyDirector(proxy)
-			}
-			serveMux.Handle(path,
-				&UpstreamProxy{u.Host, proxy, auth})
->>>>>>> Auth and standard logging with file rolling
 		case "file":
 			if u.Fragment != "" {
 				path = u.Fragment
@ -228,11 +215,7 @@ func NewOAuthProxy(opts *Options, validator func(string) bool) *OAuthProxy {
 		refresh = fmt.Sprintf("after %s", opts.CookieRefresh)
 	}

-<<<<<<< HEAD
-	log.Printf("Cookie settings: name:%s secure(https):%v httponly:%v expiry:%s domain:%s path:%s refresh:%s", opts.CookieName, opts.CookieSecure, opts.CookieHTTPOnly, opts.CookieExpire, opts.CookieDomain, opts.CookiePath, refresh)
-=======
-	logger.Printf("Cookie settings: name:%s secure(https):%v httponly:%v expiry:%s domain:%s refresh:%s", opts.CookieName, opts.CookieSecure, opts.CookieHTTPOnly, opts.CookieExpire, opts.CookieDomain, refresh)
->>>>>>> Auth and standard logging with file rolling
+	logger.Printf("Cookie settings: name:%s secure(https):%v httponly:%v expiry:%s domain:%s path:%s refresh:%s", opts.CookieName, opts.CookieSecure, opts.CookieHTTPOnly, opts.CookieExpire, opts.CookieDomain, opts.CookiePath, refresh)

 	var cipher *cookie.Cipher
 	if opts.PassAccessToken || opts.SetAuthorization || opts.PassAuthorization || (opts.CookieRefresh != time.Duration(0)) {
--- a/options.go
+++ b/options.go
@ -18,7 +18,7 @@ import (
 	"github.com/mbland/hmacauth"
 	"github.com/pusher/oauth2_proxy/logger"
 	"github.com/pusher/oauth2_proxy/providers"
-	lumberjack "gopkg.in/natefinch/lumberjack.v2"
+	"gopkg.in/natefinch/lumberjack.v2"
 )

 // Options holds Configuration Options that can be set by Command Line Flag,
@ -74,7 +74,6 @@ type Options struct {

 	// These options allow for other providers besides Google, with
 	// potential overrides.
-<<<<<<< HEAD
 	Provider          string `flag:"provider" cfg:"provider" env:"OAUTH2_PROXY_PROVIDER"`
 	OIDCIssuerURL     string `flag:"oidc-issuer-url" cfg:"oidc_issuer_url" env:"OAUTH2_PROXY_OIDC_ISSUER_URL"`
 	SkipOIDCDiscovery bool   `flag:"skip-oidc-discovery" cfg:"skip_oidc_discovery" env:"OAUTH2_SKIP_OIDC_DISCOVERY"`
@ -87,25 +86,6 @@ type Options struct {
 	Scope             string `flag:"scope" cfg:"scope" env:"OAUTH2_PROXY_SCOPE"`
 	ApprovalPrompt    string `flag:"approval-prompt" cfg:"approval_prompt" env:"OAUTH2_PROXY_APPROVAL_PROMPT"`

-	RequestLogging       bool   `flag:"request-logging" cfg:"request_logging" env:"OAUTH2_PROXY_REQUEST_LOGGING"`
-	RequestLoggingFormat string `flag:"request-logging-format" cfg:"request_logging_format" env:"OAUTH2_PROXY_REQUEST_LOGGING_FORMAT"`
-
-	SignatureKey    string `flag:"signature-key" cfg:"signature_key" env:"OAUTH2_PROXY_SIGNATURE_KEY"`
-	AcrValues       string `flag:"acr-values" cfg:"acr_values" env:"OAUTH2_PROXY_ACR_VALUES"`
-	JWTKey          string `flag:"jwt-key" cfg:"jwt_key" env:"OAUTH2_PROXY_JWT_KEY"`
-	PubJWKURL       string `flag:"pubjwk-url" cfg:"pubjwk_url" env:"OAUTH2_PROXY_PUBJWK_URL"`
-	GCPHealthChecks bool   `flag:"gcp-healthchecks" cfg:"gcp_healthchecks" env:"OAUTH2_PROXY_GCP_HEALTHCHECKS"`
-=======
-	Provider          string `flag:"provider" cfg:"provider"`
-	OIDCIssuerURL     string `flag:"oidc-issuer-url" cfg:"oidc_issuer_url"`
-	LoginURL          string `flag:"login-url" cfg:"login_url"`
-	RedeemURL         string `flag:"redeem-url" cfg:"redeem_url"`
-	ProfileURL        string `flag:"profile-url" cfg:"profile_url"`
-	ProtectedResource string `flag:"resource" cfg:"resource"`
-	ValidateURL       string `flag:"validate-url" cfg:"validate_url"`
-	Scope             string `flag:"scope" cfg:"scope"`
-	ApprovalPrompt    string `flag:"approval-prompt" cfg:"approval_prompt"`
-
 	// Configuration values for logging
 	LoggingFilename       string `flag:"logging-filename" cfg:"logging_filename"`
 	LoggingMaxSize        int    `flag:"logging-max-size" cfg:"logging_max_size"`
@ -120,8 +100,11 @@ type Options struct {
 	AuthLogging           bool   `flag:"auth-logging" cfg:"auth_logging"`
 	AuthLoggingFormat     string `flag:"auth-logging-format" cfg:"auth_logging_format"`

-	SignatureKey string `flag:"signature-key" cfg:"signature_key" env:"OAUTH2_PROXY_SIGNATURE_KEY"`
->>>>>>> Auth and standard logging with file rolling
+	SignatureKey    string `flag:"signature-key" cfg:"signature_key" env:"OAUTH2_PROXY_SIGNATURE_KEY"`
+	AcrValues       string `flag:"acr-values" cfg:"acr_values" env:"OAUTH2_PROXY_ACR_VALUES"`
+	JWTKey          string `flag:"jwt-key" cfg:"jwt_key" env:"OAUTH2_PROXY_JWT_KEY"`
+	PubJWKURL       string `flag:"pubjwk-url" cfg:"pubjwk_url" env:"OAUTH2_PROXY_PUBJWK_URL"`
+	GCPHealthChecks bool   `flag:"gcp-healthchecks" cfg:"gcp_healthchecks" env:"OAUTH2_PROXY_GCP_HEALTHCHECKS"`

 	// internal values that are set after config validation
 	redirectURL   *url.URL
@ -141,31 +124,8 @@ type SignatureData struct {
 // NewOptions constructs a new Options with defaulted values
 func NewOptions() *Options {
 	return &Options{
-<<<<<<< HEAD
-		ProxyPrefix:          "/oauth2",
-		ProxyWebSockets:      true,
-		HTTPAddress:          "127.0.0.1:4180",
-		HTTPSAddress:         ":443",
-		DisplayHtpasswdForm:  true,
-		CookieName:           "_oauth2_proxy",
-		CookieSecure:         true,
-		CookieHTTPOnly:       true,
-		CookieExpire:         time.Duration(168) * time.Hour,
-		CookieRefresh:        time.Duration(0),
-		SetXAuthRequest:      false,
-		SkipAuthPreflight:    false,
-		PassBasicAuth:        true,
-		PassUserHeaders:      true,
-		PassAccessToken:      false,
-		PassHostHeader:       true,
-		SetAuthorization:     false,
-		PassAuthorization:    false,
-		ApprovalPrompt:       "force",
-		RequestLogging:       true,
-		SkipOIDCDiscovery:    false,
-		RequestLoggingFormat: defaultRequestLoggingFormat,
-=======
 		ProxyPrefix:           "/oauth2",
+		ProxyWebSockets:       true,
 		HTTPAddress:           "127.0.0.1:4180",
 		HTTPSAddress:          ":443",
 		DisplayHtpasswdForm:   true,
@ -183,6 +143,7 @@ func NewOptions() *Options {
 		SetAuthorization:      false,
 		PassAuthorization:     false,
 		ApprovalPrompt:        "force",
+		SkipOIDCDiscovery:     false,
 		LoggingFilename:       "",
 		LoggingMaxSize:        100,
 		LoggingMaxAge:         7,
@ -195,7 +156,6 @@ func NewOptions() *Options {
 		RequestLoggingFormat:  logger.DefaultRequestLoggingFormat,
 		AuthLogging:           true,
 		AuthLoggingFormat:     logger.DefaultAuthLoggingFormat,
->>>>>>> Auth and standard logging with file rolling
 	}
 }