use gofmt to update styling

2019-01-22 10:50:55 +00:00
parent 6ccd1c6dfc
commit afd8878188
4 changed files with 908 additions and 915 deletions
--- a/main.go
+++ b/main.go
@ -1,229 +1,226 @@
-
 package main

 import (
-  "fmt"
-  "time"
-  "strings"
-  "net/url"
-  "net/http"
+	"fmt"
+	"net/http"
+	"net/url"
+	"strings"
+	"time"

-  "github.com/namsral/flag"
-  "github.com/op/go-logging"
+	"github.com/namsral/flag"
+	"github.com/op/go-logging"
 )

 // Vars
-var fw *ForwardAuth;
+var fw *ForwardAuth
 var log = logging.MustGetLogger("traefik-forward-auth")

 // Primary handler
 func handler(w http.ResponseWriter, r *http.Request) {
-  // Parse uri
-  uri, err := url.Parse(r.Header.Get("X-Forwarded-Uri"))
-  if err != nil {
-    log.Error("Error parsing url")
-    http.Error(w, "Service unavailable", 503)
-    return
-  }
+	// Parse uri
+	uri, err := url.Parse(r.Header.Get("X-Forwarded-Uri"))
+	if err != nil {
+		log.Error("Error parsing url")
+		http.Error(w, "Service unavailable", 503)
+		return
+	}

-  // Handle callback
-  if uri.Path == fw.Path {
-    handleCallback(w, r, uri.Query())
-    return
-  }
+	// Handle callback
+	if uri.Path == fw.Path {
+		handleCallback(w, r, uri.Query())
+		return
+	}

-  // Get auth cookie
-  c, err := r.Cookie(fw.CookieName)
-  if err != nil {
-    // Error indicates no cookie, generate nonce
-    err, nonce := fw.Nonce()
-    if err != nil {
-      log.Error("Error generating nonce")
-      http.Error(w, "Service unavailable", 503)
-      return
-    }
+	// Get auth cookie
+	c, err := r.Cookie(fw.CookieName)
+	if err != nil {
+		// Error indicates no cookie, generate nonce
+		err, nonce := fw.Nonce()
+		if err != nil {
+			log.Error("Error generating nonce")
+			http.Error(w, "Service unavailable", 503)
+			return
+		}

-    // Set the CSRF cookie
-    http.SetCookie(w, fw.MakeCSRFCookie(r, nonce))
-    log.Debug("Set CSRF cookie and redirecting to google login")
+		// Set the CSRF cookie
+		http.SetCookie(w, fw.MakeCSRFCookie(r, nonce))
+		log.Debug("Set CSRF cookie and redirecting to google login")

-    // Forward them on
-    http.Redirect(w, r, fw.GetLoginURL(r, nonce), http.StatusTemporaryRedirect)
+		// Forward them on
+		http.Redirect(w, r, fw.GetLoginURL(r, nonce), http.StatusTemporaryRedirect)

-    return
-  }
+		return
+	}

-  // Validate cookie
-  valid, email, err := fw.ValidateCookie(r, c)
-  if !valid {
-    log.Debugf("Invalid cookie: %s", err)
-    http.Error(w, "Not authorized", 401)
-    return
-  }
+	// Validate cookie
+	valid, email, err := fw.ValidateCookie(r, c)
+	if !valid {
+		log.Debugf("Invalid cookie: %s", err)
+		http.Error(w, "Not authorized", 401)
+		return
+	}

-  // Validate user
-  valid = fw.ValidateEmail(email)
-  if !valid {
-    log.Debugf("Invalid email: %s", email)
-    http.Error(w, "Not authorized", 401)
-    return
-  }
+	// Validate user
+	valid = fw.ValidateEmail(email)
+	if !valid {
+		log.Debugf("Invalid email: %s", email)
+		http.Error(w, "Not authorized", 401)
+		return
+	}

-  // Valid request
-  w.Header().Set("X-Forwarded-User", email)
-  w.WriteHeader(200)
+	// Valid request
+	w.Header().Set("X-Forwarded-User", email)
+	w.WriteHeader(200)
 }

-
 // Authenticate user after they have come back from google
 func handleCallback(w http.ResponseWriter, r *http.Request, qs url.Values) {
-  // Check for CSRF cookie
-  csrfCookie, err := r.Cookie(fw.CSRFCookieName)
-  if err != nil {
-    log.Debug("Missing csrf cookie")
-    http.Error(w, "Not authorized", 401)
-    return
-  }
+	// Check for CSRF cookie
+	csrfCookie, err := r.Cookie(fw.CSRFCookieName)
+	if err != nil {
+		log.Debug("Missing csrf cookie")
+		http.Error(w, "Not authorized", 401)
+		return
+	}

-  // Validate state
-  state := qs.Get("state")
-  valid, redirect, err := fw.ValidateCSRFCookie(csrfCookie, state)
-  if !valid {
-    log.Debugf("Invalid oauth state, expected '%s', got '%s'\n", csrfCookie.Value, state)
-    http.Error(w, "Not authorized", 401)
-    return
-  }
+	// Validate state
+	state := qs.Get("state")
+	valid, redirect, err := fw.ValidateCSRFCookie(csrfCookie, state)
+	if !valid {
+		log.Debugf("Invalid oauth state, expected '%s', got '%s'\n", csrfCookie.Value, state)
+		http.Error(w, "Not authorized", 401)
+		return
+	}

-  // Clear CSRF cookie
-  http.SetCookie(w, fw.ClearCSRFCookie(r))
+	// Clear CSRF cookie
+	http.SetCookie(w, fw.ClearCSRFCookie(r))

-  // Exchange code for token
-  token, err := fw.ExchangeCode(r, qs.Get("code"))
-  if err != nil {
-    log.Debugf("Code exchange failed with: %s\n", err)
-    http.Error(w, "Service unavailable", 503)
-    return
-  }
+	// Exchange code for token
+	token, err := fw.ExchangeCode(r, qs.Get("code"))
+	if err != nil {
+		log.Debugf("Code exchange failed with: %s\n", err)
+		http.Error(w, "Service unavailable", 503)
+		return
+	}

-  // Get user
-  user, err := fw.GetUser(token)
-  if err != nil {
-    log.Debugf("Error getting user: %s\n", err)
-    return
-  }
+	// Get user
+	user, err := fw.GetUser(token)
+	if err != nil {
+		log.Debugf("Error getting user: %s\n", err)
+		return
+	}

-  // Generate cookie
-  http.SetCookie(w, fw.MakeCookie(r, user.Email))
-  log.Debugf("Generated auth cookie for %s\n", user.Email)
+	// Generate cookie
+	http.SetCookie(w, fw.MakeCookie(r, user.Email))
+	log.Debugf("Generated auth cookie for %s\n", user.Email)

-  // Redirect
-  http.Redirect(w, r, redirect, http.StatusTemporaryRedirect)
+	// Redirect
+	http.Redirect(w, r, redirect, http.StatusTemporaryRedirect)
 }

-
 // Main
 func main() {
-  // Parse options
-  flag.String(flag.DefaultConfigFlagname, "", "Path to config file")
-  path := flag.String("url-path", "_oauth", "Callback URL")
-  lifetime := flag.Int("lifetime", 43200, "Session length in seconds")
-  secret := flag.String("secret", "", "*Secret used for signing (required)")
-  authHost := flag.String("auth-host", "", "Central auth login")
-  clientId := flag.String("client-id", "", "*Google Client ID (required)")
-  clientSecret := flag.String("client-secret", "", "*Google Client Secret (required)")
-  cookieName := flag.String("cookie-name", "_forward_auth", "Cookie Name")
-  cSRFCookieName := flag.String("csrf-cookie-name", "_forward_auth_csrf", "CSRF Cookie Name")
-  cookieDomainList := flag.String("cookie-domains", "", "Comma separated list of cookie domains") //todo
-  cookieSecret := flag.String("cookie-secret", "", "Deprecated")
-  cookieSecure := flag.Bool("cookie-secure", true, "Use secure cookies")
-  domainList := flag.String("domain", "", "Comma separated list of email domains to allow")
-  emailWhitelist := flag.String("whitelist", "", "Comma separated list of emails to allow")
-  prompt := flag.String("prompt", "", "Space separated list of OpenID prompt options")
+	// Parse options
+	flag.String(flag.DefaultConfigFlagname, "", "Path to config file")
+	path := flag.String("url-path", "_oauth", "Callback URL")
+	lifetime := flag.Int("lifetime", 43200, "Session length in seconds")
+	secret := flag.String("secret", "", "*Secret used for signing (required)")
+	authHost := flag.String("auth-host", "", "Central auth login")
+	clientId := flag.String("client-id", "", "*Google Client ID (required)")
+	clientSecret := flag.String("client-secret", "", "*Google Client Secret (required)")
+	cookieName := flag.String("cookie-name", "_forward_auth", "Cookie Name")
+	cSRFCookieName := flag.String("csrf-cookie-name", "_forward_auth_csrf", "CSRF Cookie Name")
+	cookieDomainList := flag.String("cookie-domains", "", "Comma separated list of cookie domains") //todo
+	cookieSecret := flag.String("cookie-secret", "", "Deprecated")
+	cookieSecure := flag.Bool("cookie-secure", true, "Use secure cookies")
+	domainList := flag.String("domain", "", "Comma separated list of email domains to allow")
+	emailWhitelist := flag.String("whitelist", "", "Comma separated list of emails to allow")
+	prompt := flag.String("prompt", "", "Space separated list of OpenID prompt options")

-  flag.Parse()
+	flag.Parse()

-  // Backwards compatability
-  if *secret == "" && *cookieSecret != "" {
-    *secret = *cookieSecret
-  }
+	// Backwards compatability
+	if *secret == "" && *cookieSecret != "" {
+		*secret = *cookieSecret
+	}

-  // Check for show stopper errors
-  stop := false
-  if *clientId == "" {
-    stop = true
-    log.Critical("client-id must be set")
-  }
-  if *clientSecret == "" {
-    stop = true
-    log.Critical("client-secret must be set")
-  }
-  if *secret == "" {
-    stop = true
-    log.Critical("secret must be set")
-  }
-  if stop {
-    return
-  }
+	// Check for show stopper errors
+	stop := false
+	if *clientId == "" {
+		stop = true
+		log.Critical("client-id must be set")
+	}
+	if *clientSecret == "" {
+		stop = true
+		log.Critical("client-secret must be set")
+	}
+	if *secret == "" {
+		stop = true
+		log.Critical("secret must be set")
+	}
+	if stop {
+		return
+	}

-  // Parse lists
-  var cookieDomains []CookieDomain
-  if *cookieDomainList != "" {
-    for _, d := range strings.Split(*cookieDomainList, ",") {
-      cookieDomain := NewCookieDomain(d)
-      cookieDomains = append(cookieDomains, *cookieDomain)
-    }
-  }
+	// Parse lists
+	var cookieDomains []CookieDomain
+	if *cookieDomainList != "" {
+		for _, d := range strings.Split(*cookieDomainList, ",") {
+			cookieDomain := NewCookieDomain(d)
+			cookieDomains = append(cookieDomains, *cookieDomain)
+		}
+	}

-  var domain []string
-  if *domainList != "" {
-    domain = strings.Split(*domainList, ",")
-  }
-  var whitelist []string
-  if *emailWhitelist != "" {
-    whitelist = strings.Split(*emailWhitelist, ",")
-  }
+	var domain []string
+	if *domainList != "" {
+		domain = strings.Split(*domainList, ",")
+	}
+	var whitelist []string
+	if *emailWhitelist != "" {
+		whitelist = strings.Split(*emailWhitelist, ",")
+	}

-  // Setup
-  fw = &ForwardAuth{
-    Path: fmt.Sprintf("/%s", *path),
-    Lifetime: time.Second * time.Duration(*lifetime),
-    Secret: []byte(*secret),
-    AuthHost: *authHost,
+	// Setup
+	fw = &ForwardAuth{
+		Path:     fmt.Sprintf("/%s", *path),
+		Lifetime: time.Second * time.Duration(*lifetime),
+		Secret:   []byte(*secret),
+		AuthHost: *authHost,

-    ClientId: *clientId,
-    ClientSecret: *clientSecret,
-    Scope: "https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/userinfo.email",
-    LoginURL: &url.URL{
-      Scheme: "https",
-      Host: "accounts.google.com",
-      Path: "/o/oauth2/auth",
-    },
-    TokenURL: &url.URL{
-      Scheme: "https",
-      Host: "www.googleapis.com",
-      Path: "/oauth2/v3/token",
-    },
-    UserURL: &url.URL{
-      Scheme: "https",
-      Host: "www.googleapis.com",
-      Path: "/oauth2/v2/userinfo",
-    },
+		ClientId:     *clientId,
+		ClientSecret: *clientSecret,
+		Scope:        "https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/userinfo.email",
+		LoginURL: &url.URL{
+			Scheme: "https",
+			Host:   "accounts.google.com",
+			Path:   "/o/oauth2/auth",
+		},
+		TokenURL: &url.URL{
+			Scheme: "https",
+			Host:   "www.googleapis.com",
+			Path:   "/oauth2/v3/token",
+		},
+		UserURL: &url.URL{
+			Scheme: "https",
+			Host:   "www.googleapis.com",
+			Path:   "/oauth2/v2/userinfo",
+		},

-    CookieName: *cookieName,
-    CSRFCookieName: *cSRFCookieName,
-    CookieDomains: cookieDomains,
-    CookieSecure: *cookieSecure,
+		CookieName:     *cookieName,
+		CSRFCookieName: *cSRFCookieName,
+		CookieDomains:  cookieDomains,
+		CookieSecure:   *cookieSecure,

-    Domain: domain,
-    Whitelist: whitelist,
+		Domain:    domain,
+		Whitelist: whitelist,

-    Prompt: *prompt,
-  }
+		Prompt: *prompt,
+	}

-  // Attach handler
-  http.HandleFunc("/", handler)
+	// Attach handler
+	http.HandleFunc("/", handler)

-  log.Debugf("Starting with options: %#v", fw)
-  log.Notice("Listening on :4181")
-  log.Notice(http.ListenAndServe(":4181", nil))
+	log.Debugf("Starting with options: %#v", fw)
+	log.Notice("Listening on :4181")
+	log.Notice(http.ListenAndServe(":4181", nil))
 }