wn/traefik-forward-auth
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

remove direct mode + add example development compose

Browse Source
This commit is contained in:
Thom Seddon 2018-11-06 14:17:40 +00:00
parent 91775ff0a8
commit dcf4f6574d
4 changed files with 48 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
README.md
View File

@ -31,7 +31,6 @@ The following configuration is supported:
|-cookie-name|string|Cookie Name (default "_forward_auth")| |-cookie-name|string|Cookie Name (default "_forward_auth")|
|-cookie-secure|bool|Use secure cookies (default true)| |-cookie-secure|bool|Use secure cookies (default true)|
|-csrf-cookie-name|string|CSRF Cookie Name (default "_forward_auth_csrf")| |-csrf-cookie-name|string|CSRF Cookie Name (default "_forward_auth_csrf")|
|-direct|bool|Run in direct mode (use own hostname as oppose to <br>X-Forwarded-Host, used for testing/development)
|-domain|string|Comma separated list of email domains to allow| |-domain|string|Comma separated list of email domains to allow|
|-whitelist|string|Comma separated list of email addresses to allow| |-whitelist|string|Comma separated list of email addresses to allow|
|-lifetime|int|Session length in seconds (default 43200)| |-lifetime|int|Session length in seconds (default 43200)|

48
example/docker-compose-dev.yml Normal file
View File

@ -0,0 +1,48 @@
version: '3'
services:
traefik:
image: traefik
command: -c /traefik.toml
# command: -c /traefik.toml --logLevel=DEBUG
ports:
- "8085:80"
- "8086:8080"
networks:
- traefik
volumes:
- ./traefik.toml:/traefik.toml
- /var/run/docker.sock:/var/run/docker.sock
whoami1:
image: emilevauge/whoami
networks:
- traefik
labels:
- "traefik.backend=whoami1"
- "traefik.enable=true"
- "traefik.frontend.rule=Host:whoami.localhost.com"
whoami2:
image: emilevauge/whoami
networks:
- traefik
labels:
- "traefik.backend=whoami2"
- "traefik.enable=true"
- "traefik.frontend.rule=Host:whoami.localhost.org"
forward-oauth:
build: ../
environment:
- CLIENT_ID=test
- CLIENT_SECRET=test
- COOKIE_SECRET=something-random
- COOKIE_SECURE=false
- COOKIE_DOMAINS=localhost.com
- AUTH_URL=http://auth.localhost.com:8085/_oauth
networks:
- traefik
networks:
traefik:

20
forwardauth.go
View File

@ -40,8 +40,6 @@ type ForwardAuth struct {
Domain []string Domain []string
Whitelist []string Whitelist []string
Direct bool
Prompt string Prompt string
} }
@ -199,12 +197,6 @@ func (f *ForwardAuth) redirectBase(r *http.Request) string {
proto := r.Header.Get("X-Forwarded-Proto") proto := r.Header.Get("X-Forwarded-Proto")
host := r.Header.Get("X-Forwarded-Host") host := r.Header.Get("X-Forwarded-Host")
// Direct mode
if f.Direct {
proto = "http"
host = r.Host
}
return fmt.Sprintf("%s://%s", proto, host) return fmt.Sprintf("%s://%s", proto, host)
} }
@ -212,11 +204,6 @@ func (f *ForwardAuth) redirectBase(r *http.Request) string {
func (f *ForwardAuth) returnUrl(r *http.Request) string { func (f *ForwardAuth) returnUrl(r *http.Request) string {
path := r.Header.Get("X-Forwarded-Uri") path := r.Header.Get("X-Forwarded-Uri")
// Testing
if f.Direct {
path = r.URL.String()
}
return fmt.Sprintf("%s%s", f.redirectBase(r), path) return fmt.Sprintf("%s%s", f.redirectBase(r), path)
} }
@ -325,11 +312,6 @@ func (f *ForwardAuth) Nonce() (error, string) {
func (f *ForwardAuth) cookieDomain(r *http.Request) string { func (f *ForwardAuth) cookieDomain(r *http.Request) string {
host := r.Header.Get("X-Forwarded-Host") host := r.Header.Get("X-Forwarded-Host")
// Direct mode
if f.Direct {
host = r.Host
}
// Check if any of the given cookie domains matches // Check if any of the given cookie domains matches
_, domain := f.matchCookieDomains(host) _, domain := f.matchCookieDomains(host)
return domain return domain
@ -340,8 +322,6 @@ func (f *ForwardAuth) csrfCookieDomain(r *http.Request) string {
var host string var host string
if use, domain := f.useAuthDomain(r); use { if use, domain := f.useAuthDomain(r); use {
host = domain host = domain
} else if f.Direct {
host = r.Host
} else { } else {
host = r.Header.Get("X-Forwarded-Host") host = r.Header.Get("X-Forwarded-Host")
} }

8
main.go
View File

@ -26,11 +26,6 @@ func handler(w http.ResponseWriter, r *http.Request) {
return return
} }
// Direct mode
if fw.Direct {
uri = r.URL
}
// Handle callback // Handle callback
if uri.Path == fw.Path { if uri.Path == fw.Path {
handleCallback(w, r, uri.Query()) handleCallback(w, r, uri.Query())
@ -142,7 +137,6 @@ func main() {
cookieSecure := flag.Bool("cookie-secure", true, "Use secure cookies") cookieSecure := flag.Bool("cookie-secure", true, "Use secure cookies")
domainList := flag.String("domain", "", "Comma separated list of email domains to allow") domainList := flag.String("domain", "", "Comma separated list of email domains to allow")
emailWhitelist := flag.String("whitelist", "", "Comma separated list of emails to allow") emailWhitelist := flag.String("whitelist", "", "Comma separated list of emails to allow")
direct := flag.Bool("direct", false, "Run in direct mode (use own hostname as oppose to X-Forwarded-Host, used for testing/development)")
prompt := flag.String("prompt", "", "Space separated list of OpenID prompt options") prompt := flag.String("prompt", "", "Space separated list of OpenID prompt options")
flag.Parse() flag.Parse()
@ -222,8 +216,6 @@ func main() {
Domain: domain, Domain: domain,
Whitelist: whitelist, Whitelist: whitelist,
Direct: *direct,
Prompt: *prompt, Prompt: *prompt,
} }