sinjuginas/oauth2-proxy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
oauth2-proxy/main.go

207 lines
6.7 KiB
Go
Raw Normal View History

initial code import
2012-12-10 20:59:23 -05:00
package main
import (
Add Prometheus metrics endpoint Add the Prometheus http.Handler to serve metrics at MetricsPath ("/metrics" by default). This allows Prometheus to scrape metrics from OAuth2 Proxy. Add a new middleware NewRequestMetrics and attach it to the preAuth chain. This will collect metrics on all requests made to OAuth2 Proxy Collapse some calls to Prinf() and os.Exit(1) to Fatalf as they are equivalent. main() has a strict 50 lines limit so brevity in these calls appreciated
2021-01-07 11:52:50 +00:00
"context"
testing
2012-12-17 13:38:33 -05:00
"fmt"
add login.gov provider (#55) * first stab at login.gov provider * fixing bugs now that I think I understand things better * fixing up dependencies * remove some debug stuff * Fixing all dependencies to point at my fork * forgot to hit save on the github rehome here * adding options for setting keys and so on, use JWT workflow instead of PKCE * forgot comma * was too aggressive with search/replace * need JWTKey to be byte array * removed custom refresh stuff * do our own custom jwt claim and store it in the normal session store * golang json types are strange * I have much to learn about golang * fix time and signing key * add http lib * fixed claims up since we don't need custom claims * add libs * forgot ioutil * forgot ioutil * moved back to pusher location * changed proxy github location back so that it builds externally, fixed up []byte stuff, removed client_secret if we are using login.gov * update dependencies * do JWTs properly * finished oidc flow, fixed up tests to work better * updated comments, added test that we set expiresOn properly * got confused with header and post vs get * clean up debug and test dir * add login.gov to README, remove references to my repo * forgot to remove un-needed code * can use sample_key* instead of generating your own * updated changelog * apparently golint wants comments like this * linter wants non-standard libs in a separate grouping * Update options.go Co-Authored-By: timothy-spencer <timothy.spencer@gsa.gov> * Update options.go Co-Authored-By: timothy-spencer <timothy.spencer@gsa.gov> * remove sample_key, improve comments related to client-secret, fix changelog related to PR feedback * github doesn't seem to do gofmt when merging. :-) * update CODEOWNERS * check the nonce * validate the JWT fully * forgot to add pubjwk-url to README * unexport the struct * fix up the err masking that travis found * update nonce comment by request of @JoelSpeed * argh. Thought I'd formatted the merge properly, but apparently not. * fixed test to not fail if the query time was greater than zero
2019-03-20 06:44:51 -07:00
"math/rand"
Add Prometheus metrics endpoint Add the Prometheus http.Handler to serve metrics at MetricsPath ("/metrics" by default). This allows Prometheus to scrape metrics from OAuth2 Proxy. Add a new middleware NewRequestMetrics and attach it to the preAuth chain. This will collect metrics on all requests made to OAuth2 Proxy Collapse some calls to Prinf() and os.Exit(1) to Fatalf as they are equivalent. main() has a strict 50 lines limit so brevity in these calls appreciated
2021-01-07 11:52:50 +00:00
"net/http"
update to new scopes
2014-08-07 16:16:39 -04:00
"os"
Implement graceful shutdown and propagate request context (#468) * feature: Implement graceful shutdown Propagate the request context to the Redis client. It is possible to propagate a context cancel to Redis client if the connection is closed by the HTTP client. The redis.Cmdable cannot use WithContext, so added the Client interface to handle redis.Client and redis.ClusterClient transparently. Added handling of Unix signals to http server. Upgrade go-redis/redis to v7. * Update dependencies - Upgrade golang/x/* and google-api-go - Migrate fsnotify import from gopkg.in to github.com - Replace bmizerany/assert with stretchr/testify/assert * add doc for wrapper interface * Update CHANGELOG.md * fix: upgrade fsnotify to v1.4.9 * fix: remove unnessary logging * fix: wait until all connections have been closed * refactor: move chan to main for testing * add assert to check if stop chan is empty * add an idiomatic for sync.WaitGroup with timeout
2020-04-05 00:12:38 +09:00
"os/signal"
show Go version
2015-03-19 23:03:00 -04:00
"runtime"
Implement graceful shutdown and propagate request context (#468) * feature: Implement graceful shutdown Propagate the request context to the Redis client. It is possible to propagate a context cancel to Redis client if the connection is closed by the HTTP client. The redis.Cmdable cannot use WithContext, so added the Client interface to handle redis.Client and redis.ClusterClient transparently. Added handling of Unix signals to http server. Upgrade go-redis/redis to v7. * Update dependencies - Upgrade golang/x/* and google-api-go - Migrate fsnotify import from gopkg.in to github.com - Replace bmizerany/assert with stretchr/testify/assert * add doc for wrapper interface * Update CHANGELOG.md * fix: upgrade fsnotify to v1.4.9 * fix: remove unnessary logging * fix: wait until all connections have been closed * refactor: move chan to main for testing * add assert to check if stop chan is empty * add an idiomatic for sync.WaitGroup with timeout
2020-04-05 00:12:38 +09:00
"syscall"
always set httponly (there is no good reason not to); simplify httponly and expire flags
2014-11-08 13:26:55 -05:00
"time"
initial code import
2012-12-10 20:59:23 -05:00
Add convert-config-to-alpha flag to convert existing configuration to alpha structure
2020-11-09 20:34:55 +00:00
"github.com/ghodss/yaml"
Fix import path for v7 (#800) * fix import path for v7 find ./ -name "*.go" | xargs sed -i -e 's|"github.com/oauth2-proxy/oauth2-proxy|"github.com/oauth2-proxy/oauth2-proxy/v7|' * fix module path * go mod tidy * fix installation docs * update CHANGELOG * Update CHANGELOG.md Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk> Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
2020-09-30 01:44:42 +09:00
"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/apis/options"
"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/logger"
Add Prometheus metrics endpoint Add the Prometheus http.Handler to serve metrics at MetricsPath ("/metrics" by default). This allows Prometheus to scrape metrics from OAuth2 Proxy. Add a new middleware NewRequestMetrics and attach it to the preAuth chain. This will collect metrics on all requests made to OAuth2 Proxy Collapse some calls to Prinf() and os.Exit(1) to Fatalf as they are equivalent. main() has a strict 50 lines limit so brevity in these calls appreciated
2021-01-07 11:52:50 +00:00
"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/middleware"
Fix import path for v7 (#800) * fix import path for v7 find ./ -name "*.go" | xargs sed -i -e 's|"github.com/oauth2-proxy/oauth2-proxy|"github.com/oauth2-proxy/oauth2-proxy/v7|' * fix module path * go mod tidy * fix installation docs * update CHANGELOG * Update CHANGELOG.md Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk> Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
2020-09-30 01:44:42 +09:00
"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/validation"
Introduce alpha configuration loading
2020-11-09 20:17:43 +00:00
"github.com/spf13/pflag"
initial code import
2012-12-10 20:59:23 -05:00
)
func main() {
Auth and standard logging with file rolling
2019-02-10 08:37:45 -08:00
logger.SetFlags(logger.Lshortfile)
Add config file support
2014-11-09 14:51:10 -05:00
Introduce alpha configuration loading
2020-11-09 20:17:43 +00:00
configFlagSet := pflag.NewFlagSet("oauth2-proxy", pflag.ContinueOnError)
Ensure config flags get parsed correctly when other flags preceed them
2021-02-06 15:21:12 +00:00
// Because we parse early to determine alpha vs legacy config, we have to
// ignore any unknown flags for now
configFlagSet.ParseErrorsWhitelist.UnknownFlags = true
Introduce alpha configuration loading
2020-11-09 20:17:43 +00:00
config := configFlagSet.String("config", "", "path to config file")
alphaConfig := configFlagSet.String("alpha-config", "", "path to alpha config file (use at your own risk - the structure in this config file may change between minor releases)")
Add convert-config-to-alpha flag to convert existing configuration to alpha structure
2020-11-09 20:34:55 +00:00
convertConfig := configFlagSet.Bool("convert-config-to-alpha", false, "if true, the proxy will load configuration as normal and convert existing configuration to the alpha config structure, and print it to stdout")
Introduce alpha configuration loading
2020-11-09 20:17:43 +00:00
showVersion := configFlagSet.Bool("version", false, "print version string")
configFlagSet.Parse(os.Args[1:])
Add config file support
2014-11-09 14:51:10 -05:00
better environment parsing
2014-11-09 21:07:02 -05:00
if *showVersion {
Migrate to oauth2-proxy/oauth2-proxy
2020-03-29 14:54:36 +01:00
fmt.Printf("oauth2-proxy %s (built with %s)\n", VERSION, runtime.Version())
better environment parsing
2014-11-09 21:07:02 -05:00
return
}
Add convert-config-to-alpha flag to convert existing configuration to alpha structure
2020-11-09 20:34:55 +00:00
if *convertConfig && *alphaConfig != "" {
logger.Fatal("cannot use alpha-config and conver-config-to-alpha together")
}
Introduce alpha configuration loading
2020-11-09 20:17:43 +00:00
opts, err := loadConfiguration(*config, *alphaConfig, configFlagSet, os.Args[1:])
Configure OAuth2 Proxy to use new upstreams package and LegacyConfig
2020-05-26 20:06:27 +01:00
if err != nil {
Add Prometheus metrics endpoint Add the Prometheus http.Handler to serve metrics at MetricsPath ("/metrics" by default). This allows Prometheus to scrape metrics from OAuth2 Proxy. Add a new middleware NewRequestMetrics and attach it to the preAuth chain. This will collect metrics on all requests made to OAuth2 Proxy Collapse some calls to Prinf() and os.Exit(1) to Fatalf as they are equivalent. main() has a strict 50 lines limit so brevity in these calls appreciated
2021-01-07 11:52:50 +00:00
logger.Fatalf("ERROR: %v", err)
Configure OAuth2 Proxy to use new upstreams package and LegacyConfig
2020-05-26 20:06:27 +01:00
}
Add convert-config-to-alpha flag to convert existing configuration to alpha structure
2020-11-09 20:34:55 +00:00
if *convertConfig {
if err := printConvertedConfig(opts); err != nil {
logger.Fatalf("ERROR: could not convert config: %v", err)
}
return
}
Add Prometheus metrics endpoint Add the Prometheus http.Handler to serve metrics at MetricsPath ("/metrics" by default). This allows Prometheus to scrape metrics from OAuth2 Proxy. Add a new middleware NewRequestMetrics and attach it to the preAuth chain. This will collect metrics on all requests made to OAuth2 Proxy Collapse some calls to Prinf() and os.Exit(1) to Fatalf as they are equivalent. main() has a strict 50 lines limit so brevity in these calls appreciated
2021-01-07 11:52:50 +00:00
if err = validation.Validate(opts); err != nil {
logger.Fatalf("%s", err)
initial code import
2012-12-10 20:59:23 -05:00
}
Auth and standard logging with file rolling
2019-02-10 08:37:45 -08:00
disable email validation; rename email-domain argument This adds a "*" option to --email-domain to disable email validation, and this renames `--google-apps-domain` to `--email-domain` for clarity across providers
2015-06-06 14:37:54 -04:00
validator := NewValidator(opts.EmailDomains, opts.AuthenticatedEmailsFile)
Initialise Session Storage in NewOAuthProxy instead of validation
2020-05-25 14:00:49 +01:00
oauthproxy, err := NewOAuthProxy(opts, validator)
if err != nil {
Add Prometheus metrics endpoint Add the Prometheus http.Handler to serve metrics at MetricsPath ("/metrics" by default). This allows Prometheus to scrape metrics from OAuth2 Proxy. Add a new middleware NewRequestMetrics and attach it to the preAuth chain. This will collect metrics on all requests made to OAuth2 Proxy Collapse some calls to Prinf() and os.Exit(1) to Fatalf as they are equivalent. main() has a strict 50 lines limit so brevity in these calls appreciated
2021-01-07 11:52:50 +00:00
logger.Fatalf("ERROR: Failed to initialise OAuth2 Proxy: %v", err)
Initialise Session Storage in NewOAuthProxy instead of validation
2020-05-25 14:00:49 +01:00
}
Add config file support
2014-11-09 14:51:10 -05:00
add login.gov provider (#55) * first stab at login.gov provider * fixing bugs now that I think I understand things better * fixing up dependencies * remove some debug stuff * Fixing all dependencies to point at my fork * forgot to hit save on the github rehome here * adding options for setting keys and so on, use JWT workflow instead of PKCE * forgot comma * was too aggressive with search/replace * need JWTKey to be byte array * removed custom refresh stuff * do our own custom jwt claim and store it in the normal session store * golang json types are strange * I have much to learn about golang * fix time and signing key * add http lib * fixed claims up since we don't need custom claims * add libs * forgot ioutil * forgot ioutil * moved back to pusher location * changed proxy github location back so that it builds externally, fixed up []byte stuff, removed client_secret if we are using login.gov * update dependencies * do JWTs properly * finished oidc flow, fixed up tests to work better * updated comments, added test that we set expiresOn properly * got confused with header and post vs get * clean up debug and test dir * add login.gov to README, remove references to my repo * forgot to remove un-needed code * can use sample_key* instead of generating your own * updated changelog * apparently golint wants comments like this * linter wants non-standard libs in a separate grouping * Update options.go Co-Authored-By: timothy-spencer <timothy.spencer@gsa.gov> * Update options.go Co-Authored-By: timothy-spencer <timothy.spencer@gsa.gov> * remove sample_key, improve comments related to client-secret, fix changelog related to PR feedback * github doesn't seem to do gofmt when merging. :-) * update CODEOWNERS * check the nonce * validate the JWT fully * forgot to add pubjwk-url to README * unexport the struct * fix up the err masking that travis found * update nonce comment by request of @JoelSpeed * argh. Thought I'd formatted the merge properly, but apparently not. * fixed test to not fail if the query time was greater than zero
2019-03-20 06:44:51 -07:00
rand.Seed(time.Now().UnixNano())
Add Prometheus metrics endpoint Add the Prometheus http.Handler to serve metrics at MetricsPath ("/metrics" by default). This allows Prometheus to scrape metrics from OAuth2 Proxy. Add a new middleware NewRequestMetrics and attach it to the preAuth chain. This will collect metrics on all requests made to OAuth2 Proxy Collapse some calls to Prinf() and os.Exit(1) to Fatalf as they are equivalent. main() has a strict 50 lines limit so brevity in these calls appreciated
2021-01-07 11:52:50 +00:00
oauthProxyStop := make(chan struct{}, 1)
metricsStop := startMetricsServer(opts.MetricsAddress, oauthProxyStop)
support TLS directly
2015-06-07 21:51:47 -04:00
s := &Server{
Integrate new header injectors with OAuth2 Proxy
2020-07-29 20:10:14 +01:00
Handler: oauthproxy,
support TLS directly
2015-06-07 21:51:47 -04:00
Opts: opts,
Add Prometheus metrics endpoint Add the Prometheus http.Handler to serve metrics at MetricsPath ("/metrics" by default). This allows Prometheus to scrape metrics from OAuth2 Proxy. Add a new middleware NewRequestMetrics and attach it to the preAuth chain. This will collect metrics on all requests made to OAuth2 Proxy Collapse some calls to Prinf() and os.Exit(1) to Fatalf as they are equivalent. main() has a strict 50 lines limit so brevity in these calls appreciated
2021-01-07 11:52:50 +00:00
stop: oauthProxyStop,
Added scheme parsing to http-address param Can now listen for HTTP clients on unix sockets (and any other Go-supported stream oriented network - see golang.org/pkg/net/#Listen). Default behaviour is unchanged, any http-address without a scheme is given the default of tcp. Amended the README so that the usage output is up to date.
2015-02-11 12:07:40 +11:00
}
Implement graceful shutdown and propagate request context (#468) * feature: Implement graceful shutdown Propagate the request context to the Redis client. It is possible to propagate a context cancel to Redis client if the connection is closed by the HTTP client. The redis.Cmdable cannot use WithContext, so added the Client interface to handle redis.Client and redis.ClusterClient transparently. Added handling of Unix signals to http server. Upgrade go-redis/redis to v7. * Update dependencies - Upgrade golang/x/* and google-api-go - Migrate fsnotify import from gopkg.in to github.com - Replace bmizerany/assert with stretchr/testify/assert * add doc for wrapper interface * Update CHANGELOG.md * fix: upgrade fsnotify to v1.4.9 * fix: remove unnessary logging * fix: wait until all connections have been closed * refactor: move chan to main for testing * add assert to check if stop chan is empty * add an idiomatic for sync.WaitGroup with timeout
2020-04-05 00:12:38 +09:00
// Observe signals in background goroutine.
go func() {
sigint := make(chan os.Signal, 1)
signal.Notify(sigint, os.Interrupt, syscall.SIGTERM)
<-sigint
Add Prometheus metrics endpoint Add the Prometheus http.Handler to serve metrics at MetricsPath ("/metrics" by default). This allows Prometheus to scrape metrics from OAuth2 Proxy. Add a new middleware NewRequestMetrics and attach it to the preAuth chain. This will collect metrics on all requests made to OAuth2 Proxy Collapse some calls to Prinf() and os.Exit(1) to Fatalf as they are equivalent. main() has a strict 50 lines limit so brevity in these calls appreciated
2021-01-07 11:52:50 +00:00
s.stop <- struct{}{} // notify having caught signal stop oauthproxy
close(metricsStop) // and the metrics endpoint
Implement graceful shutdown and propagate request context (#468) * feature: Implement graceful shutdown Propagate the request context to the Redis client. It is possible to propagate a context cancel to Redis client if the connection is closed by the HTTP client. The redis.Cmdable cannot use WithContext, so added the Client interface to handle redis.Client and redis.ClusterClient transparently. Added handling of Unix signals to http server. Upgrade go-redis/redis to v7. * Update dependencies - Upgrade golang/x/* and google-api-go - Migrate fsnotify import from gopkg.in to github.com - Replace bmizerany/assert with stretchr/testify/assert * add doc for wrapper interface * Update CHANGELOG.md * fix: upgrade fsnotify to v1.4.9 * fix: remove unnessary logging * fix: wait until all connections have been closed * refactor: move chan to main for testing * add assert to check if stop chan is empty * add an idiomatic for sync.WaitGroup with timeout
2020-04-05 00:12:38 +09:00
}()
support TLS directly
2015-06-07 21:51:47 -04:00
s.ListenAndServe()
initial code import
2012-12-10 20:59:23 -05:00
}
Introduce alpha configuration loading
2020-11-09 20:17:43 +00:00
Add Prometheus metrics endpoint Add the Prometheus http.Handler to serve metrics at MetricsPath ("/metrics" by default). This allows Prometheus to scrape metrics from OAuth2 Proxy. Add a new middleware NewRequestMetrics and attach it to the preAuth chain. This will collect metrics on all requests made to OAuth2 Proxy Collapse some calls to Prinf() and os.Exit(1) to Fatalf as they are equivalent. main() has a strict 50 lines limit so brevity in these calls appreciated
2021-01-07 11:52:50 +00:00
// startMetricsServer will start the metrics server on the specified address.
// It always return a channel to signal stop even when it does not run.
func startMetricsServer(address string, oauthProxyStop chan struct{}) chan struct{} {
stop := make(chan struct{}, 1)
// Attempt to setup the metrics endpoint if we have an address
if address != "" {
s := &http.Server{Addr: address, Handler: middleware.DefaultMetricsHandler}
go func() {
// ListenAndServe always returns a non-nil error. After Shutdown or
// Close, the returned error is ErrServerClosed
if err := s.ListenAndServe(); err != http.ErrServerClosed {
logger.Println(err)
// Stop the metrics shutdown go routine
close(stop)
// Stop the oauthproxy server, we have encounter an unexpected error
close(oauthProxyStop)
}
}()
go func() {
<-stop
if err := s.Shutdown(context.Background()); err != nil {
logger.Print(err)
}
}()
}
return stop
}
Introduce alpha configuration loading
2020-11-09 20:17:43 +00:00
// loadConfiguration will load in the user's configuration.
// It will either load the alpha configuration (if alphaConfig is given)
// or the legacy configuration.
func loadConfiguration(config, alphaConfig string, extraFlags *pflag.FlagSet, args []string) (*options.Options, error) {
if alphaConfig != "" {
logger.Printf("WARNING: You are using alpha configuration. The structure in this configuration file may change without notice. You MUST remove conflicting options from your existing configuration.")
return loadAlphaOptions(config, alphaConfig, extraFlags, args)
}
return loadLegacyOptions(config, extraFlags, args)
}
// loadLegacyOptions loads the old toml options using the legacy flagset
// and legacy options struct.
func loadLegacyOptions(config string, extraFlags *pflag.FlagSet, args []string) (*options.Options, error) {
optionsFlagSet := options.NewLegacyFlagSet()
optionsFlagSet.AddFlagSet(extraFlags)
if err := optionsFlagSet.Parse(args); err != nil {
return nil, fmt.Errorf("failed to parse flags: %v", err)
}
legacyOpts := options.NewLegacyOptions()
if err := options.Load(config, optionsFlagSet, legacyOpts); err != nil {
return nil, fmt.Errorf("failed to load config: %v", err)
}
opts, err := legacyOpts.ToOptions()
if err != nil {
return nil, fmt.Errorf("failed to convert config: %v", err)
}
return opts, nil
}
// loadAlphaOptions loads the old style config excluding options converted to
// the new alpha format, then merges the alpha options, loaded from YAML,
// into the core configuration.
func loadAlphaOptions(config, alphaConfig string, extraFlags *pflag.FlagSet, args []string) (*options.Options, error) {
opts, err := loadOptions(config, extraFlags, args)
if err != nil {
return nil, fmt.Errorf("failed to load core options: %v", err)
}
alphaOpts := &options.AlphaOptions{}
if err := options.LoadYAML(alphaConfig, alphaOpts); err != nil {
return nil, fmt.Errorf("failed to load alpha options: %v", err)
}
alphaOpts.MergeInto(opts)
return opts, nil
}
// loadOptions loads the configuration using the old style format into the
// core options.Options struct.
// This means that none of the options that have been converted to alpha config
// will be loaded using this method.
func loadOptions(config string, extraFlags *pflag.FlagSet, args []string) (*options.Options, error) {
optionsFlagSet := options.NewFlagSet()
optionsFlagSet.AddFlagSet(extraFlags)
if err := optionsFlagSet.Parse(args); err != nil {
return nil, fmt.Errorf("failed to parse flags: %v", err)
}
opts := options.NewOptions()
if err := options.Load(config, optionsFlagSet, opts); err != nil {
return nil, fmt.Errorf("failed to load config: %v", err)
}
return opts, nil
}
Add convert-config-to-alpha flag to convert existing configuration to alpha structure
2020-11-09 20:34:55 +00:00
// printConvertedConfig extracts alpha options from the loaded configuration
// and renders these to stdout in YAML format.
func printConvertedConfig(opts *options.Options) error {
alphaConfig := &options.AlphaOptions{}
alphaConfig.ExtractFrom(opts)
data, err := yaml.Marshal(alphaConfig)
if err != nil {
return fmt.Errorf("unable to marshal config: %v", err)
}
if _, err := os.Stdout.Write(data); err != nil {
return fmt.Errorf("unable to write output: %v", err)
}
return nil
}
Reference in New Issue Copy Permalink