oauth2-proxy/options.go

package main

import (
	"fmt"
	"net/url"
	"regexp"
	"strings"
	"time"
)

// Configuration Options that can be set by Command Line Flag, or Config File
type Options struct {
	HttpAddress  string `flag:"http-address" cfg:"http_address"`
	RedirectUrl  string `flag:"redirect-url" cfg:"redirect_url"`
	ClientID     string `flag:"client-id" cfg:"client_id" env:"GOOGLE_AUTH_PROXY_CLIENT_ID"`
	ClientSecret string `flag:"client-secret" cfg:"client_secret" env:"GOOGLE_AUTH_PROXY_CLIENT_SECRET"`

	AuthenticatedEmailsFile string   `flag:"authenticated-emails-file" cfg:"authenticated_emails_file"`
	GoogleAppsDomains       []string `flag:"google-apps-domain" cfg:"google_apps_domains"`
	HtpasswdFile            string   `flag:"htpasswd-file" cfg:"htpasswd_file"`
	DisplayHtpasswdForm     bool     `flag:"display-htpasswd-form" cfg:"display_htpasswd_form"`
	CustomTemplatesDir      string   `flag:"custom-templates-dir" cfg:"custom_templates_dir"`

	CookieSecret    string        `flag:"cookie-secret" cfg:"cookie_secret" env:"GOOGLE_AUTH_PROXY_COOKIE_SECRET"`
	CookieDomain    string        `flag:"cookie-domain" cfg:"cookie_domain" env:"GOOGLE_AUTH_PROXY_COOKIE_DOMAIN"`
	CookieExpire    time.Duration `flag:"cookie-expire" cfg:"cookie_expire" env:"GOOGLE_AUTH_PROXY_COOKIE_EXPIRE"`
	CookieHttpsOnly bool          `flag:"cookie-https-only" cfg:"cookie_https_only"` // set secure cookie flag
	CookieHttpOnly  bool          `flag:"cookie-httponly" cfg:"cookie_httponly"`

	Upstreams      []string `flag:"upstream" cfg:"upstreams"`
	SkipAuthRegex  []string `flag:"skip-auth-regex" cfg:"skip_auth_regex"`
	PassBasicAuth  bool     `flag:"pass-basic-auth" cfg:"pass_basic_auth"`
	PassHostHeader bool     `flag:"pass-host-header" cfg:"pass_host_header"`

	// internal values that are set after config validation
	redirectUrl   *url.URL
	proxyUrls     []*url.URL
	CompiledRegex []*regexp.Regexp
}

func NewOptions() *Options {
	return &Options{
		HttpAddress:         "127.0.0.1:4180",
		DisplayHtpasswdForm: true,
		CookieHttpsOnly:     true,
		CookieHttpOnly:      true,
		CookieExpire:        time.Duration(168) * time.Hour,
		PassBasicAuth:       true,
		PassHostHeader:      true,
	}
}

func (o *Options) Validate() error {
	msgs := make([]string, 0)
	if len(o.Upstreams) < 1 {
		msgs = append(msgs, "missing setting: upstream")
	}
	if o.CookieSecret == "" {
		msgs = append(msgs, "missing setting: cookie-secret")
	}
	if o.ClientID == "" {
		msgs = append(msgs, "missing setting: client-id")
	}
	if o.ClientSecret == "" {
		msgs = append(msgs, "missing setting: client-secret")
	}

	redirectUrl, err := url.Parse(o.RedirectUrl)
	if err != nil {
		msgs = append(msgs, fmt.Sprintf(
			"error parsing redirect-url=%q %s", o.RedirectUrl, err))
	}
	o.redirectUrl = redirectUrl

	for _, u := range o.Upstreams {
		upstreamUrl, err := url.Parse(u)
		if err != nil {
			msgs = append(msgs, fmt.Sprintf(
				"error parsing upstream=%q %s",
				upstreamUrl, err))
		}
		if upstreamUrl.Path == "" {
			upstreamUrl.Path = "/"
		}
		o.proxyUrls = append(o.proxyUrls, upstreamUrl)
	}

	for _, u := range o.SkipAuthRegex {
		CompiledRegex, err := regexp.Compile(u)
		if err != nil {
			msgs = append(msgs, fmt.Sprintf(
				"error compiling regex=%q %s", u, err))
		}
		o.CompiledRegex = append(o.CompiledRegex, CompiledRegex)
	}

	if len(msgs) != 0 {
		return fmt.Errorf("Invalid configuration:\n  %s",
			strings.Join(msgs, "\n  "))
	}
	return nil
}
Add config file support 2014-11-09 14:51:10 -05:00			`package main`

			`import (`
			`"fmt"`
			`"net/url"`
Adding Support for multi white listed urls with regex url match. 2015-01-12 14:48:41 +05:30			`"regexp"`
Catch more options errors at once; add test 2015-03-15 12:23:13 -04:00			`"strings"`
Run gofmt over source. 2015-01-19 16:10:37 +00:00			`"time"`
Add config file support 2014-11-09 14:51:10 -05:00			`)`

			`// Configuration Options that can be set by Command Line Flag, or Config File`
			`type Options struct {`
add --proxy-host-header option 2015-03-17 15:15:15 -04:00			HttpAddress string `flag:"http-address" cfg:"http_address"`
			RedirectUrl string `flag:"redirect-url" cfg:"redirect_url"`
			ClientID string `flag:"client-id" cfg:"client_id" env:"GOOGLE_AUTH_PROXY_CLIENT_ID"`
			ClientSecret string `flag:"client-secret" cfg:"client_secret" env:"GOOGLE_AUTH_PROXY_CLIENT_SECRET"`

			AuthenticatedEmailsFile string `flag:"authenticated-emails-file" cfg:"authenticated_emails_file"`
			GoogleAppsDomains []string `flag:"google-apps-domain" cfg:"google_apps_domains"`
			HtpasswdFile string `flag:"htpasswd-file" cfg:"htpasswd_file"`
			DisplayHtpasswdForm bool `flag:"display-htpasswd-form" cfg:"display_htpasswd_form"`
support (optional) custom templates 2015-03-17 18:06:06 -04:00			CustomTemplatesDir string `flag:"custom-templates-dir" cfg:"custom_templates_dir"`
add --proxy-host-header option 2015-03-17 15:15:15 -04:00
			CookieSecret string `flag:"cookie-secret" cfg:"cookie_secret" env:"GOOGLE_AUTH_PROXY_COOKIE_SECRET"`
			CookieDomain string `flag:"cookie-domain" cfg:"cookie_domain" env:"GOOGLE_AUTH_PROXY_COOKIE_DOMAIN"`
			CookieExpire time.Duration `flag:"cookie-expire" cfg:"cookie_expire" env:"GOOGLE_AUTH_PROXY_COOKIE_EXPIRE"`
make redirect_uri optional 2015-03-17 16:25:19 -04:00			CookieHttpsOnly bool `flag:"cookie-https-only" cfg:"cookie_https_only"` // set secure cookie flag
add --proxy-host-header option 2015-03-17 15:15:15 -04:00			CookieHttpOnly bool `flag:"cookie-httponly" cfg:"cookie_httponly"`

			Upstreams []string `flag:"upstream" cfg:"upstreams"`
			SkipAuthRegex []string `flag:"skip-auth-regex" cfg:"skip_auth_regex"`
			PassBasicAuth bool `flag:"pass-basic-auth" cfg:"pass_basic_auth"`
			PassHostHeader bool `flag:"pass-host-header" cfg:"pass_host_header"`
Add config file support 2014-11-09 14:51:10 -05:00
			`// internal values that are set after config validation`
Run gofmt over source. 2015-01-19 16:10:37 +00:00			`redirectUrl *url.URL`
			`proxyUrls []*url.URL`
Adding Support for multi white listed urls with regex url match. 2015-01-12 14:48:41 +05:30			`CompiledRegex []*regexp.Regexp`
Add config file support 2014-11-09 14:51:10 -05:00			`}`

			`func NewOptions() *Options {`
options bug fixes; set https cookies on by default 2014-11-09 22:21:46 -05:00			`return &Options{`
Allow hiding custom login UI even if an htpasswd file is provided. 2014-12-09 14:38:57 -06:00			`HttpAddress: "127.0.0.1:4180",`
			`DisplayHtpasswdForm: true,`
			`CookieHttpsOnly: true,`
Add flag to enable/disable cookie's HttpOnly flag. 2015-01-19 15:52:18 +00:00			`CookieHttpOnly: true,`
Allow hiding custom login UI even if an htpasswd file is provided. 2014-12-09 14:38:57 -06:00			`CookieExpire: time.Duration(168) * time.Hour,`
add --proxy-host-header option 2015-03-17 15:15:15 -04:00			`PassBasicAuth: true,`
			`PassHostHeader: true,`
options bug fixes; set https cookies on by default 2014-11-09 22:21:46 -05:00			`}`
Add config file support 2014-11-09 14:51:10 -05:00			`}`

			`func (o *Options) Validate() error {`
Catch more options errors at once; add test 2015-03-15 12:23:13 -04:00			`msgs := make([]string, 0)`
Add config file support 2014-11-09 14:51:10 -05:00			`if len(o.Upstreams) < 1 {`
Catch more options errors at once; add test 2015-03-15 12:23:13 -04:00			`msgs = append(msgs, "missing setting: upstream")`
Add config file support 2014-11-09 14:51:10 -05:00			`}`
			`if o.CookieSecret == "" {`
Catch more options errors at once; add test 2015-03-15 12:23:13 -04:00			`msgs = append(msgs, "missing setting: cookie-secret")`
Add config file support 2014-11-09 14:51:10 -05:00			`}`
			`if o.ClientID == "" {`
Catch more options errors at once; add test 2015-03-15 12:23:13 -04:00			`msgs = append(msgs, "missing setting: client-id")`
Add config file support 2014-11-09 14:51:10 -05:00			`}`
			`if o.ClientSecret == "" {`
Catch more options errors at once; add test 2015-03-15 12:23:13 -04:00			`msgs = append(msgs, "missing setting: client-secret")`
Add config file support 2014-11-09 14:51:10 -05:00			`}`

			`redirectUrl, err := url.Parse(o.RedirectUrl)`
			`if err != nil {`
Catch more options errors at once; add test 2015-03-15 12:23:13 -04:00			`msgs = append(msgs, fmt.Sprintf(`
			`"error parsing redirect-url=%q %s", o.RedirectUrl, err))`
Add config file support 2014-11-09 14:51:10 -05:00			`}`
			`o.redirectUrl = redirectUrl`

			`for _, u := range o.Upstreams {`
			`upstreamUrl, err := url.Parse(u)`
			`if err != nil {`
Catch more options errors at once; add test 2015-03-15 12:23:13 -04:00			`msgs = append(msgs, fmt.Sprintf(`
			`"error parsing upstream=%q %s",`
			`upstreamUrl, err))`
Add config file support 2014-11-09 14:51:10 -05:00			`}`
			`if upstreamUrl.Path == "" {`
			`upstreamUrl.Path = "/"`
			`}`
			`o.proxyUrls = append(o.proxyUrls, upstreamUrl)`
			`}`

Adding Support for multi white listed urls with regex url match. 2015-01-12 14:48:41 +05:30			`for _, u := range o.SkipAuthRegex {`
			`CompiledRegex, err := regexp.Compile(u)`
			`if err != nil {`
Catch more options errors at once; add test 2015-03-15 12:23:13 -04:00			`msgs = append(msgs, fmt.Sprintf(`
			`"error compiling regex=%q %s", u, err))`
Adding Support for multi white listed urls with regex url match. 2015-01-12 14:48:41 +05:30			`}`
			`o.CompiledRegex = append(o.CompiledRegex, CompiledRegex)`
			`}`

Catch more options errors at once; add test 2015-03-15 12:23:13 -04:00			`if len(msgs) != 0 {`
			`return fmt.Errorf("Invalid configuration:\n %s",`
			`strings.Join(msgs, "\n "))`
			`}`
Add config file support 2014-11-09 14:51:10 -05:00			`return nil`
			`}`