oauth2-proxy/main.go

package main

import (
	"fmt"
	"math/rand"
	"os"
	"os/signal"
	"runtime"
	"syscall"
	"time"

	"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/apis/options"
	"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/logger"
	"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/validation"
	"github.com/spf13/pflag"
)

func main() {
	logger.SetFlags(logger.Lshortfile)

	configFlagSet := pflag.NewFlagSet("oauth2-proxy", pflag.ContinueOnError)
	config := configFlagSet.String("config", "", "path to config file")
	alphaConfig := configFlagSet.String("alpha-config", "", "path to alpha config file (use at your own risk - the structure in this config file may change between minor releases)")
	showVersion := configFlagSet.Bool("version", false, "print version string")
	configFlagSet.Parse(os.Args[1:])

	if *showVersion {
		fmt.Printf("oauth2-proxy %s (built with %s)\n", VERSION, runtime.Version())
		return
	}

	opts, err := loadConfiguration(*config, *alphaConfig, configFlagSet, os.Args[1:])
	if err != nil {
		logger.Printf("ERROR: %v", err)
		os.Exit(1)
	}

	err = validation.Validate(opts)
	if err != nil {
		logger.Printf("%s", err)
		os.Exit(1)
	}

	validator := NewValidator(opts.EmailDomains, opts.AuthenticatedEmailsFile)
	oauthproxy, err := NewOAuthProxy(opts, validator)
	if err != nil {
		logger.Errorf("ERROR: Failed to initialise OAuth2 Proxy: %v", err)
		os.Exit(1)
	}

	rand.Seed(time.Now().UnixNano())

	s := &Server{
		Handler: oauthproxy,
		Opts:    opts,
		stop:    make(chan struct{}, 1),
	}
	// Observe signals in background goroutine.
	go func() {
		sigint := make(chan os.Signal, 1)
		signal.Notify(sigint, os.Interrupt, syscall.SIGTERM)
		<-sigint
		s.stop <- struct{}{} // notify having caught signal
	}()
	s.ListenAndServe()
}

// loadConfiguration will load in the user's configuration.
// It will either load the alpha configuration (if alphaConfig is given)
// or the legacy configuration.
func loadConfiguration(config, alphaConfig string, extraFlags *pflag.FlagSet, args []string) (*options.Options, error) {
	if alphaConfig != "" {
		logger.Printf("WARNING: You are using alpha configuration. The structure in this configuration file may change without notice. You MUST remove conflicting options from your existing configuration.")
		return loadAlphaOptions(config, alphaConfig, extraFlags, args)
	}
	return loadLegacyOptions(config, extraFlags, args)
}

// loadLegacyOptions loads the old toml options using the legacy flagset
// and legacy options struct.
func loadLegacyOptions(config string, extraFlags *pflag.FlagSet, args []string) (*options.Options, error) {
	optionsFlagSet := options.NewLegacyFlagSet()
	optionsFlagSet.AddFlagSet(extraFlags)
	if err := optionsFlagSet.Parse(args); err != nil {
		return nil, fmt.Errorf("failed to parse flags: %v", err)
	}

	legacyOpts := options.NewLegacyOptions()
	if err := options.Load(config, optionsFlagSet, legacyOpts); err != nil {
		return nil, fmt.Errorf("failed to load config: %v", err)
	}

	opts, err := legacyOpts.ToOptions()
	if err != nil {
		return nil, fmt.Errorf("failed to convert config: %v", err)
	}

	return opts, nil
}

// loadAlphaOptions loads the old style config excluding options converted to
// the new alpha format, then merges the alpha options, loaded from YAML,
// into the core configuration.
func loadAlphaOptions(config, alphaConfig string, extraFlags *pflag.FlagSet, args []string) (*options.Options, error) {
	opts, err := loadOptions(config, extraFlags, args)
	if err != nil {
		return nil, fmt.Errorf("failed to load core options: %v", err)
	}

	alphaOpts := &options.AlphaOptions{}
	if err := options.LoadYAML(alphaConfig, alphaOpts); err != nil {
		return nil, fmt.Errorf("failed to load alpha options: %v", err)
	}

	alphaOpts.MergeInto(opts)
	return opts, nil
}

// loadOptions loads the configuration using the old style format into the
// core options.Options struct.
// This means that none of the options that have been converted to alpha config
// will be loaded using this method.
func loadOptions(config string, extraFlags *pflag.FlagSet, args []string) (*options.Options, error) {
	optionsFlagSet := options.NewFlagSet()
	optionsFlagSet.AddFlagSet(extraFlags)
	if err := optionsFlagSet.Parse(args); err != nil {
		return nil, fmt.Errorf("failed to parse flags: %v", err)
	}

	opts := options.NewOptions()
	if err := options.Load(config, optionsFlagSet, opts); err != nil {
		return nil, fmt.Errorf("failed to load config: %v", err)
	}

	return opts, nil
}
initial code import 2012-12-11 04:59:23 +03:00			`package main`

			`import (`
testing 2012-12-17 21:38:33 +03:00			`"fmt"`
add login.gov provider (#55) * first stab at login.gov provider * fixing bugs now that I think I understand things better * fixing up dependencies * remove some debug stuff * Fixing all dependencies to point at my fork * forgot to hit save on the github rehome here * adding options for setting keys and so on, use JWT workflow instead of PKCE * forgot comma * was too aggressive with search/replace * need JWTKey to be byte array * removed custom refresh stuff * do our own custom jwt claim and store it in the normal session store * golang json types are strange * I have much to learn about golang * fix time and signing key * add http lib * fixed claims up since we don't need custom claims * add libs * forgot ioutil * forgot ioutil * moved back to pusher location * changed proxy github location back so that it builds externally, fixed up []byte stuff, removed client_secret if we are using login.gov * update dependencies * do JWTs properly * finished oidc flow, fixed up tests to work better * updated comments, added test that we set expiresOn properly * got confused with header and post vs get * clean up debug and test dir * add login.gov to README, remove references to my repo * forgot to remove un-needed code * can use sample_key* instead of generating your own * updated changelog * apparently golint wants comments like this * linter wants non-standard libs in a separate grouping * Update options.go Co-Authored-By: timothy-spencer <timothy.spencer@gsa.gov> * Update options.go Co-Authored-By: timothy-spencer <timothy.spencer@gsa.gov> * remove sample_key, improve comments related to client-secret, fix changelog related to PR feedback * github doesn't seem to do gofmt when merging. :-) * update CODEOWNERS * check the nonce * validate the JWT fully * forgot to add pubjwk-url to README * unexport the struct * fix up the err masking that travis found * update nonce comment by request of @JoelSpeed * argh. Thought I'd formatted the merge properly, but apparently not. * fixed test to not fail if the query time was greater than zero 2019-03-20 15:44:51 +02:00			`"math/rand"`
update to new scopes 2014-08-07 23:16:39 +03:00			`"os"`
Implement graceful shutdown and propagate request context (#468) * feature: Implement graceful shutdown Propagate the request context to the Redis client. It is possible to propagate a context cancel to Redis client if the connection is closed by the HTTP client. The redis.Cmdable cannot use WithContext, so added the Client interface to handle redis.Client and redis.ClusterClient transparently. Added handling of Unix signals to http server. Upgrade go-redis/redis to v7. * Update dependencies - Upgrade golang/x/* and google-api-go - Migrate fsnotify import from gopkg.in to github.com - Replace bmizerany/assert with stretchr/testify/assert * add doc for wrapper interface * Update CHANGELOG.md * fix: upgrade fsnotify to v1.4.9 * fix: remove unnessary logging * fix: wait until all connections have been closed * refactor: move chan to main for testing * add assert to check if stop chan is empty * add an idiomatic for sync.WaitGroup with timeout 2020-04-04 17:12:38 +02:00			`"os/signal"`
show Go version 2015-03-20 05:03:00 +02:00			`"runtime"`
Implement graceful shutdown and propagate request context (#468) * feature: Implement graceful shutdown Propagate the request context to the Redis client. It is possible to propagate a context cancel to Redis client if the connection is closed by the HTTP client. The redis.Cmdable cannot use WithContext, so added the Client interface to handle redis.Client and redis.ClusterClient transparently. Added handling of Unix signals to http server. Upgrade go-redis/redis to v7. * Update dependencies - Upgrade golang/x/* and google-api-go - Migrate fsnotify import from gopkg.in to github.com - Replace bmizerany/assert with stretchr/testify/assert * add doc for wrapper interface * Update CHANGELOG.md * fix: upgrade fsnotify to v1.4.9 * fix: remove unnessary logging * fix: wait until all connections have been closed * refactor: move chan to main for testing * add assert to check if stop chan is empty * add an idiomatic for sync.WaitGroup with timeout 2020-04-04 17:12:38 +02:00			`"syscall"`
always set httponly (there is no good reason not to); simplify httponly and expire flags 2014-11-08 20:26:55 +02:00			`"time"`
initial code import 2012-12-11 04:59:23 +03:00
Fix import path for v7 (#800) * fix import path for v7 find ./ -name ".go" \| xargs sed -i -e 's\|"github.com/oauth2-proxy/oauth2-proxy\|"github.com/oauth2-proxy/oauth2-proxy/v7\|' fix module path * go mod tidy * fix installation docs * update CHANGELOG * Update CHANGELOG.md Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk> Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk> 2020-09-29 18:44:42 +02:00			`"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/apis/options"`
			`"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/logger"`
			`"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/validation"`
Introduce alpha configuration loading 2020-11-09 22:17:43 +02:00			`"github.com/spf13/pflag"`
initial code import 2012-12-11 04:59:23 +03:00			`)`

			`func main() {`
Auth and standard logging with file rolling 2019-02-10 18:37:45 +02:00			`logger.SetFlags(logger.Lshortfile)`
Add config file support 2014-11-09 21:51:10 +02:00
Introduce alpha configuration loading 2020-11-09 22:17:43 +02:00			`configFlagSet := pflag.NewFlagSet("oauth2-proxy", pflag.ContinueOnError)`
			`config := configFlagSet.String("config", "", "path to config file")`
			`alphaConfig := configFlagSet.String("alpha-config", "", "path to alpha config file (use at your own risk - the structure in this config file may change between minor releases)")`
			`showVersion := configFlagSet.Bool("version", false, "print version string")`
			`configFlagSet.Parse(os.Args[1:])`
Add config file support 2014-11-09 21:51:10 +02:00
better environment parsing 2014-11-10 04:07:02 +02:00			`if *showVersion {`
Migrate to oauth2-proxy/oauth2-proxy 2020-03-29 15:54:36 +02:00			`fmt.Printf("oauth2-proxy %s (built with %s)\n", VERSION, runtime.Version())`
better environment parsing 2014-11-10 04:07:02 +02:00			`return`
			`}`

Introduce alpha configuration loading 2020-11-09 22:17:43 +02:00			`opts, err := loadConfiguration(config, alphaConfig, configFlagSet, os.Args[1:])`
Configure OAuth2 Proxy to use new upstreams package and LegacyConfig 2020-05-26 21:06:27 +02:00			`if err != nil {`
Introduce alpha configuration loading 2020-11-09 22:17:43 +02:00			`logger.Printf("ERROR: %v", err)`
Configure OAuth2 Proxy to use new upstreams package and LegacyConfig 2020-05-26 21:06:27 +02:00			`os.Exit(1)`
			`}`

Move Options and Validation to package 2020-04-13 14:50:34 +02:00			`err = validation.Validate(opts)`
initial code import 2012-12-11 04:59:23 +03:00			`if err != nil {`
Auth and standard logging with file rolling 2019-02-10 18:37:45 +02:00			`logger.Printf("%s", err)`
Add config file support 2014-11-09 21:51:10 +02:00			`os.Exit(1)`
initial code import 2012-12-11 04:59:23 +03:00			`}`
Auth and standard logging with file rolling 2019-02-10 18:37:45 +02:00
disable email validation; rename email-domain argument This adds a "*" option to --email-domain to disable email validation, and this renames `--google-apps-domain` to `--email-domain` for clarity across providers 2015-06-06 20:37:54 +02:00			`validator := NewValidator(opts.EmailDomains, opts.AuthenticatedEmailsFile)`
Initialise Session Storage in NewOAuthProxy instead of validation 2020-05-25 15:00:49 +02:00			`oauthproxy, err := NewOAuthProxy(opts, validator)`
			`if err != nil {`
Allow Logging to stdout with separate Error Log Channel (#718) * Add dedicated error logging writer * Document new errors to stdout flag * Update changelog * Thread-safe the log buffer * Address feedback * Remove duplication by adding log level * Clean up error formatting * Apply suggestions from code review Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk> 2020-08-10 12:44:08 +02:00			`logger.Errorf("ERROR: Failed to initialise OAuth2 Proxy: %v", err)`
Initialise Session Storage in NewOAuthProxy instead of validation 2020-05-25 15:00:49 +02:00			`os.Exit(1)`
			`}`
Add config file support 2014-11-09 21:51:10 +02:00
add login.gov provider (#55) * first stab at login.gov provider * fixing bugs now that I think I understand things better * fixing up dependencies * remove some debug stuff * Fixing all dependencies to point at my fork * forgot to hit save on the github rehome here * adding options for setting keys and so on, use JWT workflow instead of PKCE * forgot comma * was too aggressive with search/replace * need JWTKey to be byte array * removed custom refresh stuff * do our own custom jwt claim and store it in the normal session store * golang json types are strange * I have much to learn about golang * fix time and signing key * add http lib * fixed claims up since we don't need custom claims * add libs * forgot ioutil * forgot ioutil * moved back to pusher location * changed proxy github location back so that it builds externally, fixed up []byte stuff, removed client_secret if we are using login.gov * update dependencies * do JWTs properly * finished oidc flow, fixed up tests to work better * updated comments, added test that we set expiresOn properly * got confused with header and post vs get * clean up debug and test dir * add login.gov to README, remove references to my repo * forgot to remove un-needed code * can use sample_key* instead of generating your own * updated changelog * apparently golint wants comments like this * linter wants non-standard libs in a separate grouping * Update options.go Co-Authored-By: timothy-spencer <timothy.spencer@gsa.gov> * Update options.go Co-Authored-By: timothy-spencer <timothy.spencer@gsa.gov> * remove sample_key, improve comments related to client-secret, fix changelog related to PR feedback * github doesn't seem to do gofmt when merging. :-) * update CODEOWNERS * check the nonce * validate the JWT fully * forgot to add pubjwk-url to README * unexport the struct * fix up the err masking that travis found * update nonce comment by request of @JoelSpeed * argh. Thought I'd formatted the merge properly, but apparently not. * fixed test to not fail if the query time was greater than zero 2019-03-20 15:44:51 +02:00			`rand.Seed(time.Now().UnixNano())`

support TLS directly 2015-06-08 03:51:47 +02:00			`s := &Server{`
Integrate new header injectors with OAuth2 Proxy 2020-07-29 21:10:14 +02:00			`Handler: oauthproxy,`
support TLS directly 2015-06-08 03:51:47 +02:00			`Opts: opts,`
Implement graceful shutdown and propagate request context (#468) * feature: Implement graceful shutdown Propagate the request context to the Redis client. It is possible to propagate a context cancel to Redis client if the connection is closed by the HTTP client. The redis.Cmdable cannot use WithContext, so added the Client interface to handle redis.Client and redis.ClusterClient transparently. Added handling of Unix signals to http server. Upgrade go-redis/redis to v7. * Update dependencies - Upgrade golang/x/* and google-api-go - Migrate fsnotify import from gopkg.in to github.com - Replace bmizerany/assert with stretchr/testify/assert * add doc for wrapper interface * Update CHANGELOG.md * fix: upgrade fsnotify to v1.4.9 * fix: remove unnessary logging * fix: wait until all connections have been closed * refactor: move chan to main for testing * add assert to check if stop chan is empty * add an idiomatic for sync.WaitGroup with timeout 2020-04-04 17:12:38 +02:00			`stop: make(chan struct{}, 1),`
Added scheme parsing to http-address param Can now listen for HTTP clients on unix sockets (and any other Go-supported stream oriented network - see golang.org/pkg/net/#Listen). Default behaviour is unchanged, any http-address without a scheme is given the default of tcp. Amended the README so that the usage output is up to date. 2015-02-11 03:07:40 +02:00			`}`
Implement graceful shutdown and propagate request context (#468) * feature: Implement graceful shutdown Propagate the request context to the Redis client. It is possible to propagate a context cancel to Redis client if the connection is closed by the HTTP client. The redis.Cmdable cannot use WithContext, so added the Client interface to handle redis.Client and redis.ClusterClient transparently. Added handling of Unix signals to http server. Upgrade go-redis/redis to v7. * Update dependencies - Upgrade golang/x/* and google-api-go - Migrate fsnotify import from gopkg.in to github.com - Replace bmizerany/assert with stretchr/testify/assert * add doc for wrapper interface * Update CHANGELOG.md * fix: upgrade fsnotify to v1.4.9 * fix: remove unnessary logging * fix: wait until all connections have been closed * refactor: move chan to main for testing * add assert to check if stop chan is empty * add an idiomatic for sync.WaitGroup with timeout 2020-04-04 17:12:38 +02:00			`// Observe signals in background goroutine.`
			`go func() {`
			`sigint := make(chan os.Signal, 1)`
			`signal.Notify(sigint, os.Interrupt, syscall.SIGTERM)`
			`<-sigint`
			`s.stop <- struct{}{} // notify having caught signal`
			`}()`
support TLS directly 2015-06-08 03:51:47 +02:00			`s.ListenAndServe()`
initial code import 2012-12-11 04:59:23 +03:00			`}`
Introduce alpha configuration loading 2020-11-09 22:17:43 +02:00
			`// loadConfiguration will load in the user's configuration.`
			`// It will either load the alpha configuration (if alphaConfig is given)`
			`// or the legacy configuration.`
			`func loadConfiguration(config, alphaConfig string, extraFlags pflag.FlagSet, args []string) (options.Options, error) {`
			`if alphaConfig != "" {`
			`logger.Printf("WARNING: You are using alpha configuration. The structure in this configuration file may change without notice. You MUST remove conflicting options from your existing configuration.")`
			`return loadAlphaOptions(config, alphaConfig, extraFlags, args)`
			`}`
			`return loadLegacyOptions(config, extraFlags, args)`
			`}`

			`// loadLegacyOptions loads the old toml options using the legacy flagset`
			`// and legacy options struct.`
			`func loadLegacyOptions(config string, extraFlags pflag.FlagSet, args []string) (options.Options, error) {`
			`optionsFlagSet := options.NewLegacyFlagSet()`
			`optionsFlagSet.AddFlagSet(extraFlags)`
			`if err := optionsFlagSet.Parse(args); err != nil {`
			`return nil, fmt.Errorf("failed to parse flags: %v", err)`
			`}`

			`legacyOpts := options.NewLegacyOptions()`
			`if err := options.Load(config, optionsFlagSet, legacyOpts); err != nil {`
			`return nil, fmt.Errorf("failed to load config: %v", err)`
			`}`

			`opts, err := legacyOpts.ToOptions()`
			`if err != nil {`
			`return nil, fmt.Errorf("failed to convert config: %v", err)`
			`}`

			`return opts, nil`
			`}`

			`// loadAlphaOptions loads the old style config excluding options converted to`
			`// the new alpha format, then merges the alpha options, loaded from YAML,`
			`// into the core configuration.`
			`func loadAlphaOptions(config, alphaConfig string, extraFlags pflag.FlagSet, args []string) (options.Options, error) {`
			`opts, err := loadOptions(config, extraFlags, args)`
			`if err != nil {`
			`return nil, fmt.Errorf("failed to load core options: %v", err)`
			`}`

			`alphaOpts := &options.AlphaOptions{}`
			`if err := options.LoadYAML(alphaConfig, alphaOpts); err != nil {`
			`return nil, fmt.Errorf("failed to load alpha options: %v", err)`
			`}`

			`alphaOpts.MergeInto(opts)`
			`return opts, nil`
			`}`

			`// loadOptions loads the configuration using the old style format into the`
			`// core options.Options struct.`
			`// This means that none of the options that have been converted to alpha config`
			`// will be loaded using this method.`
			`func loadOptions(config string, extraFlags pflag.FlagSet, args []string) (options.Options, error) {`
			`optionsFlagSet := options.NewFlagSet()`
			`optionsFlagSet.AddFlagSet(extraFlags)`
			`if err := optionsFlagSet.Parse(args); err != nil {`
			`return nil, fmt.Errorf("failed to parse flags: %v", err)`
			`}`

			`opts := options.NewOptions()`
			`if err := options.Load(config, optionsFlagSet, opts); err != nil {`
			`return nil, fmt.Errorf("failed to load config: %v", err)`
			`}`

			`return opts, nil`
			`}`