oauth2-proxy/pkg/validation/sessions.go

package validation

import (
	"context"
	"fmt"
	"time"

	"github.com/oauth2-proxy/oauth2-proxy/pkg/apis/options"
	"github.com/oauth2-proxy/oauth2-proxy/pkg/encryption"
	"github.com/oauth2-proxy/oauth2-proxy/pkg/sessions/redis"
)

func validateSessionCookieMinimal(o *options.Options) []string {
	if !o.Session.Cookie.Minimal {
		return []string{}
	}

	msgs := []string{}
	if o.PassAuthorization {
		msgs = append(msgs,
			"pass_authorization_header requires oauth tokens in sessions. session_cookie_minimal cannot be set")
	}
	if o.SetAuthorization {
		msgs = append(msgs,
			"set_authorization_header requires oauth tokens in sessions. session_cookie_minimal cannot be set")
	}
	if o.PassAccessToken {
		msgs = append(msgs,
			"pass_access_token requires oauth tokens in sessions. session_cookie_minimal cannot be set")
	}
	if o.Cookie.Refresh != time.Duration(0) {
		msgs = append(msgs,
			"cookie_refresh > 0 requires oauth tokens in sessions. session_cookie_minimal cannot be set")
	}
	return msgs
}

// validateRedisSessionStore builds a Redis Client from the options and
// attempts to connect, Set, Get and Del a random health check key
func validateRedisSessionStore(o *options.Options) []string {
	if o.Session.Type != options.RedisSessionStoreType {
		return []string{}
	}

	client, err := redis.NewRedisClient(o.Session.Redis)
	if err != nil {
		return []string{fmt.Sprintf("unable to initialize a redis client: %v", err)}
	}

	nonce, err := encryption.Nonce()
	if err != nil {
		return []string{fmt.Sprintf("unable to generate a redis initialization test key: %v", err)}
	}

	key := fmt.Sprintf("%s-healthcheck-%s", o.Cookie.Name, nonce)
	return sendRedisConnectionTest(client, key, nonce)
}

func sendRedisConnectionTest(client redis.Client, key string, val string) []string {
	msgs := []string{}
	ctx := context.Background()

	err := client.Set(ctx, key, []byte(val), time.Duration(60)*time.Second)
	if err != nil {
		msgs = append(msgs, fmt.Sprintf("unable to set a redis initialization key: %v", err))
	} else {
		gval, err := client.Get(ctx, key)
		if err != nil {
			msgs = append(msgs,
				fmt.Sprintf("unable to retrieve redis initialization key: %v", err))
		}
		if string(gval) != val {
			msgs = append(msgs,
				"the retrieved redis initialization key did not match the value we set")
		}
	}

	err = client.Del(ctx, key)
	if err != nil {
		msgs = append(msgs, fmt.Sprintf("unable to delete the redis initialization key: %v", err))
	}
	return msgs
}
Add option to remove tokens from cookie sessions (#673) * Add option to remove tokens from cookie sessions * Move Minimal to be an option on CookieSession * Add sessionOptionsDefaults helper 2020-07-15 00:02:10 +02:00			`package validation`

			`import (`
Validate Redis session store health on startup 2020-08-07 00:43:01 +02:00			`"context"`
			`"fmt"`
Add option to remove tokens from cookie sessions (#673) * Add option to remove tokens from cookie sessions * Move Minimal to be an option on CookieSession * Add sessionOptionsDefaults helper 2020-07-15 00:02:10 +02:00			`"time"`

			`"github.com/oauth2-proxy/oauth2-proxy/pkg/apis/options"`
Validate Redis session store health on startup 2020-08-07 00:43:01 +02:00			`"github.com/oauth2-proxy/oauth2-proxy/pkg/encryption"`
			`"github.com/oauth2-proxy/oauth2-proxy/pkg/sessions/redis"`
Add option to remove tokens from cookie sessions (#673) * Add option to remove tokens from cookie sessions * Move Minimal to be an option on CookieSession * Add sessionOptionsDefaults helper 2020-07-15 00:02:10 +02:00			`)`

			`func validateSessionCookieMinimal(o *options.Options) []string {`
			`if !o.Session.Cookie.Minimal {`
			`return []string{}`
			`}`

			`msgs := []string{}`
			`if o.PassAuthorization {`
			`msgs = append(msgs,`
			`"pass_authorization_header requires oauth tokens in sessions. session_cookie_minimal cannot be set")`
			`}`
			`if o.SetAuthorization {`
			`msgs = append(msgs,`
			`"set_authorization_header requires oauth tokens in sessions. session_cookie_minimal cannot be set")`
			`}`
			`if o.PassAccessToken {`
			`msgs = append(msgs,`
			`"pass_access_token requires oauth tokens in sessions. session_cookie_minimal cannot be set")`
			`}`
			`if o.Cookie.Refresh != time.Duration(0) {`
			`msgs = append(msgs,`
			`"cookie_refresh > 0 requires oauth tokens in sessions. session_cookie_minimal cannot be set")`
			`}`
			`return msgs`
			`}`
Validate Redis session store health on startup 2020-08-07 00:43:01 +02:00
			`// validateRedisSessionStore builds a Redis Client from the options and`
			`// attempts to connect, Set, Get and Del a random health check key`
			`func validateRedisSessionStore(o *options.Options) []string {`
			`if o.Session.Type != options.RedisSessionStoreType {`
			`return []string{}`
			`}`

			`client, err := redis.NewRedisClient(o.Session.Redis)`
			`if err != nil {`
			`return []string{fmt.Sprintf("unable to initialize a redis client: %v", err)}`
			`}`

			`nonce, err := encryption.Nonce()`
			`if err != nil {`
			`return []string{fmt.Sprintf("unable to generate a redis initialization test key: %v", err)}`
			`}`

			`key := fmt.Sprintf("%s-healthcheck-%s", o.Cookie.Name, nonce)`
			`return sendRedisConnectionTest(client, key, nonce)`
			`}`

			`func sendRedisConnectionTest(client redis.Client, key string, val string) []string {`
			`msgs := []string{}`
			`ctx := context.Background()`

			`err := client.Set(ctx, key, []byte(val), time.Duration(60)*time.Second)`
			`if err != nil {`
			`msgs = append(msgs, fmt.Sprintf("unable to set a redis initialization key: %v", err))`
			`} else {`
			`gval, err := client.Get(ctx, key)`
			`if err != nil {`
			`msgs = append(msgs,`
			`fmt.Sprintf("unable to retrieve redis initialization key: %v", err))`
			`}`
			`if string(gval) != val {`
			`msgs = append(msgs,`
			`"the retrieved redis initialization key did not match the value we set")`
			`}`
			`}`

			`err = client.Del(ctx, key)`
			`if err != nil {`
			`msgs = append(msgs, fmt.Sprintf("unable to delete the redis initialization key: %v", err))`
			`}`
			`return msgs`
			`}`