mirror of
https://github.com/oauth2-proxy/oauth2-proxy.git
synced 2025-05-31 23:19:50 +02:00
84 lines
2.0 KiB
Go
84 lines
2.0 KiB
Go
|
package options
|
||
|
|
|
||
|
|
import (
|
||
|
|
"strings"
|
||
|
|
|
||
|
|
"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/logger"
|
||
|
|
"github.com/spf13/pflag"
|
||
|
|
)
|
||
|
|
|
||
|
|
type LegacyAuthorization struct {
|
||
|
|
SkipAuthRegex []string `flag:"skip-auth-regex" cfg:"skip_auth_regex"`
|
||
|
|
SkipAuthRoutes []string `flag:"skip-auth-route" cfg:"skip_auth_routes"`
|
||
|
|
SkipAuthPreflight bool `flag:"skip-auth-preflight" cfg:"skip_auth_preflight"`
|
||
|
|
TrustedIPs []string `flag:"trusted-ip" cfg:"trusted_ips"`
|
||
|
|
}
|
||
|
|
|
||
|
|
func legacyAuthorizationFlagSet() *pflag.FlagSet {
|
||
|
|
flagSet := pflag.NewFlagSet("authorization", pflag.ExitOnError)
|
||
|
|
|
||
|
|
return flagSet
|
||
|
|
}
|
||
|
|
|
||
|
|
func (l *LegacyAuthorization) convert() Authorization {
|
||
|
|
auth := Authorization{}
|
||
|
|
|
||
|
|
if l.SkipAuthPreflight {
|
||
|
|
auth.RequestRules = append(auth.RequestRules, AuthorizationRule{
|
||
|
|
ID: "skip-auth-preflight",
|
||
|
|
Methods: []string{"OPTIONS"},
|
||
|
|
})
|
||
|
|
}
|
||
|
|
|
||
|
|
auth.RequestRules = append(auth.RequestRules, convertSkipAuthRegex(l.SkipAuthRegex)...)
|
||
|
|
auth.RequestRules = append(auth.RequestRules, convertSkipAuthRoutes(l.SkipAuthRoutes)...)
|
||
|
|
|
||
|
|
if len(l.TrustedIPs) > 0 {
|
||
|
|
auth.RequestRules = append(auth.RequestRules, AuthorizationRule{
|
||
|
|
ID: "trusted-ips",
|
||
|
|
Policy: AllowPolicy,
|
||
|
|
IPs: l.TrustedIPs,
|
||
|
|
})
|
||
|
|
}
|
||
|
|
|
||
|
|
return auth
|
||
|
|
}
|
||
|
|
|
||
|
|
func convertSkipAuthRegex(regexes []string) []AuthorizationRule {
|
||
|
|
rules := []AuthorizationRule{}
|
||
|
|
|
||
|
|
for _, regex := range regexes {
|
||
|
|
logger.Printf("Skipping auth - Method: ALL | Path: %s", regex)
|
||
|
|
rules = append(rules, AuthorizationRule{
|
||
|
|
ID: regex,
|
||
|
|
Path: regex,
|
||
|
|
})
|
||
|
|
}
|
||
|
|
|
||
|
|
return rules
|
||
|
|
}
|
||
|
|
|
||
|
|
func convertSkipAuthRoutes(routes []string) []AuthorizationRule {
|
||
|
|
rules := []AuthorizationRule{}
|
||
|
|
|
||
|
|
for _, route := range routes {
|
||
|
|
method, path := splitMethodPath(route)
|
||
|
|
logger.Printf("Skipping auth - Method: %s | Path: %s", method, path)
|
||
|
|
rules = append(rules, AuthorizationRule{
|
||
|
|
ID: route,
|
||
|
|
Path: path,
|
||
|
|
Methods: []string{method},
|
||
|
|
})
|
||
|
|
}
|
||
|
|
|
||
|
|
return rules
|
||
|
|
}
|
||
|
|
|
||
|
|
func splitMethodPath(methodPath string) (string, string) {
|
||
|
|
parts := strings.SplitN(methodPath, "=", 2)
|
||
|
|
if len(parts) == 1 {
|
||
|
|
return "", parts[0]
|
||
|
|
}
|
||
|
|
return strings.ToUpper(parts[0]), parts[1]
|
||
|
|
}
|