1
0
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git synced 2024-11-30 09:16:52 +02:00
oauth2-proxy/main.go

168 lines
5.3 KiB
Go
Raw Normal View History

2012-12-11 04:59:23 +03:00
package main
import (
2012-12-17 21:38:33 +03:00
"fmt"
add login.gov provider (#55) * first stab at login.gov provider * fixing bugs now that I think I understand things better * fixing up dependencies * remove some debug stuff * Fixing all dependencies to point at my fork * forgot to hit save on the github rehome here * adding options for setting keys and so on, use JWT workflow instead of PKCE * forgot comma * was too aggressive with search/replace * need JWTKey to be byte array * removed custom refresh stuff * do our own custom jwt claim and store it in the normal session store * golang json types are strange * I have much to learn about golang * fix time and signing key * add http lib * fixed claims up since we don't need custom claims * add libs * forgot ioutil * forgot ioutil * moved back to pusher location * changed proxy github location back so that it builds externally, fixed up []byte stuff, removed client_secret if we are using login.gov * update dependencies * do JWTs properly * finished oidc flow, fixed up tests to work better * updated comments, added test that we set expiresOn properly * got confused with header and post vs get * clean up debug and test dir * add login.gov to README, remove references to my repo * forgot to remove un-needed code * can use sample_key* instead of generating your own * updated changelog * apparently golint wants comments like this * linter wants non-standard libs in a separate grouping * Update options.go Co-Authored-By: timothy-spencer <timothy.spencer@gsa.gov> * Update options.go Co-Authored-By: timothy-spencer <timothy.spencer@gsa.gov> * remove sample_key, improve comments related to client-secret, fix changelog related to PR feedback * github doesn't seem to do gofmt when merging. :-) * update CODEOWNERS * check the nonce * validate the JWT fully * forgot to add pubjwk-url to README * unexport the struct * fix up the err masking that travis found * update nonce comment by request of @JoelSpeed * argh. Thought I'd formatted the merge properly, but apparently not. * fixed test to not fail if the query time was greater than zero
2019-03-20 15:44:51 +02:00
"math/rand"
2014-08-07 23:16:39 +03:00
"os"
"os/signal"
2015-03-20 05:03:00 +02:00
"runtime"
"syscall"
"time"
2012-12-11 04:59:23 +03:00
"github.com/ghodss/yaml"
"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/apis/options"
"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/logger"
"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/validation"
2020-11-09 22:17:43 +02:00
"github.com/spf13/pflag"
2012-12-11 04:59:23 +03:00
)
func main() {
logger.SetFlags(logger.Lshortfile)
2014-11-09 21:51:10 +02:00
2020-11-09 22:17:43 +02:00
configFlagSet := pflag.NewFlagSet("oauth2-proxy", pflag.ContinueOnError)
config := configFlagSet.String("config", "", "path to config file")
alphaConfig := configFlagSet.String("alpha-config", "", "path to alpha config file (use at your own risk - the structure in this config file may change between minor releases)")
convertConfig := configFlagSet.Bool("convert-config-to-alpha", false, "if true, the proxy will load configuration as normal and convert existing configuration to the alpha config structure, and print it to stdout")
2020-11-09 22:17:43 +02:00
showVersion := configFlagSet.Bool("version", false, "print version string")
configFlagSet.Parse(os.Args[1:])
2014-11-09 21:51:10 +02:00
2014-11-10 04:07:02 +02:00
if *showVersion {
2020-03-29 15:54:36 +02:00
fmt.Printf("oauth2-proxy %s (built with %s)\n", VERSION, runtime.Version())
2014-11-10 04:07:02 +02:00
return
}
if *convertConfig && *alphaConfig != "" {
logger.Fatal("cannot use alpha-config and conver-config-to-alpha together")
}
2020-11-09 22:17:43 +02:00
opts, err := loadConfiguration(*config, *alphaConfig, configFlagSet, os.Args[1:])
if err != nil {
2020-11-09 22:17:43 +02:00
logger.Printf("ERROR: %v", err)
os.Exit(1)
}
if *convertConfig {
if err := printConvertedConfig(opts); err != nil {
logger.Fatalf("ERROR: could not convert config: %v", err)
}
return
}
2020-04-13 14:50:34 +02:00
err = validation.Validate(opts)
2012-12-11 04:59:23 +03:00
if err != nil {
logger.Printf("%s", err)
2014-11-09 21:51:10 +02:00
os.Exit(1)
2012-12-11 04:59:23 +03:00
}
validator := NewValidator(opts.EmailDomains, opts.AuthenticatedEmailsFile)
oauthproxy, err := NewOAuthProxy(opts, validator)
if err != nil {
logger.Errorf("ERROR: Failed to initialise OAuth2 Proxy: %v", err)
os.Exit(1)
}
2014-11-09 21:51:10 +02:00
add login.gov provider (#55) * first stab at login.gov provider * fixing bugs now that I think I understand things better * fixing up dependencies * remove some debug stuff * Fixing all dependencies to point at my fork * forgot to hit save on the github rehome here * adding options for setting keys and so on, use JWT workflow instead of PKCE * forgot comma * was too aggressive with search/replace * need JWTKey to be byte array * removed custom refresh stuff * do our own custom jwt claim and store it in the normal session store * golang json types are strange * I have much to learn about golang * fix time and signing key * add http lib * fixed claims up since we don't need custom claims * add libs * forgot ioutil * forgot ioutil * moved back to pusher location * changed proxy github location back so that it builds externally, fixed up []byte stuff, removed client_secret if we are using login.gov * update dependencies * do JWTs properly * finished oidc flow, fixed up tests to work better * updated comments, added test that we set expiresOn properly * got confused with header and post vs get * clean up debug and test dir * add login.gov to README, remove references to my repo * forgot to remove un-needed code * can use sample_key* instead of generating your own * updated changelog * apparently golint wants comments like this * linter wants non-standard libs in a separate grouping * Update options.go Co-Authored-By: timothy-spencer <timothy.spencer@gsa.gov> * Update options.go Co-Authored-By: timothy-spencer <timothy.spencer@gsa.gov> * remove sample_key, improve comments related to client-secret, fix changelog related to PR feedback * github doesn't seem to do gofmt when merging. :-) * update CODEOWNERS * check the nonce * validate the JWT fully * forgot to add pubjwk-url to README * unexport the struct * fix up the err masking that travis found * update nonce comment by request of @JoelSpeed * argh. Thought I'd formatted the merge properly, but apparently not. * fixed test to not fail if the query time was greater than zero
2019-03-20 15:44:51 +02:00
rand.Seed(time.Now().UnixNano())
2015-06-08 03:51:47 +02:00
s := &Server{
Handler: oauthproxy,
2015-06-08 03:51:47 +02:00
Opts: opts,
stop: make(chan struct{}, 1),
}
// Observe signals in background goroutine.
go func() {
sigint := make(chan os.Signal, 1)
signal.Notify(sigint, os.Interrupt, syscall.SIGTERM)
<-sigint
s.stop <- struct{}{} // notify having caught signal
}()
2015-06-08 03:51:47 +02:00
s.ListenAndServe()
2012-12-11 04:59:23 +03:00
}
2020-11-09 22:17:43 +02:00
// loadConfiguration will load in the user's configuration.
// It will either load the alpha configuration (if alphaConfig is given)
// or the legacy configuration.
func loadConfiguration(config, alphaConfig string, extraFlags *pflag.FlagSet, args []string) (*options.Options, error) {
if alphaConfig != "" {
logger.Printf("WARNING: You are using alpha configuration. The structure in this configuration file may change without notice. You MUST remove conflicting options from your existing configuration.")
return loadAlphaOptions(config, alphaConfig, extraFlags, args)
}
return loadLegacyOptions(config, extraFlags, args)
}
// loadLegacyOptions loads the old toml options using the legacy flagset
// and legacy options struct.
func loadLegacyOptions(config string, extraFlags *pflag.FlagSet, args []string) (*options.Options, error) {
optionsFlagSet := options.NewLegacyFlagSet()
optionsFlagSet.AddFlagSet(extraFlags)
if err := optionsFlagSet.Parse(args); err != nil {
return nil, fmt.Errorf("failed to parse flags: %v", err)
}
legacyOpts := options.NewLegacyOptions()
if err := options.Load(config, optionsFlagSet, legacyOpts); err != nil {
return nil, fmt.Errorf("failed to load config: %v", err)
}
opts, err := legacyOpts.ToOptions()
if err != nil {
return nil, fmt.Errorf("failed to convert config: %v", err)
}
return opts, nil
}
// loadAlphaOptions loads the old style config excluding options converted to
// the new alpha format, then merges the alpha options, loaded from YAML,
// into the core configuration.
func loadAlphaOptions(config, alphaConfig string, extraFlags *pflag.FlagSet, args []string) (*options.Options, error) {
opts, err := loadOptions(config, extraFlags, args)
if err != nil {
return nil, fmt.Errorf("failed to load core options: %v", err)
}
alphaOpts := &options.AlphaOptions{}
if err := options.LoadYAML(alphaConfig, alphaOpts); err != nil {
return nil, fmt.Errorf("failed to load alpha options: %v", err)
}
alphaOpts.MergeInto(opts)
return opts, nil
}
// loadOptions loads the configuration using the old style format into the
// core options.Options struct.
// This means that none of the options that have been converted to alpha config
// will be loaded using this method.
func loadOptions(config string, extraFlags *pflag.FlagSet, args []string) (*options.Options, error) {
optionsFlagSet := options.NewFlagSet()
optionsFlagSet.AddFlagSet(extraFlags)
if err := optionsFlagSet.Parse(args); err != nil {
return nil, fmt.Errorf("failed to parse flags: %v", err)
}
opts := options.NewOptions()
if err := options.Load(config, optionsFlagSet, opts); err != nil {
return nil, fmt.Errorf("failed to load config: %v", err)
}
return opts, nil
}
// printConvertedConfig extracts alpha options from the loaded configuration
// and renders these to stdout in YAML format.
func printConvertedConfig(opts *options.Options) error {
alphaConfig := &options.AlphaOptions{}
alphaConfig.ExtractFrom(opts)
data, err := yaml.Marshal(alphaConfig)
if err != nil {
return fmt.Errorf("unable to marshal config: %v", err)
}
if _, err := os.Stdout.Write(data); err != nil {
return fmt.Errorf("unable to write output: %v", err)
}
return nil
}