go/oauth2-proxy
1
0
Fork 0
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git synced 2025-04-27 12:32:10 +02:00
Code Issues Releases Activity

feat: Replace default Go user-agent with oauth2-proxy and version (#2570)

Browse Source 
* feat: Replace default Go user-agent with oauth2-proxy and version

* Add to CHANGELOG

* Make userAgentTransport configurable and composable

* Use correct naming convention for DefaultHTTPClient

* Move version to own package and use named arguments

* Update version path in Makefile

* Fix import path in Makefile

* Change importpath in dist.sh

* Minor style issues
This commit is contained in:
Jacob Middag 2024-07-14 22:09:17 +02:00 committed by GitHub
parent 45ec12bcae
commit 3045392c17
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
11 changed files with 54 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG.md
View File

@ -10,6 +10,7 @@
- [#2539](https://github.com/oauth2-proxy/oauth2-proxy/pull/2539) pkg/http: Fix leaky test (@isodude) - [#2539](https://github.com/oauth2-proxy/oauth2-proxy/pull/2539) pkg/http: Fix leaky test (@isodude)
- [#4917](https://github.com/oauth2-proxy/oauth2-proxy/pull/4917) Upgraded all modules to the latest version (@pierluigilenoci) - [#4917](https://github.com/oauth2-proxy/oauth2-proxy/pull/4917) Upgraded all modules to the latest version (@pierluigilenoci)
- [#2570](https://github.com/oauth2-proxy/oauth2-proxy/pull/2570) Set default user agent to oauth2-proxy/$version (from default Golang one)
# V7.6.0 # V7.6.0

2
Makefile
View File

@ -40,7 +40,7 @@ lint: validate-go-version
build: validate-go-version clean $(BINARY) build: validate-go-version clean $(BINARY)
$(BINARY): $(BINARY):
CGO_ENABLED=0 $(GO) build -a -installsuffix cgo -ldflags="-X main.VERSION=${VERSION}" -o $@ github.com/oauth2-proxy/oauth2-proxy/v7 CGO_ENABLED=0 $(GO) build -a -installsuffix cgo -ldflags="-X github.com/oauth2-proxy/oauth2-proxy/v7/pkg/version.VERSION=${VERSION}" -o $@ github.com/oauth2-proxy/oauth2-proxy/v7
DOCKER_BUILD_PLATFORM ?= linux/amd64,linux/arm64,linux/ppc64le,linux/arm/v7 DOCKER_BUILD_PLATFORM ?= linux/amd64,linux/arm64,linux/ppc64le,linux/arm/v7
DOCKER_BUILD_RUNTIME_IMAGE ?= gcr.io/distroless/static:nonroot DOCKER_BUILD_RUNTIME_IMAGE ?= gcr.io/distroless/static:nonroot

6
dist.sh
View File

@ -32,10 +32,12 @@ for ARCH in "${ARCHS[@]}"; do
# Create architecture specific binaries # Create architecture specific binaries
if [[ ${GO_ARCH} == armv* ]]; then if [[ ${GO_ARCH} == armv* ]]; then
GO_ARM=$(echo $GO_ARCH | awk -Fv '{print $2}') GO_ARM=$(echo $GO_ARCH | awk -Fv '{print $2}')
GO111MODULE=on GOOS=${GO_OS} GOARCH=arm GOARM=${GO_ARM} CGO_ENABLED=0 go build -ldflags="-X main.VERSION=${VERSION}" \ GO111MODULE=on GOOS=${GO_OS} GOARCH=arm GOARM=${GO_ARM} CGO_ENABLED=0 go build \
-ldflags="-X github.com/oauth2-proxy/oauth2-proxy/v7/pkg/version.VERSION=${VERSION}" \
-o release/${BINARY}-${VERSION}.${ARCH}/${BINARY} . -o release/${BINARY}-${VERSION}.${ARCH}/${BINARY} .
else else
GO111MODULE=on GOOS=${GO_OS} GOARCH=${GO_ARCH} CGO_ENABLED=0 go build -ldflags="-X main.VERSION=${VERSION}" \ GO111MODULE=on GOOS=${GO_OS} GOARCH=${GO_ARCH} CGO_ENABLED=0 go build \
-ldflags="-X github.com/oauth2-proxy/oauth2-proxy/v7/pkg/version.VERSION=${VERSION}" \
-o release/${BINARY}-${VERSION}.${ARCH}/${BINARY} . -o release/${BINARY}-${VERSION}.${ARCH}/${BINARY} .
fi fi

3
main.go
View File

@ -9,6 +9,7 @@ import (
"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/apis/options" "github.com/oauth2-proxy/oauth2-proxy/v7/pkg/apis/options"
"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/logger" "github.com/oauth2-proxy/oauth2-proxy/v7/pkg/logger"
"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/validation" "github.com/oauth2-proxy/oauth2-proxy/v7/pkg/validation"
"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/version"
"github.com/spf13/pflag" "github.com/spf13/pflag"
) )
@ -28,7 +29,7 @@ func main() {
configFlagSet.Parse(os.Args[1:]) configFlagSet.Parse(os.Args[1:])
if *showVersion { if *showVersion {
fmt.Printf("oauth2-proxy %s (built with %s)\n", VERSION, runtime.Version()) fmt.Printf("oauth2-proxy %s (built with %s)\n", version.VERSION, runtime.Version())
return return
} }

3
oauthproxy.go
View File

@ -30,6 +30,7 @@ import (
"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/encryption" "github.com/oauth2-proxy/oauth2-proxy/v7/pkg/encryption"
proxyhttp "github.com/oauth2-proxy/oauth2-proxy/v7/pkg/http" proxyhttp "github.com/oauth2-proxy/oauth2-proxy/v7/pkg/http"
"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/util" "github.com/oauth2-proxy/oauth2-proxy/v7/pkg/util"
"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/version"
"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/ip" "github.com/oauth2-proxy/oauth2-proxy/v7/pkg/ip"
"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/logger" "github.com/oauth2-proxy/oauth2-proxy/v7/pkg/logger"
@ -142,7 +143,7 @@ func NewOAuthProxy(opts *options.Options, validator func(string) bool) (*OAuthPr
CustomLogo: opts.Templates.CustomLogo, CustomLogo: opts.Templates.CustomLogo,
ProxyPrefix: opts.ProxyPrefix, ProxyPrefix: opts.ProxyPrefix,
Footer: opts.Templates.Footer, Footer: opts.Templates.Footer,
Version: VERSION, Version: version.VERSION,
Debug: opts.Templates.Debug, Debug: opts.Templates.Debug,
ProviderName: buildProviderName(provider, opts.Providers[0].Name), ProviderName: buildProviderName(provider, opts.Providers[0].Name),
SignInMessage: buildSignInMessage(opts), SignInMessage: buildSignInMessage(opts),

2
pkg/providers/oidc/provider_verifier.go
View File

@ -6,6 +6,7 @@ import (
"fmt" "fmt"
"github.com/coreos/go-oidc/v3/oidc" "github.com/coreos/go-oidc/v3/oidc"
"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/requests"
k8serrors "k8s.io/apimachinery/pkg/util/errors" k8serrors "k8s.io/apimachinery/pkg/util/errors"
) )
@ -130,6 +131,7 @@ func getVerifierBuilder(ctx context.Context, opts ProviderVerifierOptions) (veri
// newVerifierBuilder returns a function to create a IDToken verifier from an OIDC config. // newVerifierBuilder returns a function to create a IDToken verifier from an OIDC config.
func newVerifierBuilder(ctx context.Context, issuerURL, jwksURL string, supportedSigningAlgs []string) verifierBuilder { func newVerifierBuilder(ctx context.Context, issuerURL, jwksURL string, supportedSigningAlgs []string) verifierBuilder {
ctx = oidc.ClientContext(ctx, requests.DefaultHTTPClient)
keySet := oidc.NewRemoteKeySet(ctx, jwksURL) keySet := oidc.NewRemoteKeySet(ctx, jwksURL)
return func(oidcConfig *oidc.Config) *oidc.IDTokenVerifier { return func(oidcConfig *oidc.Config) *oidc.IDTokenVerifier {
if len(supportedSigningAlgs) > 0 { if len(supportedSigningAlgs) > 0 {

4
pkg/requests/builder.go
View File

@ -58,7 +58,7 @@ func (r *builder) WithMethod(method string) Builder {
// WithHeaders replaces the request header map with the given header map. // WithHeaders replaces the request header map with the given header map.
func (r *builder) WithHeaders(header http.Header) Builder { func (r *builder) WithHeaders(header http.Header) Builder {
r.header = header r.header = header.Clone()
return r return r
} }
@ -99,7 +99,7 @@ func (r *builder) do() Result {
} }
req.Header = r.header req.Header = r.header
resp, err := http.DefaultClient.Do(req) resp, err := DefaultHTTPClient.Do(req)
if err != nil { if err != nil {
r.result = &result{err: fmt.Errorf("error performing request: %v", err)} r.result = &result{err: fmt.Errorf("error performing request: %v", err)}
return r.result return r.result

4
pkg/requests/builder_test.go
View File

@ -8,6 +8,8 @@ import (
"fmt" "fmt"
"net/http" "net/http"
"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/version"
"github.com/bitly/go-simplejson" "github.com/bitly/go-simplejson"
. "github.com/onsi/ginkgo" . "github.com/onsi/ginkgo"
. "github.com/onsi/gomega" . "github.com/onsi/gomega"
@ -19,7 +21,7 @@ var _ = Describe("Builder suite", func() {
baseHeaders := http.Header{ baseHeaders := http.Header{
"Accept-Encoding": []string{"gzip"}, "Accept-Encoding": []string{"gzip"},
"User-Agent": []string{"Go-http-client/1.1"}, "User-Agent": []string{"oauth2-proxy/" + version.VERSION},
} }
BeforeEach(func() { BeforeEach(func() {

29
pkg/requests/http.go Normal file
View File

@ -0,0 +1,29 @@
package requests
import (
"net/http"
"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/version"
)
type userAgentTransport struct {
next http.RoundTripper
userAgent string
}
func (t *userAgentTransport) RoundTrip(req *http.Request) (*http.Response, error) {
r := req.Clone(req.Context())
setDefaultUserAgent(r.Header, t.userAgent)
return t.next.RoundTrip(r)
}
var DefaultHTTPClient = &http.Client{Transport: &userAgentTransport{
next: http.DefaultTransport,
userAgent: "oauth2-proxy/" + version.VERSION,
}}
func setDefaultUserAgent(header http.Header, userAgent string) {
if header != nil && len(header.Values("User-Agent")) == 0 {
header.Set("User-Agent", userAgent)
}
}

2
version.go → pkg/version/version.go
View File

@ -1,4 +1,4 @@
package main package version
// VERSION contains version information // VERSION contains version information
var VERSION = "undefined" var VERSION = "undefined"

7
providers/oidc.go
View File

@ -7,9 +7,11 @@ import (
"net/url" "net/url"
"time" "time"
"github.com/coreos/go-oidc/v3/oidc"
"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/apis/options" "github.com/oauth2-proxy/oauth2-proxy/v7/pkg/apis/options"
"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/apis/sessions" "github.com/oauth2-proxy/oauth2-proxy/v7/pkg/apis/sessions"
"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/logger" "github.com/oauth2-proxy/oauth2-proxy/v7/pkg/logger"
"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/requests"
"golang.org/x/oauth2" "golang.org/x/oauth2"
) )
@ -83,6 +85,8 @@ func (p *OIDCProvider) Redeem(ctx context.Context, redirectURL, code, codeVerifi
}, },
RedirectURL: redirectURL, RedirectURL: redirectURL,
} }
ctx = oidc.ClientContext(ctx, requests.DefaultHTTPClient)
token, err := c.Exchange(ctx, code, opts...) token, err := c.Exchange(ctx, code, opts...)
if err != nil { if err != nil {
return nil, fmt.Errorf("token exchange failed: %v", err) return nil, fmt.Errorf("token exchange failed: %v", err)
@ -103,6 +107,7 @@ func (p *OIDCProvider) EnrichSession(_ context.Context, s *sessions.SessionState
// ValidateSession checks that the session's IDToken is still valid // ValidateSession checks that the session's IDToken is still valid
func (p *OIDCProvider) ValidateSession(ctx context.Context, s *sessions.SessionState) bool { func (p *OIDCProvider) ValidateSession(ctx context.Context, s *sessions.SessionState) bool {
ctx = oidc.ClientContext(ctx, requests.DefaultHTTPClient)
_, err := p.Verifier.Verify(ctx, s.IDToken) _, err := p.Verifier.Verify(ctx, s.IDToken)
if err != nil { if err != nil {
logger.Errorf("id_token verification failed: %v", err) logger.Errorf("id_token verification failed: %v", err)
@ -127,6 +132,7 @@ func (p *OIDCProvider) RefreshSession(ctx context.Context, s *sessions.SessionSt
return false, nil return false, nil
} }
ctx = oidc.ClientContext(ctx, requests.DefaultHTTPClient)
err := p.redeemRefreshToken(ctx, s) err := p.redeemRefreshToken(ctx, s)
if err != nil { if err != nil {
return false, fmt.Errorf("unable to redeem refresh token: %v", err) return false, fmt.Errorf("unable to redeem refresh token: %v", err)
@ -185,6 +191,7 @@ func (p *OIDCProvider) redeemRefreshToken(ctx context.Context, s *sessions.Sessi
// CreateSessionFromToken converts Bearer IDTokens into sessions // CreateSessionFromToken converts Bearer IDTokens into sessions
func (p *OIDCProvider) CreateSessionFromToken(ctx context.Context, token string) (*sessions.SessionState, error) { func (p *OIDCProvider) CreateSessionFromToken(ctx context.Context, token string) (*sessions.SessionState, error) {
ctx = oidc.ClientContext(ctx, requests.DefaultHTTPClient)
idToken, err := p.Verifier.Verify(ctx, token) idToken, err := p.Verifier.Verify(ctx, token)
if err != nil { if err != nil {
return nil, err return nil, err