Rename Cookie Options to remove extra 'Cookie'

2025-07-03 01:07:02 +02:00 · 2020-04-12 14:00:59 +01:00
parent 842d764a5f
commit 458710149c
12 changed files with 175 additions and 154 deletions
--- a/options.go
+++ b/options.go
@ -64,8 +64,7 @@ type Options struct {
 	Banner                   string   `flag:"banner" cfg:"banner" env:"OAUTH2_PROXY_BANNER"`
 	Footer                   string   `flag:"footer" cfg:"footer" env:"OAUTH2_PROXY_FOOTER"`

-	// Embed CookieOptions
-	options.CookieOptions
+	Cookie options.CookieOptions

 	// Embed SessionOptions
 	options.SessionOptions
@ -158,12 +157,12 @@ func NewOptions() *Options {
 		HTTPSAddress:        ":443",
 		ForceHTTPS:          false,
 		DisplayHtpasswdForm: true,
-		CookieOptions: options.CookieOptions{
-			CookieName:     "_oauth2_proxy",
-			CookieSecure:   true,
-			CookieHTTPOnly: true,
-			CookieExpire:   time.Duration(168) * time.Hour,
-			CookieRefresh:  time.Duration(0),
+		Cookie: options.CookieOptions{
+			Name:     "_oauth2_proxy",
+			Secure:   true,
+			HTTPOnly: true,
+			Expire:   time.Duration(168) * time.Hour,
+			Refresh:  time.Duration(0),
 		},
 		SessionOptions: options.SessionOptions{
 			Type: "cookie",
@ -227,7 +226,7 @@ func (o *Options) Validate() error {
 	}

 	msgs := make([]string, 0)
-	if o.CookieSecret == "" {
+	if o.Cookie.Secret == "" {
 		msgs = append(msgs, "missing setting: cookie-secret")
 	}
 	if o.ClientID == "" {
@ -382,31 +381,31 @@ func (o *Options) Validate() error {
 	msgs = parseProviderInfo(o, msgs)

 	var cipher *encryption.Cipher
-	if o.PassAccessToken || o.SetAuthorization || o.PassAuthorization || (o.CookieRefresh != time.Duration(0)) {
+	if o.PassAccessToken || o.SetAuthorization || o.PassAuthorization || (o.Cookie.Refresh != time.Duration(0)) {
 		validCookieSecretSize := false
 		for _, i := range []int{16, 24, 32} {
-			if len(secretBytes(o.CookieSecret)) == i {
+			if len(secretBytes(o.Cookie.Secret)) == i {
 				validCookieSecretSize = true
 			}
 		}
 		var decoded bool
-		if string(secretBytes(o.CookieSecret)) != o.CookieSecret {
+		if string(secretBytes(o.Cookie.Secret)) != o.Cookie.Secret {
 			decoded = true
 		}
 		if !validCookieSecretSize {
 			var suffix string
 			if decoded {
-				suffix = fmt.Sprintf(" note: cookie secret was base64 decoded from %q", o.CookieSecret)
+				suffix = fmt.Sprintf(" note: cookie secret was base64 decoded from %q", o.Cookie.Secret)
 			}
 			msgs = append(msgs, fmt.Sprintf(
 				"cookie_secret must be 16, 24, or 32 bytes "+
 					"to create an AES cipher when "+
 					"pass_access_token == true or "+
 					"cookie_refresh != 0, but is %d bytes.%s",
-				len(secretBytes(o.CookieSecret)), suffix))
+				len(secretBytes(o.Cookie.Secret)), suffix))
 		} else {
 			var err error
-			cipher, err = encryption.NewCipher(secretBytes(o.CookieSecret))
+			cipher, err = encryption.NewCipher(secretBytes(o.Cookie.Secret))
 			if err != nil {
 				msgs = append(msgs, fmt.Sprintf("cookie-secret error: %v", err))
 			}
@ -414,19 +413,19 @@ func (o *Options) Validate() error {
 	}

 	o.SessionOptions.Cipher = cipher
-	sessionStore, err := sessions.NewSessionStore(&o.SessionOptions, &o.CookieOptions)
+	sessionStore, err := sessions.NewSessionStore(&o.SessionOptions, &o.Cookie)
 	if err != nil {
 		msgs = append(msgs, fmt.Sprintf("error initialising session storage: %v", err))
 	} else {
 		o.sessionStore = sessionStore
 	}

-	if o.CookieRefresh >= o.CookieExpire {
+	if o.Cookie.Refresh >= o.Cookie.Expire {
 		msgs = append(msgs, fmt.Sprintf(
 			"cookie_refresh (%s) must be less than "+
 				"cookie_expire (%s)",
-			o.CookieRefresh.String(),
-			o.CookieExpire.String()))
+			o.Cookie.Refresh.String(),
+			o.Cookie.Expire.String()))
 	}

 	if len(o.GoogleGroups) > 0 || o.GoogleAdminEmail != "" || o.GoogleServiceAccountJSON != "" {
@ -441,16 +440,16 @@ func (o *Options) Validate() error {
 		}
 	}

-	switch o.CookieSameSite {
+	switch o.Cookie.SameSite {
 	case "", "none", "lax", "strict":
 	default:
-		msgs = append(msgs, fmt.Sprintf("cookie_samesite (%s) must be one of ['', 'lax', 'strict', 'none']", o.CookieSameSite))
+		msgs = append(msgs, fmt.Sprintf("cookie_samesite (%s) must be one of ['', 'lax', 'strict', 'none']", o.Cookie.SameSite))
 	}

 	// Sort cookie domains by length, so that we try longer (and more specific)
 	// domains first
-	sort.Slice(o.CookieDomains, func(i, j int) bool {
-		return len(o.CookieDomains[i]) > len(o.CookieDomains[j])
+	sort.Slice(o.Cookie.Domains, func(i, j int) bool {
+		return len(o.Cookie.Domains[i]) > len(o.Cookie.Domains[j])
 	})

 	msgs = parseSignatureKey(o, msgs)
@ -627,9 +626,9 @@ func newVerifierFromJwtIssuer(jwtIssuer jwtIssuer) (*oidc.IDTokenVerifier, error
 }

 func validateCookieName(o *Options, msgs []string) []string {
-	cookie := &http.Cookie{Name: o.CookieName}
+	cookie := &http.Cookie{Name: o.Cookie.Name}
 	if cookie.String() == "" {
-		return append(msgs, fmt.Sprintf("invalid cookie name: %q", o.CookieName))
+		return append(msgs, fmt.Sprintf("invalid cookie name: %q", o.Cookie.Name))
 	}
 	return msgs
 }