mirror of
https://github.com/oauth2-proxy/oauth2-proxy.git
synced 2025-03-21 21:47:11 +02:00
Configure OAuth2 Proxy to use new upstreams package and LegacyConfig
This commit is contained in:
Joel Speed
parent
e932381ba7
commit
5dbcd73722
10
main.go
10
main.go
@ -32,13 +32,19 @@ func main() {
|
||||
return
|
||||
}
|
||||
|
||||
opts := options.NewOptions()
|
||||
err := options.Load(*config, flagSet, opts)
|
||||
legacyOpts := options.NewLegacyOptions()
|
||||
err := options.Load(*config, flagSet, legacyOpts)
|
||||
if err != nil {
|
||||
logger.Printf("ERROR: Failed to load config: %v", err)
|
||||
os.Exit(1)
|
||||
}
|
||||
|
||||
opts, err := legacyOpts.ToOptions()
|
||||
if err != nil {
|
||||
logger.Printf("ERROR: Failed to convert config: %v", err)
|
||||
os.Exit(1)
|
||||
}
|
||||
|
||||
err = validation.Validate(opts)
|
||||
if err != nil {
|
||||
logger.Printf("%s", err)
|
||||
|
||||
185
oauthproxy.go
185
oauthproxy.go
@ -2,7 +2,6 @@ package main
|
||||
|
||||
import (
|
||||
"context"
|
||||
"crypto/tls"
|
||||
b64 "encoding/base64"
|
||||
"encoding/json"
|
||||
"errors"
|
||||
@ -10,15 +9,12 @@ import (
|
||||
"html/template"
|
||||
"net"
|
||||
"net/http"
|
||||
"net/http/httputil"
|
||||
"net/url"
|
||||
"regexp"
|
||||
"strconv"
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
"github.com/coreos/go-oidc"
|
||||
"github.com/mbland/hmacauth"
|
||||
ipapi "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/ip"
|
||||
"github.com/oauth2-proxy/oauth2-proxy/pkg/apis/options"
|
||||
sessionsapi "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/sessions"
|
||||
@ -28,37 +24,17 @@ import (
|
||||
"github.com/oauth2-proxy/oauth2-proxy/pkg/ip"
|
||||
"github.com/oauth2-proxy/oauth2-proxy/pkg/logger"
|
||||
"github.com/oauth2-proxy/oauth2-proxy/pkg/sessions"
|
||||
"github.com/oauth2-proxy/oauth2-proxy/pkg/upstream"
|
||||
"github.com/oauth2-proxy/oauth2-proxy/providers"
|
||||
"github.com/yhat/wsutil"
|
||||
)
|
||||
|
||||
const (
|
||||
// SignatureHeader is the name of the request header containing the GAP Signature
|
||||
// Part of hmacauth
|
||||
SignatureHeader = "GAP-Signature"
|
||||
|
||||
httpScheme = "http"
|
||||
httpsScheme = "https"
|
||||
|
||||
applicationJSON = "application/json"
|
||||
)
|
||||
|
||||
// SignatureHeaders contains the headers to be signed by the hmac algorithm
|
||||
// Part of hmacauth
|
||||
var SignatureHeaders = []string{
|
||||
"Content-Length",
|
||||
"Content-Md5",
|
||||
"Content-Type",
|
||||
"Date",
|
||||
"Authorization",
|
||||
"X-Forwarded-User",
|
||||
"X-Forwarded-Email",
|
||||
"X-Forwarded-Preferred-User",
|
||||
"X-Forwarded-Access-Token",
|
||||
"Cookie",
|
||||
"Gap-Auth",
|
||||
}
|
||||
|
||||
var (
|
||||
// ErrNeedsLogin means the user should be redirected to the login page
|
||||
ErrNeedsLogin = errors.New("redirect to login page")
|
||||
@ -124,116 +100,6 @@ type OAuthProxy struct {
|
||||
Footer string
|
||||
}
|
||||
|
||||
// UpstreamProxy represents an upstream server to proxy to
|
||||
type UpstreamProxy struct {
|
||||
upstream string
|
||||
handler http.Handler
|
||||
wsHandler http.Handler
|
||||
auth hmacauth.HmacAuth
|
||||
}
|
||||
|
||||
// ServeHTTP proxies requests to the upstream provider while signing the
|
||||
// request headers
|
||||
func (u *UpstreamProxy) ServeHTTP(w http.ResponseWriter, r *http.Request) {
|
||||
w.Header().Set("GAP-Upstream-Address", u.upstream)
|
||||
if u.auth != nil {
|
||||
r.Header.Set("GAP-Auth", w.Header().Get("GAP-Auth"))
|
||||
u.auth.SignRequest(r)
|
||||
}
|
||||
if u.wsHandler != nil && strings.EqualFold(r.Header.Get("Connection"), "upgrade") && r.Header.Get("Upgrade") == "websocket" {
|
||||
u.wsHandler.ServeHTTP(w, r)
|
||||
} else {
|
||||
u.handler.ServeHTTP(w, r)
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
// NewReverseProxy creates a new reverse proxy for proxying requests to upstream
|
||||
// servers
|
||||
func NewReverseProxy(target *url.URL, opts *options.Options) (proxy *httputil.ReverseProxy) {
|
||||
proxy = httputil.NewSingleHostReverseProxy(target)
|
||||
proxy.FlushInterval = opts.FlushInterval
|
||||
if opts.SSLUpstreamInsecureSkipVerify {
|
||||
proxy.Transport = &http.Transport{
|
||||
TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
|
||||
}
|
||||
}
|
||||
setProxyErrorHandler(proxy, opts)
|
||||
return proxy
|
||||
}
|
||||
|
||||
func setProxyErrorHandler(proxy *httputil.ReverseProxy, opts *options.Options) {
|
||||
templates := loadTemplates(opts.CustomTemplatesDir)
|
||||
proxy.ErrorHandler = func(w http.ResponseWriter, r *http.Request, proxyErr error) {
|
||||
logger.Printf("Error proxying to upstream server: %v", proxyErr)
|
||||
w.WriteHeader(http.StatusBadGateway)
|
||||
data := struct {
|
||||
Title string
|
||||
Message string
|
||||
ProxyPrefix string
|
||||
}{
|
||||
Title: "Bad Gateway",
|
||||
Message: "Error proxying to upstream server",
|
||||
ProxyPrefix: opts.ProxyPrefix,
|
||||
}
|
||||
templates.ExecuteTemplate(w, "error.html", data)
|
||||
}
|
||||
}
|
||||
|
||||
func setProxyUpstreamHostHeader(proxy *httputil.ReverseProxy, target *url.URL) {
|
||||
director := proxy.Director
|
||||
proxy.Director = func(req *http.Request) {
|
||||
director(req)
|
||||
// use RequestURI so that we aren't unescaping encoded slashes in the request path
|
||||
req.Host = target.Host
|
||||
req.URL.Opaque = req.RequestURI
|
||||
req.URL.RawQuery = ""
|
||||
}
|
||||
}
|
||||
|
||||
func setProxyDirector(proxy *httputil.ReverseProxy) {
|
||||
director := proxy.Director
|
||||
proxy.Director = func(req *http.Request) {
|
||||
director(req)
|
||||
// use RequestURI so that we aren't unescaping encoded slashes in the request path
|
||||
req.URL.Opaque = req.RequestURI
|
||||
req.URL.RawQuery = ""
|
||||
}
|
||||
}
|
||||
|
||||
// NewFileServer creates a http.Handler to serve files from the filesystem
|
||||
func NewFileServer(path string, filesystemPath string) (proxy http.Handler) {
|
||||
return http.StripPrefix(path, http.FileServer(http.Dir(filesystemPath)))
|
||||
}
|
||||
|
||||
// NewWebSocketOrRestReverseProxy creates a reverse proxy for REST or websocket based on url
|
||||
func NewWebSocketOrRestReverseProxy(u *url.URL, opts *options.Options, auth hmacauth.HmacAuth) http.Handler {
|
||||
u.Path = ""
|
||||
proxy := NewReverseProxy(u, opts)
|
||||
if !opts.PassHostHeader {
|
||||
setProxyUpstreamHostHeader(proxy, u)
|
||||
} else {
|
||||
setProxyDirector(proxy)
|
||||
}
|
||||
|
||||
// this should give us a wss:// scheme if the url is https:// based.
|
||||
var wsProxy *wsutil.ReverseProxy
|
||||
if opts.ProxyWebSockets {
|
||||
wsScheme := "ws" + strings.TrimPrefix(u.Scheme, "http")
|
||||
wsURL := &url.URL{Scheme: wsScheme, Host: u.Host}
|
||||
wsProxy = wsutil.NewSingleHostReverseProxy(wsURL)
|
||||
if opts.SSLUpstreamInsecureSkipVerify {
|
||||
wsProxy.TLSClientConfig = &tls.Config{InsecureSkipVerify: true}
|
||||
}
|
||||
}
|
||||
return &UpstreamProxy{
|
||||
upstream: u.Host,
|
||||
handler: proxy,
|
||||
wsHandler: wsProxy,
|
||||
auth: auth,
|
||||
}
|
||||
}
|
||||
|
||||
// NewOAuthProxy creates a new instance of OAuthProxy from the options provided
|
||||
func NewOAuthProxy(opts *options.Options, validator func(string) bool) (*OAuthProxy, error) {
|
||||
sessionStore, err := sessions.NewSessionStore(&opts.Session, &opts.Cookie)
|
||||
@ -241,48 +107,13 @@ func NewOAuthProxy(opts *options.Options, validator func(string) bool) (*OAuthPr
|
||||
return nil, fmt.Errorf("error initialising session store: %v", err)
|
||||
}
|
||||
|
||||
serveMux := http.NewServeMux()
|
||||
var auth hmacauth.HmacAuth
|
||||
if sigData := opts.GetSignatureData(); sigData != nil {
|
||||
auth = hmacauth.NewHmacAuth(sigData.Hash, []byte(sigData.Key),
|
||||
SignatureHeader, SignatureHeaders)
|
||||
templates := loadTemplates(opts.CustomTemplatesDir)
|
||||
proxyErrorHandler := upstream.NewProxyErrorHandler(templates.Lookup("error.html"), opts.ProxyPrefix)
|
||||
upstreamProxy, err := upstream.NewProxy(opts.UpstreamServers, opts.GetSignatureData(), proxyErrorHandler)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("error initialising upstream proxy: %v", err)
|
||||
}
|
||||
for _, u := range opts.GetProxyURLs() {
|
||||
path := u.Path
|
||||
host := u.Host
|
||||
switch u.Scheme {
|
||||
case httpScheme, httpsScheme:
|
||||
logger.Printf("mapping path %q => upstream %q", path, u)
|
||||
proxy := NewWebSocketOrRestReverseProxy(u, opts, auth)
|
||||
serveMux.Handle(path, proxy)
|
||||
case "static":
|
||||
responseCode, err := strconv.Atoi(host)
|
||||
if err != nil {
|
||||
logger.Printf("unable to convert %q to int, use default \"200\"", host)
|
||||
responseCode = 200
|
||||
}
|
||||
|
||||
serveMux.HandleFunc(path, func(rw http.ResponseWriter, req *http.Request) {
|
||||
rw.WriteHeader(responseCode)
|
||||
fmt.Fprintf(rw, "Authenticated")
|
||||
})
|
||||
case "file":
|
||||
if u.Fragment != "" {
|
||||
path = u.Fragment
|
||||
}
|
||||
logger.Printf("mapping path %q => file system %q", path, u.Path)
|
||||
proxy := NewFileServer(path, u.Path)
|
||||
uProxy := UpstreamProxy{
|
||||
upstream: path,
|
||||
handler: proxy,
|
||||
wsHandler: nil,
|
||||
auth: nil,
|
||||
}
|
||||
serveMux.Handle(path, &uProxy)
|
||||
default:
|
||||
panic(fmt.Sprintf("unknown upstream protocol %s", u.Scheme))
|
||||
}
|
||||
}
|
||||
for _, u := range opts.GetCompiledRegex() {
|
||||
logger.Printf("compiled skip-auth-regex => %q", u)
|
||||
}
|
||||
@ -350,7 +181,7 @@ func NewOAuthProxy(opts *options.Options, validator func(string) bool) (*OAuthPr
|
||||
provider: opts.GetProvider(),
|
||||
providerNameOverride: opts.ProviderName,
|
||||
sessionStore: sessionStore,
|
||||
serveMux: serveMux,
|
||||
serveMux: upstreamProxy,
|
||||
redirectURL: redirectURL,
|
||||
whitelistDomains: opts.WhitelistDomains,
|
||||
skipAuthRegex: opts.SkipAuthRegex,
|
||||
@ -371,7 +202,7 @@ func NewOAuthProxy(opts *options.Options, validator func(string) bool) (*OAuthPr
|
||||
PassAuthorization: opts.PassAuthorization,
|
||||
PreferEmailToUser: opts.PreferEmailToUser,
|
||||
SkipProviderButton: opts.SkipProviderButton,
|
||||
templates: loadTemplates(opts.CustomTemplatesDir),
|
||||
templates: templates,
|
||||
trustedIPs: trustedIPs,
|
||||
Banner: opts.Banner,
|
||||
Footer: opts.Footer,
|
||||
|
||||
@ -8,7 +8,6 @@ import (
|
||||
"fmt"
|
||||
"io"
|
||||
"io/ioutil"
|
||||
"net"
|
||||
"net/http"
|
||||
"net/http/httptest"
|
||||
"net/url"
|
||||
@ -24,11 +23,11 @@ import (
|
||||
"github.com/oauth2-proxy/oauth2-proxy/pkg/apis/sessions"
|
||||
"github.com/oauth2-proxy/oauth2-proxy/pkg/logger"
|
||||
sessionscookie "github.com/oauth2-proxy/oauth2-proxy/pkg/sessions/cookie"
|
||||
"github.com/oauth2-proxy/oauth2-proxy/pkg/upstream"
|
||||
"github.com/oauth2-proxy/oauth2-proxy/pkg/validation"
|
||||
"github.com/oauth2-proxy/oauth2-proxy/providers"
|
||||
"github.com/stretchr/testify/assert"
|
||||
"github.com/stretchr/testify/require"
|
||||
"golang.org/x/net/websocket"
|
||||
)
|
||||
|
||||
const (
|
||||
@ -44,143 +43,6 @@ func init() {
|
||||
logger.SetFlags(logger.Lshortfile)
|
||||
}
|
||||
|
||||
type WebSocketOrRestHandler struct {
|
||||
restHandler http.Handler
|
||||
wsHandler http.Handler
|
||||
}
|
||||
|
||||
func (h *WebSocketOrRestHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
|
||||
if r.Header.Get("Upgrade") == "websocket" {
|
||||
h.wsHandler.ServeHTTP(w, r)
|
||||
} else {
|
||||
h.restHandler.ServeHTTP(w, r)
|
||||
}
|
||||
}
|
||||
|
||||
func TestWebSocketProxy(t *testing.T) {
|
||||
handler := WebSocketOrRestHandler{
|
||||
restHandler: http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
w.WriteHeader(200)
|
||||
hostname, _, _ := net.SplitHostPort(r.Host)
|
||||
_, err := w.Write([]byte(hostname))
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
}),
|
||||
wsHandler: websocket.Handler(func(ws *websocket.Conn) {
|
||||
defer func(t *testing.T) {
|
||||
if err := ws.Close(); err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
}(t)
|
||||
var data []byte
|
||||
err := websocket.Message.Receive(ws, &data)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
err = websocket.Message.Send(ws, data)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
}),
|
||||
}
|
||||
backend := httptest.NewServer(&handler)
|
||||
t.Cleanup(backend.Close)
|
||||
|
||||
backendURL, _ := url.Parse(backend.URL)
|
||||
|
||||
opts := baseTestOptions()
|
||||
var auth hmacauth.HmacAuth
|
||||
opts.PassHostHeader = true
|
||||
proxyHandler := NewWebSocketOrRestReverseProxy(backendURL, opts, auth)
|
||||
frontend := httptest.NewServer(proxyHandler)
|
||||
t.Cleanup(frontend.Close)
|
||||
|
||||
frontendURL, _ := url.Parse(frontend.URL)
|
||||
frontendWSURL := "ws://" + frontendURL.Host + "/"
|
||||
|
||||
ws, err := websocket.Dial(frontendWSURL, "", "http://localhost/")
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
request := []byte("hello, world!")
|
||||
err = websocket.Message.Send(ws, request)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
var response = make([]byte, 1024)
|
||||
err = websocket.Message.Receive(ws, &response)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
if g, e := string(request), string(response); g != e {
|
||||
t.Errorf("got body %q; expected %q", g, e)
|
||||
}
|
||||
|
||||
getReq, _ := http.NewRequest("GET", frontend.URL, nil)
|
||||
res, _ := http.DefaultClient.Do(getReq)
|
||||
bodyBytes, _ := ioutil.ReadAll(res.Body)
|
||||
backendHostname, _, _ := net.SplitHostPort(backendURL.Host)
|
||||
if g, e := string(bodyBytes), backendHostname; g != e {
|
||||
t.Errorf("got body %q; expected %q", g, e)
|
||||
}
|
||||
}
|
||||
|
||||
func TestNewReverseProxy(t *testing.T) {
|
||||
backend := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
w.WriteHeader(200)
|
||||
hostname, _, _ := net.SplitHostPort(r.Host)
|
||||
_, err := w.Write([]byte(hostname))
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
}))
|
||||
t.Cleanup(backend.Close)
|
||||
|
||||
backendURL, _ := url.Parse(backend.URL)
|
||||
backendHostname, backendPort, _ := net.SplitHostPort(backendURL.Host)
|
||||
backendHost := net.JoinHostPort(backendHostname, backendPort)
|
||||
proxyURL, _ := url.Parse(backendURL.Scheme + "://" + backendHost + "/")
|
||||
|
||||
proxyHandler := NewReverseProxy(proxyURL, &options.Options{FlushInterval: time.Second})
|
||||
setProxyUpstreamHostHeader(proxyHandler, proxyURL)
|
||||
frontend := httptest.NewServer(proxyHandler)
|
||||
t.Cleanup(frontend.Close)
|
||||
|
||||
getReq, _ := http.NewRequest("GET", frontend.URL, nil)
|
||||
res, _ := http.DefaultClient.Do(getReq)
|
||||
bodyBytes, _ := ioutil.ReadAll(res.Body)
|
||||
if g, e := string(bodyBytes), backendHostname; g != e {
|
||||
t.Errorf("got body %q; expected %q", g, e)
|
||||
}
|
||||
}
|
||||
|
||||
func TestEncodedSlashes(t *testing.T) {
|
||||
var seen string
|
||||
backend := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
w.WriteHeader(200)
|
||||
seen = r.RequestURI
|
||||
}))
|
||||
t.Cleanup(backend.Close)
|
||||
|
||||
b, _ := url.Parse(backend.URL)
|
||||
proxyHandler := NewReverseProxy(b, &options.Options{FlushInterval: time.Second})
|
||||
setProxyDirector(proxyHandler)
|
||||
frontend := httptest.NewServer(proxyHandler)
|
||||
t.Cleanup(frontend.Close)
|
||||
|
||||
f, _ := url.Parse(frontend.URL)
|
||||
encodedPath := "/a%2Fb/?c=1"
|
||||
getReq := &http.Request{URL: &url.URL{Scheme: "http", Host: f.Host, Opaque: encodedPath}}
|
||||
_, err := http.DefaultClient.Do(getReq)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
if seen != encodedPath {
|
||||
t.Errorf("got bad request %q expected %q", seen, encodedPath)
|
||||
}
|
||||
}
|
||||
|
||||
func TestRobotsTxt(t *testing.T) {
|
||||
opts := baseTestOptions()
|
||||
err := validation.Validate(opts)
|
||||
@ -562,7 +424,14 @@ func TestBasicAuthPassword(t *testing.T) {
|
||||
}
|
||||
}))
|
||||
opts := baseTestOptions()
|
||||
opts.Upstreams = append(opts.Upstreams, providerServer.URL)
|
||||
opts.UpstreamServers = options.Upstreams{
|
||||
{
|
||||
ID: providerServer.URL,
|
||||
Path: "/",
|
||||
URI: providerServer.URL,
|
||||
},
|
||||
}
|
||||
|
||||
opts.Cookie.Secure = false
|
||||
opts.PassBasicAuth = true
|
||||
opts.SetBasicAuth = true
|
||||
@ -867,7 +736,7 @@ type PassAccessTokenTest struct {
|
||||
|
||||
type PassAccessTokenTestOptions struct {
|
||||
PassAccessToken bool
|
||||
ProxyUpstream string
|
||||
ProxyUpstream options.Upstream
|
||||
}
|
||||
|
||||
func NewPassAccessTokenTest(opts PassAccessTokenTestOptions) (*PassAccessTokenTest, error) {
|
||||
@ -893,10 +762,17 @@ func NewPassAccessTokenTest(opts PassAccessTokenTestOptions) (*PassAccessTokenTe
|
||||
}))
|
||||
|
||||
patt.opts = baseTestOptions()
|
||||
patt.opts.Upstreams = append(patt.opts.Upstreams, patt.providerServer.URL)
|
||||
if opts.ProxyUpstream != "" {
|
||||
patt.opts.Upstreams = append(patt.opts.Upstreams, opts.ProxyUpstream)
|
||||
patt.opts.UpstreamServers = options.Upstreams{
|
||||
{
|
||||
ID: patt.providerServer.URL,
|
||||
Path: "/",
|
||||
URI: patt.providerServer.URL,
|
||||
},
|
||||
}
|
||||
if opts.ProxyUpstream.ID != "" {
|
||||
patt.opts.UpstreamServers = append(patt.opts.UpstreamServers, opts.ProxyUpstream)
|
||||
}
|
||||
|
||||
patt.opts.Cookie.Secure = false
|
||||
patt.opts.PassAccessToken = opts.PassAccessToken
|
||||
err := validation.Validate(patt.opts)
|
||||
@ -999,7 +875,11 @@ func TestForwardAccessTokenUpstream(t *testing.T) {
|
||||
func TestStaticProxyUpstream(t *testing.T) {
|
||||
patTest, err := NewPassAccessTokenTest(PassAccessTokenTestOptions{
|
||||
PassAccessToken: true,
|
||||
ProxyUpstream: "static://200/static-proxy",
|
||||
ProxyUpstream: options.Upstream{
|
||||
ID: "static-proxy",
|
||||
Path: "/static-proxy",
|
||||
Static: true,
|
||||
},
|
||||
})
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
@ -1572,7 +1452,13 @@ func TestAuthSkippedForPreflightRequests(t *testing.T) {
|
||||
t.Cleanup(upstream.Close)
|
||||
|
||||
opts := baseTestOptions()
|
||||
opts.Upstreams = append(opts.Upstreams, upstream.URL)
|
||||
opts.UpstreamServers = options.Upstreams{
|
||||
{
|
||||
ID: upstream.URL,
|
||||
Path: "/",
|
||||
URI: upstream.URL,
|
||||
},
|
||||
}
|
||||
opts.SkipAuthPreflight = true
|
||||
err := validation.Validate(opts)
|
||||
assert.NoError(t, err)
|
||||
@ -1641,7 +1527,13 @@ func NewSignatureTest() (*SignatureTest, error) {
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
opts.Upstreams = append(opts.Upstreams, upstream.URL)
|
||||
opts.UpstreamServers = options.Upstreams{
|
||||
{
|
||||
ID: upstream.URL,
|
||||
Path: "/",
|
||||
URI: upstream.URL,
|
||||
},
|
||||
}
|
||||
|
||||
providerHandler := func(w http.ResponseWriter, r *http.Request) {
|
||||
_, err := w.Write([]byte(`{"access_token": "my_auth_token"}`))
|
||||
@ -1716,7 +1608,7 @@ func (st *SignatureTest) MakeRequestWithExpectedKey(method, body, key string) er
|
||||
}
|
||||
// This is used by the upstream to validate the signature.
|
||||
st.authenticator.auth = hmacauth.NewHmacAuth(
|
||||
crypto.SHA1, []byte(key), SignatureHeader, SignatureHeaders)
|
||||
crypto.SHA1, []byte(key), upstream.SignatureHeader, upstream.SignatureHeaders)
|
||||
proxy.ServeHTTP(st.rw, req)
|
||||
|
||||
return nil
|
||||
@ -2110,7 +2002,13 @@ func Test_noCacheHeaders(t *testing.T) {
|
||||
t.Cleanup(upstream.Close)
|
||||
|
||||
opts := baseTestOptions()
|
||||
opts.Upstreams = []string{upstream.URL}
|
||||
opts.UpstreamServers = options.Upstreams{
|
||||
{
|
||||
ID: upstream.URL,
|
||||
Path: "/",
|
||||
URI: upstream.URL,
|
||||
},
|
||||
}
|
||||
opts.SkipAuthRegex = []string{".*"}
|
||||
err := validation.Validate(opts)
|
||||
assert.NoError(t, err)
|
||||
@ -2335,7 +2233,13 @@ func TestTrustedIPs(t *testing.T) {
|
||||
for _, tt := range tests {
|
||||
t.Run(tt.name, func(t *testing.T) {
|
||||
opts := baseTestOptions()
|
||||
opts.Upstreams = []string{"static://200"}
|
||||
opts.UpstreamServers = options.Upstreams{
|
||||
{
|
||||
ID: "static",
|
||||
Path: "/",
|
||||
Static: true,
|
||||
},
|
||||
}
|
||||
opts.TrustedIPs = tt.trustedIPs
|
||||
opts.ReverseProxy = tt.reverseProxy
|
||||
opts.RealClientIPHeader = tt.realClientIPHeader
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user