You've already forked oauth2-proxy
mirror of
https://github.com/oauth2-proxy/oauth2-proxy.git
synced 2025-06-21 00:29:44 +02:00
Fixup main
This commit is contained in:
Joel Speed
@ -6,7 +6,7 @@ import (
|
||||
)
|
||||
|
||||
var (
|
||||
infoLogger = klog.V(logger.CoreInfo)
|
||||
debugLogger = klog.V(logger.CoreDebug)
|
||||
traceLogger = klog.V(logger.CoreTrace)
|
||||
infoLogger = func() klog.Verbose { return klog.V(logger.CoreInfo) }
|
||||
debugLogger = func() klog.Verbose { return klog.V(logger.CoreDebug) }
|
||||
traceLogger = func() klog.Verbose { return klog.V(logger.CoreTrace) }
|
||||
)
|
||||
|
||||
13
main.go
13
main.go
@ -52,12 +52,12 @@ func main() {
|
||||
// When running with trace logging, start by logging the observed config.
|
||||
// This will help users to determine if they have configured the proxy correctly.
|
||||
// NOTE: This data is not scrubbed and may contain secrets!
|
||||
if traceLogger.Enabled() {
|
||||
if traceLogger().Enabled() {
|
||||
config, err := json.Marshal(opts)
|
||||
if err != nil {
|
||||
klog.Fatalf("ERROR: %v", err)
|
||||
}
|
||||
traceLogger.Infof("Observed configuration: %s", string(config))
|
||||
traceLogger().Infof("Observed configuration: %s", string(config))
|
||||
}
|
||||
|
||||
if *convertConfig {
|
||||
@ -199,4 +199,13 @@ func configureKlog(logLevel int) {
|
||||
}
|
||||
klog.SetOutput(logger.StdKlogErrorLogger)
|
||||
klog.SetOutputBySeverity("INFO", logger.StdKlogInfoLogger)
|
||||
|
||||
klog.V(1).Infof("Klog level 1")
|
||||
klog.V(2).Infof("Klog level 2")
|
||||
klog.V(3).Infof("Klog level 3")
|
||||
klog.V(4).Infof("Klog level 4")
|
||||
klog.V(5).Infof("Klog level 5")
|
||||
klog.V(6).Infof("Klog level 6")
|
||||
klog.V(7).Infof("Klog level 7")
|
||||
klog.V(8).Infof("Klog level 8")
|
||||
}
|
||||
|
||||
@ -106,7 +106,7 @@ func NewOAuthProxy(opts *options.Options, validator func(string) bool) (*OAuthPr
|
||||
|
||||
var basicAuthValidator basic.Validator
|
||||
if opts.HtpasswdFile != "" {
|
||||
infoLogger.Infof("using htpasswd file: %s", opts.HtpasswdFile)
|
||||
infoLogger().Infof("using htpasswd file: %s", opts.HtpasswdFile)
|
||||
var err error
|
||||
basicAuthValidator, err = basic.NewHTPasswdValidator(opts.HtpasswdFile)
|
||||
if err != nil {
|
||||
@ -135,9 +135,9 @@ func NewOAuthProxy(opts *options.Options, validator func(string) bool) (*OAuthPr
|
||||
}
|
||||
|
||||
if opts.SkipJwtBearerTokens {
|
||||
infoLogger.Infof("Skipping JWT tokens from configured OIDC issuer: %q", opts.Providers[0].OIDCConfig.IssuerURL)
|
||||
infoLogger().Infof("Skipping JWT tokens from configured OIDC issuer: %q", opts.Providers[0].OIDCConfig.IssuerURL)
|
||||
for _, issuer := range opts.ExtraJwtIssuers {
|
||||
infoLogger.Infof("Skipping JWT tokens from extra JWT issuer: %q", issuer)
|
||||
infoLogger().Infof("Skipping JWT tokens from extra JWT issuer: %q", issuer)
|
||||
}
|
||||
}
|
||||
redirectURL := opts.GetRedirectURL()
|
||||
@ -145,13 +145,13 @@ func NewOAuthProxy(opts *options.Options, validator func(string) bool) (*OAuthPr
|
||||
redirectURL.Path = fmt.Sprintf("%s/callback", opts.ProxyPrefix)
|
||||
}
|
||||
|
||||
infoLogger.Infof("OAuthProxy configured for %s Client ID: %s", opts.GetProvider().Data().ProviderName, opts.Providers[0].ClientID)
|
||||
infoLogger().Infof("OAuthProxy configured for %s Client ID: %s", opts.GetProvider().Data().ProviderName, opts.Providers[0].ClientID)
|
||||
refresh := "disabled"
|
||||
if opts.Cookie.Refresh != time.Duration(0) {
|
||||
refresh = fmt.Sprintf("after %s", opts.Cookie.Refresh)
|
||||
}
|
||||
|
||||
infoLogger.Infof("Cookie settings: name:%s secure(https):%v httponly:%v expiry:%s domains:%s path:%s samesite:%s refresh:%s", opts.Cookie.Name, opts.Cookie.Secure, opts.Cookie.HTTPOnly, opts.Cookie.Expire, strings.Join(opts.Cookie.Domains, ","), opts.Cookie.Path, opts.Cookie.SameSite, refresh)
|
||||
infoLogger().Infof("Cookie settings: name:%s secure(https):%v httponly:%v expiry:%s domains:%s path:%s samesite:%s refresh:%s", opts.Cookie.Name, opts.Cookie.Secure, opts.Cookie.HTTPOnly, opts.Cookie.Expire, strings.Join(opts.Cookie.Domains, ","), opts.Cookie.Path, opts.Cookie.SameSite, refresh)
|
||||
|
||||
trustedIPs := ip.NewNetSet()
|
||||
for _, ipStr := range opts.TrustedIPs {
|
||||
@ -425,7 +425,7 @@ func buildRoutesAllowlist(opts *options.Options) ([]allowedRoute, error) {
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
infoLogger.Infof("Skipping auth - Method: ALL | Path: %s", path)
|
||||
infoLogger().Infof("Skipping auth - Method: ALL | Path: %s", path)
|
||||
routes = append(routes, allowedRoute{
|
||||
method: "",
|
||||
pathRegex: compiledRegex,
|
||||
@ -451,7 +451,7 @@ func buildRoutesAllowlist(opts *options.Options) ([]allowedRoute, error) {
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
infoLogger.Infof("Skipping auth - Method: %s | Path: %s", method, path)
|
||||
infoLogger().Infof("Skipping auth - Method: %s | Path: %s", method, path)
|
||||
routes = append(routes, allowedRoute{
|
||||
method: method,
|
||||
pathRegex: compiledRegex,
|
||||
@ -491,7 +491,7 @@ func (p *OAuthProxy) ErrorPage(rw http.ResponseWriter, req *http.Request, code i
|
||||
redirectURL = "/"
|
||||
}
|
||||
|
||||
debugLogger.Infof("Rendering error page (status %d) for application error: %v", code, appError)
|
||||
debugLogger().Infof("Rendering error page (status %d) for application error: %v", code, appError)
|
||||
|
||||
scope := middlewareapi.GetRequestScope(req)
|
||||
p.pageWriter.WriteErrorPage(rw, pagewriter.ErrorPageOpts{
|
||||
@ -507,7 +507,7 @@ func (p *OAuthProxy) ErrorPage(rw http.ResponseWriter, req *http.Request, code i
|
||||
func (p *OAuthProxy) IsAllowedRequest(req *http.Request) bool {
|
||||
isPreflightRequestAllowed := p.skipAuthPreflight && req.Method == "OPTIONS"
|
||||
if isPreflightRequestAllowed {
|
||||
traceLogger.Infof("Request %s: Allowed as preflight request", middlewareapi.GetRequestScope(req).RequestID)
|
||||
traceLogger().Infof("Request %s: Allowed as preflight request", middlewareapi.GetRequestScope(req).RequestID)
|
||||
}
|
||||
return isPreflightRequestAllowed || p.isAllowedRoute(req) || p.isTrustedIP(req)
|
||||
}
|
||||
@ -516,7 +516,7 @@ func (p *OAuthProxy) IsAllowedRequest(req *http.Request) bool {
|
||||
func (p *OAuthProxy) isAllowedRoute(req *http.Request) bool {
|
||||
for _, route := range p.allowedRoutes {
|
||||
if (route.method == "" || req.Method == route.method) && route.pathRegex.MatchString(req.URL.Path) {
|
||||
traceLogger.Infof("Request %s: Allowed by route match", middlewareapi.GetRequestScope(req).RequestID)
|
||||
traceLogger().Infof("Request %s: Allowed by route match", middlewareapi.GetRequestScope(req).RequestID)
|
||||
return true
|
||||
}
|
||||
}
|
||||
@ -541,7 +541,7 @@ func (p *OAuthProxy) isTrustedIP(req *http.Request) bool {
|
||||
}
|
||||
|
||||
if p.trustedIPs.Has(remoteAddr) {
|
||||
traceLogger.Infof("Request %s: allowed by trusted IP", middlewareapi.GetRequestScope(req).RequestID)
|
||||
traceLogger().Infof("Request %s: allowed by trusted IP", middlewareapi.GetRequestScope(req).RequestID)
|
||||
return true
|
||||
}
|
||||
return false
|
||||
@ -767,7 +767,7 @@ func (p *OAuthProxy) OAuthCallback(rw http.ResponseWriter, req *http.Request) {
|
||||
p.provider.ValidateSession(req.Context(), session)
|
||||
|
||||
if !p.redirectValidator.IsValidRedirect(appRedirect) {
|
||||
debugLogger.Infof("Request %s: Rejected invalid redirect: %s", middlewareapi.GetRequestScope(req).RequestID, appRedirect)
|
||||
debugLogger().Infof("Request %s: Rejected invalid redirect: %s", middlewareapi.GetRequestScope(req).RequestID, appRedirect)
|
||||
appRedirect = "/"
|
||||
}
|
||||
|
||||
|
||||
@ -25,7 +25,7 @@ func NewUserMap(usersFile string, done <-chan bool, onUpdate func()) *UserMap {
|
||||
m := make(map[string]bool)
|
||||
atomic.StorePointer(&um.m, unsafe.Pointer(&m)) // #nosec G103
|
||||
if usersFile != "" {
|
||||
infoLogger.Infof("Using authenticated emails file %s", usersFile)
|
||||
infoLogger().Infof("Using authenticated emails file %s", usersFile)
|
||||
WatchForUpdates(usersFile, done, func() {
|
||||
um.LoadAuthenticatedEmailsFile()
|
||||
onUpdate()
|
||||
|
||||
@ -26,7 +26,7 @@ func WaitForReplacement(filename string, op fsnotify.Op,
|
||||
for {
|
||||
if _, err := os.Stat(filename); err == nil {
|
||||
if err := watcher.Add(filename); err == nil {
|
||||
infoLogger.Infof("watching resumed for %s", filename)
|
||||
infoLogger().Infof("watching resumed for %s", filename)
|
||||
return
|
||||
}
|
||||
}
|
||||
@ -51,7 +51,7 @@ func WatchForUpdates(filename string, done <-chan bool, action func()) {
|
||||
for {
|
||||
select {
|
||||
case <-done:
|
||||
infoLogger.Infof("Shutting down watcher for: %s", filename)
|
||||
infoLogger().Infof("Shutting down watcher for: %s", filename)
|
||||
return
|
||||
case event := <-watcher.Events:
|
||||
// On Arch Linux, it appears Chmod events precede Remove events,
|
||||
@ -60,7 +60,7 @@ func WatchForUpdates(filename string, done <-chan bool, action func()) {
|
||||
// UserMap.LoadAuthenticatedEmailsFile()) crashes when the file
|
||||
// can't be opened.
|
||||
if event.Op&(fsnotify.Remove|fsnotify.Rename|fsnotify.Chmod) != 0 {
|
||||
infoLogger.Infof("Watching interrupted on event: %s", event)
|
||||
infoLogger().Infof("Watching interrupted on event: %s", event)
|
||||
err = watcher.Remove(filename)
|
||||
if err != nil {
|
||||
klog.Errorf("error removing watcher on %s: %v", filename, err)
|
||||
@ -77,5 +77,5 @@ func WatchForUpdates(filename string, done <-chan bool, action func()) {
|
||||
if err = watcher.Add(filename); err != nil {
|
||||
klog.Fatalf("Failed to add %s to watcher: %v", filename, err)
|
||||
}
|
||||
infoLogger.Infof("Watching %s for updates", filename)
|
||||
infoLogger().Infof("Watching %s for updates", filename)
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user