1
0
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git synced 2025-01-08 04:03:58 +02:00

Move template options to their own struct

This commit is contained in:
Joel Speed 2021-02-06 17:40:51 +00:00 committed by Joel Speed
parent 801edeba23
commit 84f76c6060
No known key found for this signature in database
GPG Key ID: 6E80578D6751DEFB
3 changed files with 64 additions and 26 deletions

View File

@ -116,7 +116,7 @@ func NewOAuthProxy(opts *options.Options, validator func(string) bool) (*OAuthPr
return nil, fmt.Errorf("error initialising session store: %v", err)
}
templates := loadTemplates(opts.CustomTemplatesDir)
templates := loadTemplates(opts.Templates.Path)
proxyErrorHandler := upstream.NewProxyErrorHandler(templates.Lookup("error.html"), opts.ProxyPrefix)
upstreamProxy, err := upstream.NewProxy(opts.UpstreamServers, opts.GetSignatureData(), proxyErrorHandler)
if err != nil {
@ -211,12 +211,12 @@ func NewOAuthProxy(opts *options.Options, validator func(string) bool) (*OAuthPr
SkipProviderButton: opts.SkipProviderButton,
templates: templates,
trustedIPs: trustedIPs,
Banner: opts.Banner,
Footer: opts.Footer,
Banner: opts.Templates.Banner,
Footer: opts.Templates.Footer,
SignInMessage: buildSignInMessage(opts),
basicAuthValidator: basicAuthValidator,
displayHtpasswdForm: basicAuthValidator != nil && opts.DisplayHtpasswdForm,
displayHtpasswdForm: basicAuthValidator != nil && opts.Templates.DisplayLoginForm,
sessionChain: sessionChain,
headersChain: headersChain,
preAuthChain: preAuthChain,
@ -301,11 +301,11 @@ func buildHeadersChain(opts *options.Options) (alice.Chain, error) {
func buildSignInMessage(opts *options.Options) string {
var msg string
if len(opts.Banner) >= 1 {
if opts.Banner == "-" {
if len(opts.Templates.Banner) >= 1 {
if opts.Templates.Banner == "-" {
msg = ""
} else {
msg = opts.Banner
msg = opts.Templates.Banner
}
} else if len(opts.EmailDomains) != 0 && opts.AuthenticatedEmailsFile == "" {
if len(opts.EmailDomains) > 1 {

43
pkg/apis/options/app.go Normal file
View File

@ -0,0 +1,43 @@
package options
import "github.com/spf13/pflag"
// Templates includes options for configuring the sign in and error pages
// appearance.
type Templates struct {
// Path is the path to a folder containing a sign_in.html and an error.html
// template.
// These files will be used instead of the default templates if present.
// If either file is missing, the default will be used instead.
Path string `flag:"custom-templates-dir" cfg:"custom_templates_dir"`
// Banner overides the default sign_in page banner text. If unspecified,
// the message will give users a list of allowed email domains.
Banner string `flag:"banner" cfg:"banner"`
// Footer overrides the default sign_in page footer text.
Footer string `flag:"footer" cfg:"footer"`
// DisplayLoginForm determines whether the sign_in page should render a
// password form if a static passwords file (htpasswd file) has been
// configured.
DisplayLoginForm bool `flag:"display-htpasswd-form" cfg:"display_htpasswd_form"`
}
func templatesFlagSet() *pflag.FlagSet {
flagSet := pflag.NewFlagSet("templates", pflag.ExitOnError)
flagSet.String("custom-templates-dir", "", "path to custom html templates")
flagSet.String("banner", "", "custom banner string. Use \"-\" to disable default banner.")
flagSet.String("footer", "", "custom footer string. Use \"-\" to disable default footer.")
flagSet.Bool("display-htpasswd-form", true, "display username / password login form if an htpasswd file is provided")
return flagSet
}
// templatesDefaults creates a Templates and populates it with any default values
func templatesDefaults() Templates {
return Templates{
DisplayLoginForm: true,
}
}

View File

@ -53,14 +53,11 @@ type Options struct {
GoogleAdminEmail string `flag:"google-admin-email" cfg:"google_admin_email"`
GoogleServiceAccountJSON string `flag:"google-service-account-json" cfg:"google_service_account_json"`
HtpasswdFile string `flag:"htpasswd-file" cfg:"htpasswd_file"`
DisplayHtpasswdForm bool `flag:"display-htpasswd-form" cfg:"display_htpasswd_form"`
CustomTemplatesDir string `flag:"custom-templates-dir" cfg:"custom_templates_dir"`
Banner string `flag:"banner" cfg:"banner"`
Footer string `flag:"footer" cfg:"footer"`
Cookie Cookie `cfg:",squash"`
Session SessionOptions `cfg:",squash"`
Logging Logging `cfg:",squash"`
Cookie Cookie `cfg:",squash"`
Session SessionOptions `cfg:",squash"`
Logging Logging `cfg:",squash"`
Templates Templates `cfg:",squash"`
// Not used in the legacy config, name not allowed to match an external key (upstreams)
// TODO(JoelSpeed): Rename when legacy config is removed
@ -135,16 +132,17 @@ func (o *Options) SetRealClientIPParser(s ipapi.RealClientIPParser) { o.realClie
// NewOptions constructs a new Options with defaulted values
func NewOptions() *Options {
return &Options{
ProxyPrefix: "/oauth2",
ProviderType: "google",
PingPath: "/ping",
HTTPAddress: "127.0.0.1:4180",
HTTPSAddress: ":443",
RealClientIPHeader: "X-Real-IP",
ForceHTTPS: false,
DisplayHtpasswdForm: true,
ProxyPrefix: "/oauth2",
ProviderType: "google",
PingPath: "/ping",
HTTPAddress: "127.0.0.1:4180",
HTTPSAddress: ":443",
RealClientIPHeader: "X-Real-IP",
ForceHTTPS: false,
Cookie: cookieDefaults(),
Session: sessionOptionsDefaults(),
Templates: templatesDefaults(),
AzureTenant: "common",
SkipAuthPreflight: false,
Prompt: "", // Change to "login" when ApprovalPrompt officially deprecated
@ -200,10 +198,6 @@ func NewFlagSet() *pflag.FlagSet {
flagSet.String("client-secret-file", "", "the file with OAuth Client Secret")
flagSet.String("authenticated-emails-file", "", "authenticate against emails via file (one per line)")
flagSet.String("htpasswd-file", "", "additionally authenticate against a htpasswd file. Entries must be created with \"htpasswd -B\" for bcrypt encryption")
flagSet.Bool("display-htpasswd-form", true, "display username / password login form if an htpasswd file is provided")
flagSet.String("custom-templates-dir", "", "path to custom html templates")
flagSet.String("banner", "", "custom banner string. Use \"-\" to disable default banner.")
flagSet.String("footer", "", "custom footer string. Use \"-\" to disable default footer.")
flagSet.String("proxy-prefix", "/oauth2", "the url root path that this proxy should be nested under (e.g. /<oauth2>/sign_in)")
flagSet.String("ping-path", "/ping", "the ping endpoint that can be used for basic health checks")
flagSet.String("ping-user-agent", "", "special User-Agent that will be used for basic health checks")
@ -251,6 +245,7 @@ func NewFlagSet() *pflag.FlagSet {
flagSet.AddFlagSet(cookieFlagSet())
flagSet.AddFlagSet(loggingFlagSet())
flagSet.AddFlagSet(templatesFlagSet())
return flagSet
}