mirror of
https://github.com/oauth2-proxy/oauth2-proxy.git
synced 2025-01-08 04:03:58 +02:00
Move template options to their own struct
This commit is contained in:
parent
801edeba23
commit
84f76c6060
@ -116,7 +116,7 @@ func NewOAuthProxy(opts *options.Options, validator func(string) bool) (*OAuthPr
|
||||
return nil, fmt.Errorf("error initialising session store: %v", err)
|
||||
}
|
||||
|
||||
templates := loadTemplates(opts.CustomTemplatesDir)
|
||||
templates := loadTemplates(opts.Templates.Path)
|
||||
proxyErrorHandler := upstream.NewProxyErrorHandler(templates.Lookup("error.html"), opts.ProxyPrefix)
|
||||
upstreamProxy, err := upstream.NewProxy(opts.UpstreamServers, opts.GetSignatureData(), proxyErrorHandler)
|
||||
if err != nil {
|
||||
@ -211,12 +211,12 @@ func NewOAuthProxy(opts *options.Options, validator func(string) bool) (*OAuthPr
|
||||
SkipProviderButton: opts.SkipProviderButton,
|
||||
templates: templates,
|
||||
trustedIPs: trustedIPs,
|
||||
Banner: opts.Banner,
|
||||
Footer: opts.Footer,
|
||||
Banner: opts.Templates.Banner,
|
||||
Footer: opts.Templates.Footer,
|
||||
SignInMessage: buildSignInMessage(opts),
|
||||
|
||||
basicAuthValidator: basicAuthValidator,
|
||||
displayHtpasswdForm: basicAuthValidator != nil && opts.DisplayHtpasswdForm,
|
||||
displayHtpasswdForm: basicAuthValidator != nil && opts.Templates.DisplayLoginForm,
|
||||
sessionChain: sessionChain,
|
||||
headersChain: headersChain,
|
||||
preAuthChain: preAuthChain,
|
||||
@ -301,11 +301,11 @@ func buildHeadersChain(opts *options.Options) (alice.Chain, error) {
|
||||
|
||||
func buildSignInMessage(opts *options.Options) string {
|
||||
var msg string
|
||||
if len(opts.Banner) >= 1 {
|
||||
if opts.Banner == "-" {
|
||||
if len(opts.Templates.Banner) >= 1 {
|
||||
if opts.Templates.Banner == "-" {
|
||||
msg = ""
|
||||
} else {
|
||||
msg = opts.Banner
|
||||
msg = opts.Templates.Banner
|
||||
}
|
||||
} else if len(opts.EmailDomains) != 0 && opts.AuthenticatedEmailsFile == "" {
|
||||
if len(opts.EmailDomains) > 1 {
|
||||
|
43
pkg/apis/options/app.go
Normal file
43
pkg/apis/options/app.go
Normal file
@ -0,0 +1,43 @@
|
||||
package options
|
||||
|
||||
import "github.com/spf13/pflag"
|
||||
|
||||
// Templates includes options for configuring the sign in and error pages
|
||||
// appearance.
|
||||
type Templates struct {
|
||||
// Path is the path to a folder containing a sign_in.html and an error.html
|
||||
// template.
|
||||
// These files will be used instead of the default templates if present.
|
||||
// If either file is missing, the default will be used instead.
|
||||
Path string `flag:"custom-templates-dir" cfg:"custom_templates_dir"`
|
||||
|
||||
// Banner overides the default sign_in page banner text. If unspecified,
|
||||
// the message will give users a list of allowed email domains.
|
||||
Banner string `flag:"banner" cfg:"banner"`
|
||||
|
||||
// Footer overrides the default sign_in page footer text.
|
||||
Footer string `flag:"footer" cfg:"footer"`
|
||||
|
||||
// DisplayLoginForm determines whether the sign_in page should render a
|
||||
// password form if a static passwords file (htpasswd file) has been
|
||||
// configured.
|
||||
DisplayLoginForm bool `flag:"display-htpasswd-form" cfg:"display_htpasswd_form"`
|
||||
}
|
||||
|
||||
func templatesFlagSet() *pflag.FlagSet {
|
||||
flagSet := pflag.NewFlagSet("templates", pflag.ExitOnError)
|
||||
|
||||
flagSet.String("custom-templates-dir", "", "path to custom html templates")
|
||||
flagSet.String("banner", "", "custom banner string. Use \"-\" to disable default banner.")
|
||||
flagSet.String("footer", "", "custom footer string. Use \"-\" to disable default footer.")
|
||||
flagSet.Bool("display-htpasswd-form", true, "display username / password login form if an htpasswd file is provided")
|
||||
|
||||
return flagSet
|
||||
}
|
||||
|
||||
// templatesDefaults creates a Templates and populates it with any default values
|
||||
func templatesDefaults() Templates {
|
||||
return Templates{
|
||||
DisplayLoginForm: true,
|
||||
}
|
||||
}
|
@ -53,14 +53,11 @@ type Options struct {
|
||||
GoogleAdminEmail string `flag:"google-admin-email" cfg:"google_admin_email"`
|
||||
GoogleServiceAccountJSON string `flag:"google-service-account-json" cfg:"google_service_account_json"`
|
||||
HtpasswdFile string `flag:"htpasswd-file" cfg:"htpasswd_file"`
|
||||
DisplayHtpasswdForm bool `flag:"display-htpasswd-form" cfg:"display_htpasswd_form"`
|
||||
CustomTemplatesDir string `flag:"custom-templates-dir" cfg:"custom_templates_dir"`
|
||||
Banner string `flag:"banner" cfg:"banner"`
|
||||
Footer string `flag:"footer" cfg:"footer"`
|
||||
|
||||
Cookie Cookie `cfg:",squash"`
|
||||
Session SessionOptions `cfg:",squash"`
|
||||
Logging Logging `cfg:",squash"`
|
||||
Cookie Cookie `cfg:",squash"`
|
||||
Session SessionOptions `cfg:",squash"`
|
||||
Logging Logging `cfg:",squash"`
|
||||
Templates Templates `cfg:",squash"`
|
||||
|
||||
// Not used in the legacy config, name not allowed to match an external key (upstreams)
|
||||
// TODO(JoelSpeed): Rename when legacy config is removed
|
||||
@ -135,16 +132,17 @@ func (o *Options) SetRealClientIPParser(s ipapi.RealClientIPParser) { o.realClie
|
||||
// NewOptions constructs a new Options with defaulted values
|
||||
func NewOptions() *Options {
|
||||
return &Options{
|
||||
ProxyPrefix: "/oauth2",
|
||||
ProviderType: "google",
|
||||
PingPath: "/ping",
|
||||
HTTPAddress: "127.0.0.1:4180",
|
||||
HTTPSAddress: ":443",
|
||||
RealClientIPHeader: "X-Real-IP",
|
||||
ForceHTTPS: false,
|
||||
DisplayHtpasswdForm: true,
|
||||
ProxyPrefix: "/oauth2",
|
||||
ProviderType: "google",
|
||||
PingPath: "/ping",
|
||||
HTTPAddress: "127.0.0.1:4180",
|
||||
HTTPSAddress: ":443",
|
||||
RealClientIPHeader: "X-Real-IP",
|
||||
ForceHTTPS: false,
|
||||
|
||||
Cookie: cookieDefaults(),
|
||||
Session: sessionOptionsDefaults(),
|
||||
Templates: templatesDefaults(),
|
||||
AzureTenant: "common",
|
||||
SkipAuthPreflight: false,
|
||||
Prompt: "", // Change to "login" when ApprovalPrompt officially deprecated
|
||||
@ -200,10 +198,6 @@ func NewFlagSet() *pflag.FlagSet {
|
||||
flagSet.String("client-secret-file", "", "the file with OAuth Client Secret")
|
||||
flagSet.String("authenticated-emails-file", "", "authenticate against emails via file (one per line)")
|
||||
flagSet.String("htpasswd-file", "", "additionally authenticate against a htpasswd file. Entries must be created with \"htpasswd -B\" for bcrypt encryption")
|
||||
flagSet.Bool("display-htpasswd-form", true, "display username / password login form if an htpasswd file is provided")
|
||||
flagSet.String("custom-templates-dir", "", "path to custom html templates")
|
||||
flagSet.String("banner", "", "custom banner string. Use \"-\" to disable default banner.")
|
||||
flagSet.String("footer", "", "custom footer string. Use \"-\" to disable default footer.")
|
||||
flagSet.String("proxy-prefix", "/oauth2", "the url root path that this proxy should be nested under (e.g. /<oauth2>/sign_in)")
|
||||
flagSet.String("ping-path", "/ping", "the ping endpoint that can be used for basic health checks")
|
||||
flagSet.String("ping-user-agent", "", "special User-Agent that will be used for basic health checks")
|
||||
@ -251,6 +245,7 @@ func NewFlagSet() *pflag.FlagSet {
|
||||
|
||||
flagSet.AddFlagSet(cookieFlagSet())
|
||||
flagSet.AddFlagSet(loggingFlagSet())
|
||||
flagSet.AddFlagSet(templatesFlagSet())
|
||||
|
||||
return flagSet
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user