From 84f76c6060b05d0846adb19a47a71b8c3e30f93a Mon Sep 17 00:00:00 2001
From: Joel  Speed <joel.speed@hotmail.co.uk>
Date: Sat, 6 Feb 2021 17:40:51 +0000
Subject: [PATCH] Move template options to their own struct

---
 oauthproxy.go               | 14 ++++++------
 pkg/apis/options/app.go     | 43 +++++++++++++++++++++++++++++++++++++
 pkg/apis/options/options.go | 33 ++++++++++++----------------
 3 files changed, 64 insertions(+), 26 deletions(-)
 create mode 100644 pkg/apis/options/app.go

diff --git a/oauthproxy.go b/oauthproxy.go
index 7c840e24..0cd7106a 100644
--- a/oauthproxy.go
+++ b/oauthproxy.go
@@ -116,7 +116,7 @@ func NewOAuthProxy(opts *options.Options, validator func(string) bool) (*OAuthPr
 		return nil, fmt.Errorf("error initialising session store: %v", err)
 	}
 
-	templates := loadTemplates(opts.CustomTemplatesDir)
+	templates := loadTemplates(opts.Templates.Path)
 	proxyErrorHandler := upstream.NewProxyErrorHandler(templates.Lookup("error.html"), opts.ProxyPrefix)
 	upstreamProxy, err := upstream.NewProxy(opts.UpstreamServers, opts.GetSignatureData(), proxyErrorHandler)
 	if err != nil {
@@ -211,12 +211,12 @@ func NewOAuthProxy(opts *options.Options, validator func(string) bool) (*OAuthPr
 		SkipProviderButton:   opts.SkipProviderButton,
 		templates:            templates,
 		trustedIPs:           trustedIPs,
-		Banner:               opts.Banner,
-		Footer:               opts.Footer,
+		Banner:               opts.Templates.Banner,
+		Footer:               opts.Templates.Footer,
 		SignInMessage:        buildSignInMessage(opts),
 
 		basicAuthValidator:  basicAuthValidator,
-		displayHtpasswdForm: basicAuthValidator != nil && opts.DisplayHtpasswdForm,
+		displayHtpasswdForm: basicAuthValidator != nil && opts.Templates.DisplayLoginForm,
 		sessionChain:        sessionChain,
 		headersChain:        headersChain,
 		preAuthChain:        preAuthChain,
@@ -301,11 +301,11 @@ func buildHeadersChain(opts *options.Options) (alice.Chain, error) {
 
 func buildSignInMessage(opts *options.Options) string {
 	var msg string
-	if len(opts.Banner) >= 1 {
-		if opts.Banner == "-" {
+	if len(opts.Templates.Banner) >= 1 {
+		if opts.Templates.Banner == "-" {
 			msg = ""
 		} else {
-			msg = opts.Banner
+			msg = opts.Templates.Banner
 		}
 	} else if len(opts.EmailDomains) != 0 && opts.AuthenticatedEmailsFile == "" {
 		if len(opts.EmailDomains) > 1 {
diff --git a/pkg/apis/options/app.go b/pkg/apis/options/app.go
new file mode 100644
index 00000000..1574ac97
--- /dev/null
+++ b/pkg/apis/options/app.go
@@ -0,0 +1,43 @@
+package options
+
+import "github.com/spf13/pflag"
+
+// Templates includes options for configuring the sign in and error pages
+// appearance.
+type Templates struct {
+	// Path is the path to a folder containing a sign_in.html and an error.html
+	// template.
+	// These files will be used instead of the default templates if present.
+	// If either file is missing, the default will be used instead.
+	Path string `flag:"custom-templates-dir" cfg:"custom_templates_dir"`
+
+	// Banner overides the default sign_in page banner text. If unspecified,
+	// the message will give users a list of allowed email domains.
+	Banner string `flag:"banner" cfg:"banner"`
+
+	// Footer overrides the default sign_in page footer text.
+	Footer string `flag:"footer" cfg:"footer"`
+
+	// DisplayLoginForm determines whether the sign_in page should render a
+	// password form if a static passwords file (htpasswd file) has been
+	// configured.
+	DisplayLoginForm bool `flag:"display-htpasswd-form" cfg:"display_htpasswd_form"`
+}
+
+func templatesFlagSet() *pflag.FlagSet {
+	flagSet := pflag.NewFlagSet("templates", pflag.ExitOnError)
+
+	flagSet.String("custom-templates-dir", "", "path to custom html templates")
+	flagSet.String("banner", "", "custom banner string. Use \"-\" to disable default banner.")
+	flagSet.String("footer", "", "custom footer string. Use \"-\" to disable default footer.")
+	flagSet.Bool("display-htpasswd-form", true, "display username / password login form if an htpasswd file is provided")
+
+	return flagSet
+}
+
+// templatesDefaults creates a Templates and populates it with any default values
+func templatesDefaults() Templates {
+	return Templates{
+		DisplayLoginForm: true,
+	}
+}
diff --git a/pkg/apis/options/options.go b/pkg/apis/options/options.go
index c0f91422..9e8b6366 100644
--- a/pkg/apis/options/options.go
+++ b/pkg/apis/options/options.go
@@ -53,14 +53,11 @@ type Options struct {
 	GoogleAdminEmail         string   `flag:"google-admin-email" cfg:"google_admin_email"`
 	GoogleServiceAccountJSON string   `flag:"google-service-account-json" cfg:"google_service_account_json"`
 	HtpasswdFile             string   `flag:"htpasswd-file" cfg:"htpasswd_file"`
-	DisplayHtpasswdForm      bool     `flag:"display-htpasswd-form" cfg:"display_htpasswd_form"`
-	CustomTemplatesDir       string   `flag:"custom-templates-dir" cfg:"custom_templates_dir"`
-	Banner                   string   `flag:"banner" cfg:"banner"`
-	Footer                   string   `flag:"footer" cfg:"footer"`
 
-	Cookie  Cookie         `cfg:",squash"`
-	Session SessionOptions `cfg:",squash"`
-	Logging Logging        `cfg:",squash"`
+	Cookie    Cookie         `cfg:",squash"`
+	Session   SessionOptions `cfg:",squash"`
+	Logging   Logging        `cfg:",squash"`
+	Templates Templates      `cfg:",squash"`
 
 	// Not used in the legacy config, name not allowed to match an external key (upstreams)
 	// TODO(JoelSpeed): Rename when legacy config is removed
@@ -135,16 +132,17 @@ func (o *Options) SetRealClientIPParser(s ipapi.RealClientIPParser) { o.realClie
 // NewOptions constructs a new Options with defaulted values
 func NewOptions() *Options {
 	return &Options{
-		ProxyPrefix:                      "/oauth2",
-		ProviderType:                     "google",
-		PingPath:                         "/ping",
-		HTTPAddress:                      "127.0.0.1:4180",
-		HTTPSAddress:                     ":443",
-		RealClientIPHeader:               "X-Real-IP",
-		ForceHTTPS:                       false,
-		DisplayHtpasswdForm:              true,
+		ProxyPrefix:        "/oauth2",
+		ProviderType:       "google",
+		PingPath:           "/ping",
+		HTTPAddress:        "127.0.0.1:4180",
+		HTTPSAddress:       ":443",
+		RealClientIPHeader: "X-Real-IP",
+		ForceHTTPS:         false,
+
 		Cookie:                           cookieDefaults(),
 		Session:                          sessionOptionsDefaults(),
+		Templates:                        templatesDefaults(),
 		AzureTenant:                      "common",
 		SkipAuthPreflight:                false,
 		Prompt:                           "", // Change to "login" when ApprovalPrompt officially deprecated
@@ -200,10 +198,6 @@ func NewFlagSet() *pflag.FlagSet {
 	flagSet.String("client-secret-file", "", "the file with OAuth Client Secret")
 	flagSet.String("authenticated-emails-file", "", "authenticate against emails via file (one per line)")
 	flagSet.String("htpasswd-file", "", "additionally authenticate against a htpasswd file. Entries must be created with \"htpasswd -B\" for bcrypt encryption")
-	flagSet.Bool("display-htpasswd-form", true, "display username / password login form if an htpasswd file is provided")
-	flagSet.String("custom-templates-dir", "", "path to custom html templates")
-	flagSet.String("banner", "", "custom banner string. Use \"-\" to disable default banner.")
-	flagSet.String("footer", "", "custom footer string. Use \"-\" to disable default footer.")
 	flagSet.String("proxy-prefix", "/oauth2", "the url root path that this proxy should be nested under (e.g. /<oauth2>/sign_in)")
 	flagSet.String("ping-path", "/ping", "the ping endpoint that can be used for basic health checks")
 	flagSet.String("ping-user-agent", "", "special User-Agent that will be used for basic health checks")
@@ -251,6 +245,7 @@ func NewFlagSet() *pflag.FlagSet {
 
 	flagSet.AddFlagSet(cookieFlagSet())
 	flagSet.AddFlagSet(loggingFlagSet())
+	flagSet.AddFlagSet(templatesFlagSet())
 
 	return flagSet
 }