diff --git a/README.md b/README.md index f7de4e80..7fa4648e 100644 --- a/README.md +++ b/README.md @@ -75,6 +75,7 @@ Usage of google_auth_proxy: -pass-host-header=true: pass the request Host Header to upstream -redirect-url="": the OAuth Redirect URL. ie: "https://internalapp.yourcompany.com/oauth2/callback" -skip-auth-regex=: bypass authentication for requests path's that match (may be given multiple times) + -custom templates-dir="": path to custom html templates -upstream=: the http url(s) of the upstream endpoint. If multiple, routing is based on path -version=false: print version string ``` diff --git a/contrib/google_auth_proxy.cfg.example b/contrib/google_auth_proxy.cfg.example index 31586453..64de399b 100644 --- a/contrib/google_auth_proxy.cfg.example +++ b/contrib/google_auth_proxy.cfg.example @@ -36,6 +36,10 @@ ## enabling exposes a username/login signin form # htpasswd_file = "" +## Templates +## optional directory with custom sign_in.html and error.html +# custom_templates_dir = "" + ## Cookie Settings ## Secret - the seed string for secure cookies diff --git a/main.go b/main.go index 41a50e13..dd8b15f1 100644 --- a/main.go +++ b/main.go @@ -38,6 +38,7 @@ func main() { flagSet.String("authenticated-emails-file", "", "authenticate against emails via file (one per line)") flagSet.String("htpasswd-file", "", "additionally authenticate against a htpasswd file. Entries must be created with \"htpasswd -s\" for SHA encryption") flagSet.Bool("display-htpasswd-form", true, "display username / password login form if an htpasswd file is provided") + flagSet.String("custom-templates-dir", "", "path to custom html templates") flagSet.String("cookie-secret", "", "the seed string for secure cookies") flagSet.String("cookie-domain", "", "an optional cookie domain to force cookies to (ie: .yourcompany.com)*") diff --git a/oauthproxy.go b/oauthproxy.go index 1ead0ff2..76fa3857 100644 --- a/oauthproxy.go +++ b/oauthproxy.go @@ -5,6 +5,7 @@ import ( "encoding/base64" "errors" "fmt" + "html/template" "io/ioutil" "log" "net/http" @@ -44,6 +45,7 @@ type OauthProxy struct { PassBasicAuth bool skipAuthRegex []string compiledRegex []*regexp.Regexp + templates *template.Template } func NewReverseProxy(target *url.URL) (proxy *httputil.ReverseProxy) { @@ -103,6 +105,7 @@ func NewOauthProxy(opts *Options, validator func(string) bool) *OauthProxy { skipAuthRegex: opts.SkipAuthRegex, compiledRegex: opts.CompiledRegex, PassBasicAuth: opts.PassBasicAuth, + templates: loadTemplates(opts.CustomTemplatesDir), } } @@ -245,7 +248,6 @@ func (p *OauthProxy) PingPage(rw http.ResponseWriter) { func (p *OauthProxy) ErrorPage(rw http.ResponseWriter, code int, title string, message string) { log.Printf("ErrorPage %d %s %s", code, title, message) rw.WriteHeader(code) - templates := getTemplates() t := struct { Title string Message string @@ -253,13 +255,12 @@ func (p *OauthProxy) ErrorPage(rw http.ResponseWriter, code int, title string, m Title: fmt.Sprintf("%d %s", code, title), Message: message, } - templates.ExecuteTemplate(rw, "error.html", t) + p.templates.ExecuteTemplate(rw, "error.html", t) } func (p *OauthProxy) SignInPage(rw http.ResponseWriter, req *http.Request, code int) { p.ClearCookie(rw, req) rw.WriteHeader(code) - templates := getTemplates() t := struct { SignInMessage string @@ -272,7 +273,7 @@ func (p *OauthProxy) SignInPage(rw http.ResponseWriter, req *http.Request, code Redirect: req.URL.RequestURI(), Version: VERSION, } - templates.ExecuteTemplate(rw, "sign_in.html", t) + p.templates.ExecuteTemplate(rw, "sign_in.html", t) } func (p *OauthProxy) ManualSignIn(rw http.ResponseWriter, req *http.Request) (string, bool) { diff --git a/options.go b/options.go index df2b3cac..3b088646 100644 --- a/options.go +++ b/options.go @@ -19,6 +19,7 @@ type Options struct { GoogleAppsDomains []string `flag:"google-apps-domain" cfg:"google_apps_domains"` HtpasswdFile string `flag:"htpasswd-file" cfg:"htpasswd_file"` DisplayHtpasswdForm bool `flag:"display-htpasswd-form" cfg:"display_htpasswd_form"` + CustomTemplatesDir string `flag:"custom-templates-dir" cfg:"custom_templates_dir"` CookieSecret string `flag:"cookie-secret" cfg:"cookie_secret" env:"GOOGLE_AUTH_PROXY_COOKIE_SECRET"` CookieDomain string `flag:"cookie-domain" cfg:"cookie_domain" env:"GOOGLE_AUTH_PROXY_COOKIE_DOMAIN"` diff --git a/templates.go b/templates.go index 202114cb..02e8b82e 100644 --- a/templates.go +++ b/templates.go @@ -3,8 +3,21 @@ package main import ( "html/template" "log" + "path" ) +func loadTemplates(dir string) *template.Template { + if dir == "" { + return getTemplates() + } + log.Printf("using custom template directory %q", dir) + t, err := template.New("").ParseFiles(path.Join(dir, "sign_in.html"), path.Join(dir, "error.html")) + if err != nil { + log.Fatalf("failed parsing template %s", err) + } + return t +} + func getTemplates() *template.Template { t, err := template.New("foo").Parse(`{{define "sign_in.html"}} @@ -123,7 +136,7 @@ func getTemplates() *template.Template { {{end}}`) if err != nil { - log.Fatalf("failed parsing template %s", err.Error()) + log.Fatalf("failed parsing template %s", err) } t, err = t.Parse(`{{define "error.html"}} @@ -141,7 +154,7 @@ func getTemplates() *template.Template { {{end}}`) if err != nil { - log.Fatalf("failed parsing template %s", err.Error()) + log.Fatalf("failed parsing template %s", err) } return t }