From c4d25d271fb80a03bb97d4b668eb2e47132827be Mon Sep 17 00:00:00 2001 From: vishnu chilamakuru Date: Mon, 12 Jan 2015 14:48:41 +0530 Subject: [PATCH] Adding Support for multi white listed urls with regex url match. --- main.go | 2 ++ oauthproxy.go | 18 ++++++++++++++++++ options.go | 11 +++++++++++ 3 files changed, 31 insertions(+) diff --git a/main.go b/main.go index 820dc61c..be547d81 100644 --- a/main.go +++ b/main.go @@ -19,6 +19,7 @@ func main() { googleAppsDomains := StringArray{} upstreams := StringArray{} + skipAuthRegex := StringArray{} config := flagSet.String("config", "", "path to config file") showVersion := flagSet.Bool("version", false, "print version string") @@ -27,6 +28,7 @@ func main() { flagSet.String("redirect-url", "", "the OAuth Redirect URL. ie: \"https://internalapp.yourcompany.com/oauth2/callback\"") flagSet.Var(&upstreams, "upstream", "the http url(s) of the upstream endpoint. If multiple, routing is based on path") flagSet.Bool("pass-basic-auth", true, "pass HTTP Basic Auth, X-Forwarded-User and X-Forwarded-Email information to upstream") + flagSet.Var(&skipAuthRegex, "skip-auth-regex", "bypass authentication for requests path's that match (may be given multiple times)") flagSet.Var(&googleAppsDomains, "google-apps-domain", "authenticate against the given Google apps domain (may be given multiple times)") flagSet.String("client-id", "", "the Google OAuth Client ID: ie: \"123456.apps.googleusercontent.com\"") diff --git a/oauthproxy.go b/oauthproxy.go index 706c0821..9f64fc0b 100644 --- a/oauthproxy.go +++ b/oauthproxy.go @@ -12,6 +12,7 @@ import ( "net/url" "strings" "time" + "regexp" "github.com/bitly/go-simplejson" ) @@ -40,6 +41,8 @@ type OauthProxy struct { DisplayHtpasswdForm bool serveMux *http.ServeMux PassBasicAuth bool + skipAuthRegex []string + compiledRegex []*regexp.Regexp } func NewOauthProxy(opts *Options, validator func(string) bool) *OauthProxy { @@ -52,6 +55,10 @@ func NewOauthProxy(opts *Options, validator func(string) bool) *OauthProxy { log.Printf("mapping path %q => upstream %q", path, u) serveMux.Handle(path, httputil.NewSingleHostReverseProxy(u)) } + for _, u := range opts.CompiledRegex { + log.Printf("compiled skip-auth-regex => %q", u) + } + redirectUrl := opts.redirectUrl redirectUrl.Path = oauthCallbackPath @@ -76,6 +83,8 @@ func NewOauthProxy(opts *Options, validator func(string) bool) *OauthProxy { oauthLoginUrl: login, serveMux: serveMux, redirectUrl: redirectUrl, + skipAuthRegex: opts.SkipAuthRegex, + compiledRegex: opts.CompiledRegex, PassBasicAuth: opts.PassBasicAuth, } } @@ -299,6 +308,15 @@ func (p *OauthProxy) ServeHTTP(rw http.ResponseWriter, req *http.Request) { return } + for _, u := range p.compiledRegex { + match := u.MatchString(req.URL.Path) + if match { + p.serveMux.ServeHTTP(rw, req) + return + } + + } + if req.URL.Path == signInPath { redirect, err := p.GetRedirect(req) if err != nil { diff --git a/options.go b/options.go index b70e31c9..803ef30f 100644 --- a/options.go +++ b/options.go @@ -5,6 +5,7 @@ import ( "fmt" "net/url" "time" + "regexp" ) // Configuration Options that can be set by Command Line Flag, or Config File @@ -23,10 +24,12 @@ type Options struct { AuthenticatedEmailsFile string `flag:"authenticated-emails-file" cfg:"authenticated_emails_file"` GoogleAppsDomains []string `flag:"google-apps-domain" cfg:"google_apps_domains"` Upstreams []string `flag:"upstream" cfg:"upstreams"` + SkipAuthRegex []string `flag:"skip-auth-regex" cfg:"skip_auth_regex"` // internal values that are set after config validation redirectUrl *url.URL proxyUrls []*url.URL + CompiledRegex []*regexp.Regexp } func NewOptions() *Options { @@ -70,5 +73,13 @@ func (o *Options) Validate() error { o.proxyUrls = append(o.proxyUrls, upstreamUrl) } + for _, u := range o.SkipAuthRegex { + CompiledRegex, err := regexp.Compile(u) + if err != nil { + return fmt.Errorf("error compiling regex=%q %s", u, err) + } + o.CompiledRegex = append(o.CompiledRegex, CompiledRegex) + } + return nil }