Enable specific oauth2proxy path; change cookie name to _oauth2proxy

oauthproxy.go

@@ -19,12 +19,6 @@ import (
 	"github.com/bitly/oauth2_proxy/providers"
 )
 
-const robotsPath = "/robots.txt"
-const pingPath = "/ping"
-const signInPath = "/oauth2/sign_in"
-const oauthStartPath = "/oauth2/start"
-const oauthCallbackPath = "/oauth2/callback"
-
 type OauthProxy struct {
 	CookieSeed     string
 	CookieKey      string
@@ -35,6 +29,12 @@ type OauthProxy struct {
 	CookieRefresh  time.Duration
 	Validator      func(string) bool
 
+	RobotsPath        string
+	PingPath          string
+	SignInPath        string
+	OauthStartPath    string
+	OauthCallbackPath string
+
 	redirectUrl         *url.URL // the url to receive requests at
 	provider            providers.Provider
 	oauthLoginUrl       *url.URL // to redirect the user to
@@ -42,6 +42,7 @@ type OauthProxy struct {
 	oauthScope          string
 	clientID            string
 	clientSecret        string
+	ProxyPrefix         string
 	SignInMessage       string
 	HtpasswdFile        *HtpasswdFile
 	DisplayHtpasswdForm bool
@@ -106,7 +107,7 @@ func NewOauthProxy(opts *Options, validator func(string) bool) *OauthProxy {
 	}
 
 	redirectUrl := opts.redirectUrl
-	redirectUrl.Path = oauthCallbackPath
+	redirectUrl.Path = fmt.Sprintf("%s/callback", opts.ProxyPrefix)
 
 	log.Printf("OauthProxy configured for %s", opts.ClientID)
 	domain := opts.CookieDomain
@@ -131,7 +132,7 @@ func NewOauthProxy(opts *Options, validator func(string) bool) *OauthProxy {
 	}
 
 	return &OauthProxy{
-		CookieKey:      "_oauthproxy",
+		CookieKey:      opts.CookieKey,
 		CookieSeed:     opts.CookieSecret,
 		CookieDomain:   opts.CookieDomain,
 		CookieSecure:   opts.CookieSecure,
@@ -140,8 +141,15 @@ func NewOauthProxy(opts *Options, validator func(string) bool) *OauthProxy {
 		CookieRefresh:  opts.CookieRefresh,
 		Validator:      validator,
 
+		RobotsPath:        "/robots.txt",
+		PingPath:          "/ping",
+		SignInPath:        fmt.Sprintf("%s/sign_in", opts.ProxyPrefix),
+		OauthStartPath:    fmt.Sprintf("%s/start", opts.ProxyPrefix),
+		OauthCallbackPath: fmt.Sprintf("%s/callback", opts.ProxyPrefix),
+
 		clientID:         opts.ClientID,
 		clientSecret:     opts.ClientSecret,
+		ProxyPrefix:      opts.ProxyPrefix,
 		oauthScope:       opts.provider.Data().Scope,
 		provider:         opts.provider,
 		oauthLoginUrl:    opts.provider.Data().LoginUrl,
@@ -300,7 +308,7 @@ func (p *OauthProxy) SignInPage(rw http.ResponseWriter, req *http.Request, code
 	rw.WriteHeader(code)
 
 	redirect_url := req.URL.RequestURI()
-	if redirect_url == signInPath {
+	if redirect_url == p.SignInPath {
 		redirect_url = "/"
 	}
 
@@ -310,12 +318,14 @@ func (p *OauthProxy) SignInPage(rw http.ResponseWriter, req *http.Request, code
 		CustomLogin   bool
 		Redirect      string
 		Version       string
+		ProxyPrefix   string
 	}{
 		ProviderName:  p.provider.Data().ProviderName,
 		SignInMessage: p.SignInMessage,
 		CustomLogin:   p.displayCustomLoginForm(),
 		Redirect:      redirect_url,
 		Version:       VERSION,
+		ProxyPrefix:   p.ProxyPrefix,
 	}
 	p.templates.ExecuteTemplate(rw, "sign_in.html", t)
 }
@@ -365,12 +375,12 @@ func (p *OauthProxy) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
 	var email string
 	var access_token string
 
-	if req.URL.Path == robotsPath {
+	if req.URL.Path == p.RobotsPath {
 		p.RobotsTxt(rw)
 		return
 	}
 
-	if req.URL.Path == pingPath {
+	if req.URL.Path == p.PingPath {
 		p.PingPage(rw)
 		return
 	}
@@ -384,7 +394,7 @@ func (p *OauthProxy) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
 
 	}
 
-	if req.URL.Path == signInPath {
+	if req.URL.Path == p.SignInPath {
 		redirect, err := p.GetRedirect(req)
 		if err != nil {
 			p.ErrorPage(rw, 500, "Internal Error", err.Error())
@@ -400,7 +410,7 @@ func (p *OauthProxy) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
 		}
 		return
 	}
-	if req.URL.Path == oauthStartPath {
+	if req.URL.Path == p.OauthStartPath {
 		redirect, err := p.GetRedirect(req)
 		if err != nil {
 			p.ErrorPage(rw, 500, "Internal Error", err.Error())
@@ -409,7 +419,7 @@ func (p *OauthProxy) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
 		http.Redirect(rw, req, p.GetLoginURL(req.Host, redirect), 302)
 		return
 	}
-	if req.URL.Path == oauthCallbackPath {
+	if req.URL.Path == p.OauthCallbackPath {
 		// finish the oauth cycle
 		err := req.ParseForm()
 		if err != nil {