diff --git a/oauthproxy.go b/oauthproxy.go index 1367353c..c7dc3145 100644 --- a/oauthproxy.go +++ b/oauthproxy.go @@ -19,11 +19,12 @@ import ( "github.com/coreos/go-oidc" "github.com/mbland/hmacauth" - "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/logging" + ipapi "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/ip" "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/options" sessionsapi "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/sessions" "github.com/oauth2-proxy/oauth2-proxy/pkg/cookies" "github.com/oauth2-proxy/oauth2-proxy/pkg/encryption" + "github.com/oauth2-proxy/oauth2-proxy/pkg/ip" "github.com/oauth2-proxy/oauth2-proxy/pkg/logger" "github.com/oauth2-proxy/oauth2-proxy/providers" "github.com/yhat/wsutil" @@ -114,7 +115,7 @@ type OAuthProxy struct { jwtBearerVerifiers []*oidc.IDTokenVerifier compiledRegex []*regexp.Regexp templates *template.Template - realClientIPParser logging.RealClientIPParser + realClientIPParser ipapi.RealClientIPParser Banner string Footer string } @@ -762,7 +763,7 @@ func (p *OAuthProxy) OAuthStart(rw http.ResponseWriter, req *http.Request) { // OAuthCallback is the OAuth2 authentication flow callback that finishes the // OAuth2 authentication flow func (p *OAuthProxy) OAuthCallback(rw http.ResponseWriter, req *http.Request) { - remoteAddr := logging.GetClientString(p.realClientIPParser, req, true) + remoteAddr := ip.GetClientString(p.realClientIPParser, req, true) // finish the oauth cycle err := req.ParseForm() @@ -890,7 +891,7 @@ func (p *OAuthProxy) getAuthenticatedSession(rw http.ResponseWriter, req *http.R } } - remoteAddr := logging.GetClientString(p.realClientIPParser, req, true) + remoteAddr := ip.GetClientString(p.realClientIPParser, req, true) if session == nil { session, err = p.LoadCookiedSession(req) if err != nil { diff --git a/pkg/apis/ip/interfaces.go b/pkg/apis/ip/interfaces.go new file mode 100644 index 00000000..02f3937f --- /dev/null +++ b/pkg/apis/ip/interfaces.go @@ -0,0 +1,11 @@ +package ip + +import ( + "net" + "net/http" +) + +// RealClientIPParser is an interface for a getting the client's real IP to be used for logging. +type RealClientIPParser interface { + GetRealClientIP(http.Header) (net.IP, error) +} diff --git a/pkg/apis/options/options.go b/pkg/apis/options/options.go index 203e6259..27b0f66c 100644 --- a/pkg/apis/options/options.go +++ b/pkg/apis/options/options.go @@ -7,7 +7,7 @@ import ( "time" oidc "github.com/coreos/go-oidc" - "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/logging" + ipapi "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/ip" sessionsapi "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/sessions" "github.com/oauth2-proxy/oauth2-proxy/pkg/logger" "github.com/oauth2-proxy/oauth2-proxy/providers" @@ -132,30 +132,30 @@ type Options struct { signatureData *SignatureData oidcVerifier *oidc.IDTokenVerifier jwtBearerVerifiers []*oidc.IDTokenVerifier - realClientIPParser logging.RealClientIPParser + realClientIPParser ipapi.RealClientIPParser } // Options for Getting internal values -func (o *Options) GetRedirectURL() *url.URL { return o.redirectURL } -func (o *Options) GetProxyURLs() []*url.URL { return o.proxyURLs } -func (o *Options) GetCompiledRegex() []*regexp.Regexp { return o.compiledRegex } -func (o *Options) GetProvider() providers.Provider { return o.provider } -func (o *Options) GetSessionStore() sessionsapi.SessionStore { return o.sessionStore } -func (o *Options) GetSignatureData() *SignatureData { return o.signatureData } -func (o *Options) GetOIDCVerifier() *oidc.IDTokenVerifier { return o.oidcVerifier } -func (o *Options) GetJWTBearerVerifiers() []*oidc.IDTokenVerifier { return o.jwtBearerVerifiers } -func (o *Options) GetRealClientIPParser() logging.RealClientIPParser { return o.realClientIPParser } +func (o *Options) GetRedirectURL() *url.URL { return o.redirectURL } +func (o *Options) GetProxyURLs() []*url.URL { return o.proxyURLs } +func (o *Options) GetCompiledRegex() []*regexp.Regexp { return o.compiledRegex } +func (o *Options) GetProvider() providers.Provider { return o.provider } +func (o *Options) GetSessionStore() sessionsapi.SessionStore { return o.sessionStore } +func (o *Options) GetSignatureData() *SignatureData { return o.signatureData } +func (o *Options) GetOIDCVerifier() *oidc.IDTokenVerifier { return o.oidcVerifier } +func (o *Options) GetJWTBearerVerifiers() []*oidc.IDTokenVerifier { return o.jwtBearerVerifiers } +func (o *Options) GetRealClientIPParser() ipapi.RealClientIPParser { return o.realClientIPParser } // Options for Setting internal values -func (o *Options) SetRedirectURL(s *url.URL) { o.redirectURL = s } -func (o *Options) SetProxyURLs(s []*url.URL) { o.proxyURLs = s } -func (o *Options) SetCompiledRegex(s []*regexp.Regexp) { o.compiledRegex = s } -func (o *Options) SetProvider(s providers.Provider) { o.provider = s } -func (o *Options) SetSessionStore(s sessionsapi.SessionStore) { o.sessionStore = s } -func (o *Options) SetSignatureData(s *SignatureData) { o.signatureData = s } -func (o *Options) SetOIDCVerifier(s *oidc.IDTokenVerifier) { o.oidcVerifier = s } -func (o *Options) SetJWTBearerVerifiers(s []*oidc.IDTokenVerifier) { o.jwtBearerVerifiers = s } -func (o *Options) SetRealClientIPParser(s logging.RealClientIPParser) { o.realClientIPParser = s } +func (o *Options) SetRedirectURL(s *url.URL) { o.redirectURL = s } +func (o *Options) SetProxyURLs(s []*url.URL) { o.proxyURLs = s } +func (o *Options) SetCompiledRegex(s []*regexp.Regexp) { o.compiledRegex = s } +func (o *Options) SetProvider(s providers.Provider) { o.provider = s } +func (o *Options) SetSessionStore(s sessionsapi.SessionStore) { o.sessionStore = s } +func (o *Options) SetSignatureData(s *SignatureData) { o.signatureData = s } +func (o *Options) SetOIDCVerifier(s *oidc.IDTokenVerifier) { o.oidcVerifier = s } +func (o *Options) SetJWTBearerVerifiers(s []*oidc.IDTokenVerifier) { o.jwtBearerVerifiers = s } +func (o *Options) SetRealClientIPParser(s ipapi.RealClientIPParser) { o.realClientIPParser = s } // NewOptions constructs a new Options with defaulted values func NewOptions() *Options { diff --git a/pkg/apis/logging/realclientip.go b/pkg/ip/realclientip.go similarity index 88% rename from pkg/apis/logging/realclientip.go rename to pkg/ip/realclientip.go index 04043f75..0fb43e9b 100644 --- a/pkg/apis/logging/realclientip.go +++ b/pkg/ip/realclientip.go @@ -1,18 +1,15 @@ -package logging +package ip import ( "fmt" "net" "net/http" "strings" + + ipapi "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/ip" ) -// RealClientIPParser is an interface for a getting the client's real IP to be used for logging. -type RealClientIPParser interface { - GetRealClientIP(http.Header) (net.IP, error) -} - -func GetRealClientIPParser(headerKey string) (RealClientIPParser, error) { +func GetRealClientIPParser(headerKey string) (ipapi.RealClientIPParser, error) { headerKey = http.CanonicalHeaderKey(headerKey) switch headerKey { @@ -73,7 +70,7 @@ func getRemoteIP(req *http.Request) (net.IP, error) { } // GetClientString obtains the human readable string of the remote IP and optionally the real client IP if available -func GetClientString(p RealClientIPParser, req *http.Request, full bool) (s string) { +func GetClientString(p ipapi.RealClientIPParser, req *http.Request, full bool) (s string) { var realClientIPStr string if p != nil { if realClientIP, err := p.GetRealClientIP(req.Header); err == nil && realClientIP != nil { diff --git a/pkg/apis/logging/realclientip_test.go b/pkg/ip/realclientip_test.go similarity index 97% rename from pkg/apis/logging/realclientip_test.go rename to pkg/ip/realclientip_test.go index 62da9192..b24b733b 100644 --- a/pkg/apis/logging/realclientip_test.go +++ b/pkg/ip/realclientip_test.go @@ -1,4 +1,4 @@ -package logging +package ip import ( "net" @@ -6,6 +6,7 @@ import ( "reflect" "testing" + ipapi "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/ip" "github.com/stretchr/testify/assert" ) @@ -144,7 +145,7 @@ func TestGetClientString(t *testing.T) { p := &xForwardedForClientIPParser{header: http.CanonicalHeaderKey("X-Forwarded-For")} tests := []struct { - parser RealClientIPParser + parser ipapi.RealClientIPParser remoteAddr string headerValue string expectedClient string diff --git a/pkg/validation/options.go b/pkg/validation/options.go index 66b7a74d..cd4aa0ca 100644 --- a/pkg/validation/options.go +++ b/pkg/validation/options.go @@ -17,9 +17,9 @@ import ( "github.com/coreos/go-oidc" "github.com/dgrijalva/jwt-go" "github.com/mbland/hmacauth" - "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/logging" "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/options" "github.com/oauth2-proxy/oauth2-proxy/pkg/encryption" + "github.com/oauth2-proxy/oauth2-proxy/pkg/ip" "github.com/oauth2-proxy/oauth2-proxy/pkg/logger" "github.com/oauth2-proxy/oauth2-proxy/pkg/requests" "github.com/oauth2-proxy/oauth2-proxy/pkg/sessions" @@ -272,7 +272,7 @@ func Validate(o *options.Options) error { msgs = setupLogger(o, msgs) if o.ReverseProxy { - parser, err := logging.GetRealClientIPParser(o.RealClientIPHeader) + parser, err := ip.GetRealClientIPParser(o.RealClientIPHeader) if err != nil { msgs = append(msgs, fmt.Sprintf("real_client_ip_header (%s) not accepted parameter value: %v", o.RealClientIPHeader, err)) } @@ -496,7 +496,7 @@ func setupLogger(o *options.Options, msgs []string) []string { logger.SetAuthTemplate(o.AuthLoggingFormat) logger.SetReqTemplate(o.RequestLoggingFormat) logger.SetGetClientFunc(func(r *http.Request) string { - return logging.GetClientString(o.GetRealClientIPParser(), r, false) + return ip.GetClientString(o.GetRealClientIPParser(), r, false) }) excludePaths := make([]string, 0)