diff --git a/Gopkg.lock b/Gopkg.lock index de9aab15..2a69229e 100644 --- a/Gopkg.lock +++ b/Gopkg.lock @@ -222,6 +222,7 @@ "github.com/mreiferson/go-options", "github.com/stretchr/testify/assert", "github.com/stretchr/testify/require", + "github.com/yhat/wsutil", "golang.org/x/crypto/bcrypt", "golang.org/x/net/websocket", "golang.org/x/oauth2", diff --git a/logging_handler.go b/logging_handler.go index cff0b321..77c2fca1 100644 --- a/logging_handler.go +++ b/logging_handler.go @@ -4,6 +4,9 @@ package main import ( + "bufio" + "errors" + "net" "net/http" "time" diff --git a/main.go b/main.go index b2e1d869..e3d70a62 100644 --- a/main.go +++ b/main.go @@ -3,7 +3,6 @@ package main import ( "flag" "fmt" - "log" "math/rand" "net/http" "os" @@ -13,6 +12,7 @@ import ( "github.com/BurntSushi/toml" options "github.com/mreiferson/go-options" + "github.com/pusher/oauth2_proxy/logger" ) func main() { @@ -20,7 +20,7 @@ func main() { flagSet := flag.NewFlagSet("oauth2_proxy", flag.ExitOnError) emailDomains := StringArray{} - whitelistDomains := StringArray{} + whitelistandardomains := StringArray{} upstreams := StringArray{} skipAuthRegex := StringArray{} googleGroups := StringArray{} @@ -49,7 +49,7 @@ func main() { flagSet.Duration("flush-interval", time.Duration(1)*time.Second, "period between response flushing when streaming responses") flagSet.Var(&emailDomains, "email-domain", "authenticate emails with the specified domain (may be given multiple times). Use * to authenticate any email") - flagSet.Var(&whitelistDomains, "whitelist-domain", "allowed domains for redirection after authentication. Prefix domain with a . to allow subdomains (eg .example.com)") + flagSet.Var(&whitelistandardomains, "whitelist-domain", "allowed domains for redirection after authentication. Prefix domain with a . to allow subdomains (eg .example.com)") flagSet.String("azure-tenant", "common", "go to a tenant-specific or common (tenant-independent) endpoint.") flagSet.String("github-org", "", "restrict logins to members of this organisation") flagSet.String("github-team", "", "restrict logins to members of this team") @@ -158,16 +158,12 @@ func main() { var handler http.Handler if opts.GCPHealthChecks { - handler = gcpHealthcheck(LoggingHandler(os.Stdout, oauthproxy, opts.RequestLogging, opts.RequestLoggingFormat)) + handler = gcpHealthcheck(LoggingHandler(oauthproxy)) } else { - handler = LoggingHandler(os.Stdout, oauthproxy, opts.RequestLogging, opts.RequestLoggingFormat) + handler = LoggingHandler(oauthproxy) } s := &Server{ -<<<<<<< HEAD Handler: handler, -======= - Handler: LoggingHandler(oauthproxy), ->>>>>>> Auth and standard logging with file rolling Opts: opts, } s.ListenAndServe() diff --git a/oauthproxy.go b/oauthproxy.go index cd185513..8e6cedb8 100644 --- a/oauthproxy.go +++ b/oauthproxy.go @@ -185,23 +185,10 @@ func NewOAuthProxy(opts *Options, validator func(string) bool) *OAuthProxy { path := u.Path switch u.Scheme { case httpScheme, httpsScheme: -<<<<<<< HEAD - log.Printf("mapping path %q => upstream %q", path, u) + logger.Printf("mapping path %q => upstream %q", path, u) proxy := NewWebSocketOrRestReverseProxy(u, opts, auth) serveMux.Handle(path, proxy) -======= - u.Path = "" - logger.Printf("mapping path %q => upstream %q", path, u) - proxy := NewReverseProxy(u, opts.FlushInterval) - if !opts.PassHostHeader { - setProxyUpstreamHostHeader(proxy, u) - } else { - setProxyDirector(proxy) - } - serveMux.Handle(path, - &UpstreamProxy{u.Host, proxy, auth}) ->>>>>>> Auth and standard logging with file rolling case "file": if u.Fragment != "" { path = u.Fragment @@ -228,11 +215,7 @@ func NewOAuthProxy(opts *Options, validator func(string) bool) *OAuthProxy { refresh = fmt.Sprintf("after %s", opts.CookieRefresh) } -<<<<<<< HEAD - log.Printf("Cookie settings: name:%s secure(https):%v httponly:%v expiry:%s domain:%s path:%s refresh:%s", opts.CookieName, opts.CookieSecure, opts.CookieHTTPOnly, opts.CookieExpire, opts.CookieDomain, opts.CookiePath, refresh) -======= - logger.Printf("Cookie settings: name:%s secure(https):%v httponly:%v expiry:%s domain:%s refresh:%s", opts.CookieName, opts.CookieSecure, opts.CookieHTTPOnly, opts.CookieExpire, opts.CookieDomain, refresh) ->>>>>>> Auth and standard logging with file rolling + logger.Printf("Cookie settings: name:%s secure(https):%v httponly:%v expiry:%s domain:%s path:%s refresh:%s", opts.CookieName, opts.CookieSecure, opts.CookieHTTPOnly, opts.CookieExpire, opts.CookieDomain, opts.CookiePath, refresh) var cipher *cookie.Cipher if opts.PassAccessToken || opts.SetAuthorization || opts.PassAuthorization || (opts.CookieRefresh != time.Duration(0)) { diff --git a/options.go b/options.go index ebdb1b0f..4b30f69d 100644 --- a/options.go +++ b/options.go @@ -18,7 +18,7 @@ import ( "github.com/mbland/hmacauth" "github.com/pusher/oauth2_proxy/logger" "github.com/pusher/oauth2_proxy/providers" - lumberjack "gopkg.in/natefinch/lumberjack.v2" + "gopkg.in/natefinch/lumberjack.v2" ) // Options holds Configuration Options that can be set by Command Line Flag, @@ -74,7 +74,6 @@ type Options struct { // These options allow for other providers besides Google, with // potential overrides. -<<<<<<< HEAD Provider string `flag:"provider" cfg:"provider" env:"OAUTH2_PROXY_PROVIDER"` OIDCIssuerURL string `flag:"oidc-issuer-url" cfg:"oidc_issuer_url" env:"OAUTH2_PROXY_OIDC_ISSUER_URL"` SkipOIDCDiscovery bool `flag:"skip-oidc-discovery" cfg:"skip_oidc_discovery" env:"OAUTH2_SKIP_OIDC_DISCOVERY"` @@ -87,25 +86,6 @@ type Options struct { Scope string `flag:"scope" cfg:"scope" env:"OAUTH2_PROXY_SCOPE"` ApprovalPrompt string `flag:"approval-prompt" cfg:"approval_prompt" env:"OAUTH2_PROXY_APPROVAL_PROMPT"` - RequestLogging bool `flag:"request-logging" cfg:"request_logging" env:"OAUTH2_PROXY_REQUEST_LOGGING"` - RequestLoggingFormat string `flag:"request-logging-format" cfg:"request_logging_format" env:"OAUTH2_PROXY_REQUEST_LOGGING_FORMAT"` - - SignatureKey string `flag:"signature-key" cfg:"signature_key" env:"OAUTH2_PROXY_SIGNATURE_KEY"` - AcrValues string `flag:"acr-values" cfg:"acr_values" env:"OAUTH2_PROXY_ACR_VALUES"` - JWTKey string `flag:"jwt-key" cfg:"jwt_key" env:"OAUTH2_PROXY_JWT_KEY"` - PubJWKURL string `flag:"pubjwk-url" cfg:"pubjwk_url" env:"OAUTH2_PROXY_PUBJWK_URL"` - GCPHealthChecks bool `flag:"gcp-healthchecks" cfg:"gcp_healthchecks" env:"OAUTH2_PROXY_GCP_HEALTHCHECKS"` -======= - Provider string `flag:"provider" cfg:"provider"` - OIDCIssuerURL string `flag:"oidc-issuer-url" cfg:"oidc_issuer_url"` - LoginURL string `flag:"login-url" cfg:"login_url"` - RedeemURL string `flag:"redeem-url" cfg:"redeem_url"` - ProfileURL string `flag:"profile-url" cfg:"profile_url"` - ProtectedResource string `flag:"resource" cfg:"resource"` - ValidateURL string `flag:"validate-url" cfg:"validate_url"` - Scope string `flag:"scope" cfg:"scope"` - ApprovalPrompt string `flag:"approval-prompt" cfg:"approval_prompt"` - // Configuration values for logging LoggingFilename string `flag:"logging-filename" cfg:"logging_filename"` LoggingMaxSize int `flag:"logging-max-size" cfg:"logging_max_size"` @@ -120,8 +100,11 @@ type Options struct { AuthLogging bool `flag:"auth-logging" cfg:"auth_logging"` AuthLoggingFormat string `flag:"auth-logging-format" cfg:"auth_logging_format"` - SignatureKey string `flag:"signature-key" cfg:"signature_key" env:"OAUTH2_PROXY_SIGNATURE_KEY"` ->>>>>>> Auth and standard logging with file rolling + SignatureKey string `flag:"signature-key" cfg:"signature_key" env:"OAUTH2_PROXY_SIGNATURE_KEY"` + AcrValues string `flag:"acr-values" cfg:"acr_values" env:"OAUTH2_PROXY_ACR_VALUES"` + JWTKey string `flag:"jwt-key" cfg:"jwt_key" env:"OAUTH2_PROXY_JWT_KEY"` + PubJWKURL string `flag:"pubjwk-url" cfg:"pubjwk_url" env:"OAUTH2_PROXY_PUBJWK_URL"` + GCPHealthChecks bool `flag:"gcp-healthchecks" cfg:"gcp_healthchecks" env:"OAUTH2_PROXY_GCP_HEALTHCHECKS"` // internal values that are set after config validation redirectURL *url.URL @@ -141,31 +124,8 @@ type SignatureData struct { // NewOptions constructs a new Options with defaulted values func NewOptions() *Options { return &Options{ -<<<<<<< HEAD - ProxyPrefix: "/oauth2", - ProxyWebSockets: true, - HTTPAddress: "127.0.0.1:4180", - HTTPSAddress: ":443", - DisplayHtpasswdForm: true, - CookieName: "_oauth2_proxy", - CookieSecure: true, - CookieHTTPOnly: true, - CookieExpire: time.Duration(168) * time.Hour, - CookieRefresh: time.Duration(0), - SetXAuthRequest: false, - SkipAuthPreflight: false, - PassBasicAuth: true, - PassUserHeaders: true, - PassAccessToken: false, - PassHostHeader: true, - SetAuthorization: false, - PassAuthorization: false, - ApprovalPrompt: "force", - RequestLogging: true, - SkipOIDCDiscovery: false, - RequestLoggingFormat: defaultRequestLoggingFormat, -======= ProxyPrefix: "/oauth2", + ProxyWebSockets: true, HTTPAddress: "127.0.0.1:4180", HTTPSAddress: ":443", DisplayHtpasswdForm: true, @@ -183,6 +143,7 @@ func NewOptions() *Options { SetAuthorization: false, PassAuthorization: false, ApprovalPrompt: "force", + SkipOIDCDiscovery: false, LoggingFilename: "", LoggingMaxSize: 100, LoggingMaxAge: 7, @@ -195,7 +156,6 @@ func NewOptions() *Options { RequestLoggingFormat: logger.DefaultRequestLoggingFormat, AuthLogging: true, AuthLoggingFormat: logger.DefaultAuthLoggingFormat, ->>>>>>> Auth and standard logging with file rolling } }