initial code import

2025-12-01 22:51:45 +02:00 · 2012-12-10 20:59:23 -05:00
parent c6f07d54d7
commit fb636396a3
9 changed files with 635 additions and 8 deletions
--- a/main.go
+++ b/main.go
@@ -0,0 +1,90 @@
+package main
+
+import (
+	"flag"
+	"log"
+	"net"
+	"net/http"
+	"net/url"
+	"strings"
+	"fmt"
+)
+
+const VERSION = "0.0.1"
+
+var (
+	showVersion             = flag.Bool("version", false, "print version string")
+	httpAddr                = flag.String("http-address", "0.0.0.0:4180", "<addr>:<port> to listen on for HTTP clients")
+	redirectUrl             = flag.String("redirect-url", "", "the OAuth Redirect URL. ie: \"https://internalapp.yourcompany.com/oauth2/callback\"")
+	clientID                = flag.String("client-id", "", "the Google OAuth Client ID: ie: \"123456.apps.googleusercontent.com\"")
+	clientSecret            = flag.String("client-secret", "", "the OAuth Client Secret")
+	passBasicAuth           = flag.Bool("pass-basic-auth", true, "pass HTTP Basic Auth information to upstream")
+	htpasswdFile            = flag.String("htpasswd-file", "", "additionally authenticate against a htpasswd file. Entries must be created with \"htpasswd -s\" for SHA encryption")
+	cookieSecret            = flag.String("cookie-secret", "", "the seed string for secure cookies")
+	cookieDomain            = flag.String("cookie-domain", "", "an optional cookie domain to force cookies to")
+	googleAppsDomain        = flag.String("google-apps-domain", "", "authenticate against the given google apps domain")
+	authenticatedEmailsFile = flag.String("authenticated-emails-file", "", "authenticate against emails via file (one per line)")
+	upstreams               = StringArray{}
+)
+
+func init() {
+	flag.Var(&upstreams, "upstream", "the http url(s) of the upstream endpoint. If multiple, routing is based on path")
+}
+
+func main() {
+	flag.Parse()
+
+	if *showVersion {
+		fmt.Printf("google_auth_proxy v%s\n", VERSION)
+		return
+	}
+
+	if len(upstreams) < 1 {
+		log.Fatal("missing --upstream")
+	}
+	if *cookieSecret == "" {
+		log.Fatal("missing --cookie-secret")
+	}
+	if *clientID == "" {
+		log.Fatal("missing --client-id")
+	}
+	if *clientSecret == "" {
+		log.Fatal("missing --client-secret")
+	}
+
+	var upstreamUrls []*url.URL
+	for _, u := range upstreams {
+		upstreamUrl, err := url.Parse(u)
+		if err != nil {
+			log.Fatalf("error parsing --upstream %s", err.Error())
+		}
+		upstreamUrls = append(upstreamUrls, upstreamUrl)
+	}
+	redirectUrl, err := url.Parse(*redirectUrl)
+	if err != nil {
+		log.Fatalf("error parsing --redirect-url %s", err.Error())
+	}
+
+	validator := NewValidator(*googleAppsDomain, *authenticatedEmailsFile)
+	oauthproxy := NewOauthProxy(upstreamUrls, *clientID, *clientSecret, validator)
+	oauthproxy.SetRedirectUrl(redirectUrl)
+	if *googleAppsDomain != "" && *authenticatedEmailsFile == "" {
+		oauthproxy.SignInMessage = fmt.Sprintf("using a %s email address", *googleAppsDomain)
+	}
+	if *htpasswdFile != "" {
+		oauthproxy.HtpasswdFile = NewHtpasswdFile(*htpasswdFile)
+	}
+	listener, err := net.Listen("tcp", *httpAddr)
+	if err != nil {
+		log.Fatalf("FATAL: listen (%s) failed - %s", *httpAddr, err.Error())
+	}
+	log.Printf("listening on %s", *httpAddr)
+
+	server := &http.Server{Handler: oauthproxy}
+	err = server.Serve(listener)
+	if err != nil && !strings.Contains(err.Error(), "use of closed network connection") {
+		log.Printf("ERROR: http.Serve() - %s", err.Error())
+	}
+
+	log.Printf("HTTP: closing %s", listener.Addr().String())
+}