go/oauth2-proxy
1
0
Fork 0
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git synced 2025-01-08 04:03:58 +02:00
Code Issues Releases Activity
A reverse proxy that provides authentication with Google, Azure, OpenID Connect and many more identity providers.
1,156 Commits 28 Branches 34 Tags 82 MiB
Go 98.3%
Makefile 0.7%
HTML 0.5%
Shell 0.3%
Dockerfile 0.2%
a09eecc6a2
Go to file
Nick Meves a09eecc6a2
Reduce SessionState size better with MessagePack + LZ4 (#632) 
* Encode sessions with MsgPack + LZ4

Assumes ciphers are now mandatory per #414. Cookie & Redis sessions
can fallback to V5 style JSON in error cases. TODO: session_state.go
unit tests & new unit tests for Legacy fallback scenarios.

* Only compress encoded sessions with Cookie Store

* Cleanup msgpack + lz4 error handling

* Change NewBase64Cipher to take in an existing Cipher

* Add msgpack & lz4 session state tests

* Add required options for oauthproxy tests

More aggressively assert.NoError on all
validation.Validate(opts) calls to enforce legal
options in all our tests.
Add additional NoError checks wherever error return
values were ignored.

* Remove support for uncompressed session state fields

* Improve error verbosity & add session state tests

* Ensure all marshalled sessions are valid

Invalid CFB decryptions can result in garbage data
that 1/100 times might cause message pack unmarshal
to not fail and instead return an empty session.
This adds more rigor to make sure legacy sessions
cause appropriate errors.

* Add tests for legacy V5 session decoding

Refactor common legacy JSON test cases to a
legacy helpers area under session store tests.

* Make ValidateSession a struct method & add CHANGELOG entry

* Improve SessionState error & comments verbosity

* Move legacy session test helpers to sessions pkg

Placing these helpers under the sessions pkg removed
all the circular import uses in housing it under the
session store area.

* Improve SignatureAuthenticator test helper formatting

* Make redis.legacyV5DecodeSession internal

* Make LegacyV5TestCase test table public for linter
2020-07-13 20:56:05 +01:00
.github Update CODEOWNERS to request review from reviewers team (#613) 2020-07-02 21:09:55 +01:00
contrib Use double dashes in service example (#678) 2020-07-12 15:50:19 +01:00
docs docs: Fix required ruby-version (#675) 2020-07-12 16:09:34 +01:00
pkg Reduce SessionState size better with MessagePack + LZ4 (#632) 2020-07-13 20:56:05 +01:00
providers Migrate all requests to result pattern 2020-07-06 20:38:00 +01:00
test Merge pull request from GHSA-5m6c-jp6f-2vcv 2020-06-27 12:07:24 +01:00
.dockerignore Reduce docker context to improve build times 2020-07-07 20:51:43 +01:00
.gitignore Set up code coverage within Travis for Code Climate (#533) 2020-05-10 07:29:37 +01:00
.golangci.yml Move SessionStore tests to independent package 2020-07-01 06:41:35 +01:00
.travis.yml Set up code coverage within Travis for Code Climate (#533) 2020-05-10 07:29:37 +01:00
CHANGELOG.md Reduce SessionState size better with MessagePack + LZ4 (#632) 2020-07-13 20:56:05 +01:00
CONTRIBUTING.md Drop configure script in favour of native Makefile env and checks (#515) 2020-05-09 16:07:46 +01:00
dist.sh Migrate to oauth2-proxy/oauth2-proxy 2020-03-29 15:40:10 +01:00
Dockerfile Reduce docker context to improve build times 2020-07-07 20:51:43 +01:00
Dockerfile.arm64 Reduce docker context to improve build times 2020-07-07 20:51:43 +01:00
Dockerfile.armv6 Reduce docker context to improve build times 2020-07-07 20:51:43 +01:00
go.mod Reduce SessionState size better with MessagePack + LZ4 (#632) 2020-07-13 20:56:05 +01:00
go.sum Reduce SessionState size better with MessagePack + LZ4 (#632) 2020-07-13 20:56:05 +01:00
htpasswd_test.go Lint for non-comment linter errors 2018-11-29 14:26:41 +00:00
htpasswd.go Migrate to oauth2-proxy/oauth2-proxy 2020-03-29 15:40:10 +01:00
http_test.go Move RedirectToHTTPS to middleware package 2020-07-03 17:19:09 +01:00
http.go Move RedirectToHTTPS to middleware package 2020-07-03 17:19:09 +01:00
LICENSE add MIT license for google_auth_proxy 2014-06-09 16:25:26 -04:00
logging_handler_test.go Integrate HealthCheck middleware 2020-06-14 21:05:17 +01:00
logging_handler.go Integrate HealthCheck middleware 2020-06-14 21:05:17 +01:00
main.go Move RedirectToHTTPS to middleware package 2020-07-03 17:19:09 +01:00
MAINTAINERS Remove Syscll as a maintainer (#540) 2020-05-10 11:51:15 +01:00
Makefile Reduce docker context to improve build times 2020-07-07 20:51:43 +01:00
nsswitch.conf Add nsswitch.conf to Docker image (#400) 2020-02-23 18:16:18 +00:00
oauthproxy_test.go Reduce SessionState size better with MessagePack + LZ4 (#632) 2020-07-13 20:56:05 +01:00
oauthproxy.go Implements --trusted-ip option (#552) 2020-07-11 11:10:58 +01:00
README.md Update changelog ready for release v6.0.0 2020-06-27 12:10:27 +01:00
RELEASE.md Migrate to oauth2-proxy/oauth2-proxy 2020-03-29 15:40:10 +01:00
templates_test.go Add basic string functions to templates (#514) 2020-05-09 21:05:51 +01:00
templates.go Add basic string functions to templates (#514) 2020-05-09 21:05:51 +01:00
validator_test.go remove unnecessary validator tests (#288) 2019-10-18 08:49:33 -07:00
validator.go Migrate to oauth2-proxy/oauth2-proxy 2020-03-29 15:40:10 +01:00
version.go Introduce Makefile 2019-01-04 10:58:30 +00:00
watcher_unsupported.go Migrate to oauth2-proxy/oauth2-proxy 2020-03-29 15:40:10 +01:00
watcher.go Add new linters (#486) 2020-04-14 09:36:44 +01:00

README.md

OAuth2 Proxy

Build Status Go Report Card GoDoc MIT licensed Maintainability Test Coverage

A reverse proxy and static file server that provides authentication using Providers (Google, GitHub, and others) to validate accounts by email, domain or group.

Note: This repository was forked from bitly/OAuth2_Proxy on 27/11/2018. Versions v3.0.0 and up are from this fork and will have diverged from any changes in the original fork. A list of changes can be seen in the CHANGELOG.

Note: This project was formerly hosted as pusher/oauth2_proxy but has been renamed as of 29/03/2020 to oauth2-proxy/oauth2-proxy. Going forward, all images shall be available at quay.io/oauth2-proxy/oauth2-proxy and binaries wiil been named oauth2-proxy.

Sign In Page

Installation

  1. Choose how to deploy:

    a. Download Prebuilt Binary (current release is v6.0.0)

    b. Build with $ go get github.com/oauth2-proxy/oauth2-proxy which will put the binary in $GOROOT/bin

    c. Using the prebuilt docker image quay.io/oauth2-proxy/oauth2-proxy (AMD64, ARMv6 and ARM64 tags available)

Prebuilt binaries can be validated by extracting the file and verifying it against the sha256sum.txt checksum file provided for each release starting with version v3.0.0.

sha256sum -c sha256sum.txt 2>&1 | grep OK
oauth2-proxy-x.y.z.linux-amd64: OK
  1. Select a Provider and Register an OAuth Application with a Provider
  2. Configure OAuth2 Proxy using config file, command line options, or environment variables
  3. Configure SSL or Deploy behind a SSL endpoint (example provided for Nginx)

Security

If you are running a version older than v6.0.0 we strongly recommend you please update to a current version. See open redirect vulnverability for details.

Docs

Read the docs on our Docs site.

OAuth2 Proxy Architecture

Getting Involved

If you would like to reach out to the maintainers, come talk to us in the #oauth2_proxy channel in the Gophers slack.

Contributing

Please see our Contributing guidelines. For releasing see our release creation guide.