From 039a1e544e4820ca9f1e34910d9fc3fcd2b2566a Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Sun, 23 May 2021 19:27:08 +0200 Subject: [PATCH] outpost: use same http client for api requests and oauth token redeeming Signed-off-by: Jens Langhammer --- outpost/pkg/proxy/api_bundle.go | 2 +- outpost/pkg/proxy/oauth.go | 12 +++++++++++- outpost/pkg/proxy/proxy.go | 5 ++++- 3 files changed, 16 insertions(+), 3 deletions(-) diff --git a/outpost/pkg/proxy/api_bundle.go b/outpost/pkg/proxy/api_bundle.go index c23e9bfe0..6febe2d61 100644 --- a/outpost/pkg/proxy/api_bundle.go +++ b/outpost/pkg/proxy/api_bundle.go @@ -141,7 +141,7 @@ func (pb *providerBundle) Build(provider api.ProxyOutpostConfig) { log.Printf("%s", err) os.Exit(1) } - oauthproxy, err := NewOAuthProxy(opts, provider) + oauthproxy, err := NewOAuthProxy(opts, provider, pb.s.ak.Client.GetConfig().HTTPClient) if err != nil { log.Errorf("ERROR: Failed to initialise OAuth2 Proxy: %v", err) os.Exit(1) diff --git a/outpost/pkg/proxy/oauth.go b/outpost/pkg/proxy/oauth.go index 96e72a9b5..3da88990d 100644 --- a/outpost/pkg/proxy/oauth.go +++ b/outpost/pkg/proxy/oauth.go @@ -32,12 +32,22 @@ func (p *OAuthProxy) GetRedirectURI(host string) string { return u.String() } +// HTTPClient is the context key to use with golang.org/x/net/context's +// WithValue function to associate an *http.Client value with a context. +var HTTPClient ContextKey + +// ContextKey is just an empty struct. It exists so HTTPClient can be +// an immutable public variable with a unique type. It's immutable +// because nobody else can create a ContextKey, being unexported. +type ContextKey struct{} + func (p *OAuthProxy) redeemCode(ctx context.Context, host, code string) (s *sessionsapi.SessionState, err error) { if code == "" { return nil, errors.New("missing code") } redirectURI := p.GetRedirectURI(host) - s, err = p.provider.Redeem(ctx, redirectURI, code) + redeemCtx := context.WithValue(ctx, HTTPClient, p.client) + s, err = p.provider.Redeem(redeemCtx, redirectURI, code) if err != nil { return } diff --git a/outpost/pkg/proxy/proxy.go b/outpost/pkg/proxy/proxy.go index 94e4f5425..fcfb746be 100644 --- a/outpost/pkg/proxy/proxy.go +++ b/outpost/pkg/proxy/proxy.go @@ -44,6 +44,8 @@ var ( // OAuthProxy is the main authentication proxy type OAuthProxy struct { + client *http.Client + CookieSeed string CookieName string CSRFCookieName string @@ -94,7 +96,7 @@ type OAuthProxy struct { } // NewOAuthProxy creates a new instance of OAuthProxy from the options provided -func NewOAuthProxy(opts *options.Options, provider api.ProxyOutpostConfig) (*OAuthProxy, error) { +func NewOAuthProxy(opts *options.Options, provider api.ProxyOutpostConfig, c *http.Client) (*OAuthProxy, error) { logger := log.WithField("logger", "authentik.outpost.proxy").WithField("provider", provider.Name) sessionStore, err := sessions.NewSessionStore(&opts.Session, &opts.Cookie) if err != nil { @@ -122,6 +124,7 @@ func NewOAuthProxy(opts *options.Options, provider api.ProxyOutpostConfig) (*OAu sessionChain := buildSessionChain(opts, sessionStore) return &OAuthProxy{ + client: c, CookieName: opts.Cookie.Name, CSRFCookieName: fmt.Sprintf("%v_%v", opts.Cookie.Name, "csrf"), CookieSeed: opts.Cookie.Secret,