outpost: use same http client for api requests and oauth token redeeming

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2021-05-23 19:27:08 +02:00
parent 0768b201a7
commit 039a1e544e
3 changed files with 16 additions and 3 deletions

View File

@ -141,7 +141,7 @@ func (pb *providerBundle) Build(provider api.ProxyOutpostConfig) {
log.Printf("%s", err) log.Printf("%s", err)
os.Exit(1) os.Exit(1)
} }
oauthproxy, err := NewOAuthProxy(opts, provider) oauthproxy, err := NewOAuthProxy(opts, provider, pb.s.ak.Client.GetConfig().HTTPClient)
if err != nil { if err != nil {
log.Errorf("ERROR: Failed to initialise OAuth2 Proxy: %v", err) log.Errorf("ERROR: Failed to initialise OAuth2 Proxy: %v", err)
os.Exit(1) os.Exit(1)

View File

@ -32,12 +32,22 @@ func (p *OAuthProxy) GetRedirectURI(host string) string {
return u.String() return u.String()
} }
// HTTPClient is the context key to use with golang.org/x/net/context's
// WithValue function to associate an *http.Client value with a context.
var HTTPClient ContextKey
// ContextKey is just an empty struct. It exists so HTTPClient can be
// an immutable public variable with a unique type. It's immutable
// because nobody else can create a ContextKey, being unexported.
type ContextKey struct{}
func (p *OAuthProxy) redeemCode(ctx context.Context, host, code string) (s *sessionsapi.SessionState, err error) { func (p *OAuthProxy) redeemCode(ctx context.Context, host, code string) (s *sessionsapi.SessionState, err error) {
if code == "" { if code == "" {
return nil, errors.New("missing code") return nil, errors.New("missing code")
} }
redirectURI := p.GetRedirectURI(host) redirectURI := p.GetRedirectURI(host)
s, err = p.provider.Redeem(ctx, redirectURI, code) redeemCtx := context.WithValue(ctx, HTTPClient, p.client)
s, err = p.provider.Redeem(redeemCtx, redirectURI, code)
if err != nil { if err != nil {
return return
} }

View File

@ -44,6 +44,8 @@ var (
// OAuthProxy is the main authentication proxy // OAuthProxy is the main authentication proxy
type OAuthProxy struct { type OAuthProxy struct {
client *http.Client
CookieSeed string CookieSeed string
CookieName string CookieName string
CSRFCookieName string CSRFCookieName string
@ -94,7 +96,7 @@ type OAuthProxy struct {
} }
// NewOAuthProxy creates a new instance of OAuthProxy from the options provided // NewOAuthProxy creates a new instance of OAuthProxy from the options provided
func NewOAuthProxy(opts *options.Options, provider api.ProxyOutpostConfig) (*OAuthProxy, error) { func NewOAuthProxy(opts *options.Options, provider api.ProxyOutpostConfig, c *http.Client) (*OAuthProxy, error) {
logger := log.WithField("logger", "authentik.outpost.proxy").WithField("provider", provider.Name) logger := log.WithField("logger", "authentik.outpost.proxy").WithField("provider", provider.Name)
sessionStore, err := sessions.NewSessionStore(&opts.Session, &opts.Cookie) sessionStore, err := sessions.NewSessionStore(&opts.Session, &opts.Cookie)
if err != nil { if err != nil {
@ -122,6 +124,7 @@ func NewOAuthProxy(opts *options.Options, provider api.ProxyOutpostConfig) (*OAu
sessionChain := buildSessionChain(opts, sessionStore) sessionChain := buildSessionChain(opts, sessionStore)
return &OAuthProxy{ return &OAuthProxy{
client: c,
CookieName: opts.Cookie.Name, CookieName: opts.Cookie.Name,
CSRFCookieName: fmt.Sprintf("%v_%v", opts.Cookie.Name, "csrf"), CSRFCookieName: fmt.Sprintf("%v_%v", opts.Cookie.Name, "csrf"),
CookieSeed: opts.Cookie.Secret, CookieSeed: opts.Cookie.Secret,