outpost: use same http client for api requests and oauth token redeeming
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
parent
0768b201a7
commit
039a1e544e
|
@ -141,7 +141,7 @@ func (pb *providerBundle) Build(provider api.ProxyOutpostConfig) {
|
||||||
log.Printf("%s", err)
|
log.Printf("%s", err)
|
||||||
os.Exit(1)
|
os.Exit(1)
|
||||||
}
|
}
|
||||||
oauthproxy, err := NewOAuthProxy(opts, provider)
|
oauthproxy, err := NewOAuthProxy(opts, provider, pb.s.ak.Client.GetConfig().HTTPClient)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Errorf("ERROR: Failed to initialise OAuth2 Proxy: %v", err)
|
log.Errorf("ERROR: Failed to initialise OAuth2 Proxy: %v", err)
|
||||||
os.Exit(1)
|
os.Exit(1)
|
||||||
|
|
|
@ -32,12 +32,22 @@ func (p *OAuthProxy) GetRedirectURI(host string) string {
|
||||||
return u.String()
|
return u.String()
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// HTTPClient is the context key to use with golang.org/x/net/context's
|
||||||
|
// WithValue function to associate an *http.Client value with a context.
|
||||||
|
var HTTPClient ContextKey
|
||||||
|
|
||||||
|
// ContextKey is just an empty struct. It exists so HTTPClient can be
|
||||||
|
// an immutable public variable with a unique type. It's immutable
|
||||||
|
// because nobody else can create a ContextKey, being unexported.
|
||||||
|
type ContextKey struct{}
|
||||||
|
|
||||||
func (p *OAuthProxy) redeemCode(ctx context.Context, host, code string) (s *sessionsapi.SessionState, err error) {
|
func (p *OAuthProxy) redeemCode(ctx context.Context, host, code string) (s *sessionsapi.SessionState, err error) {
|
||||||
if code == "" {
|
if code == "" {
|
||||||
return nil, errors.New("missing code")
|
return nil, errors.New("missing code")
|
||||||
}
|
}
|
||||||
redirectURI := p.GetRedirectURI(host)
|
redirectURI := p.GetRedirectURI(host)
|
||||||
s, err = p.provider.Redeem(ctx, redirectURI, code)
|
redeemCtx := context.WithValue(ctx, HTTPClient, p.client)
|
||||||
|
s, err = p.provider.Redeem(redeemCtx, redirectURI, code)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
|
@ -44,6 +44,8 @@ var (
|
||||||
|
|
||||||
// OAuthProxy is the main authentication proxy
|
// OAuthProxy is the main authentication proxy
|
||||||
type OAuthProxy struct {
|
type OAuthProxy struct {
|
||||||
|
client *http.Client
|
||||||
|
|
||||||
CookieSeed string
|
CookieSeed string
|
||||||
CookieName string
|
CookieName string
|
||||||
CSRFCookieName string
|
CSRFCookieName string
|
||||||
|
@ -94,7 +96,7 @@ type OAuthProxy struct {
|
||||||
}
|
}
|
||||||
|
|
||||||
// NewOAuthProxy creates a new instance of OAuthProxy from the options provided
|
// NewOAuthProxy creates a new instance of OAuthProxy from the options provided
|
||||||
func NewOAuthProxy(opts *options.Options, provider api.ProxyOutpostConfig) (*OAuthProxy, error) {
|
func NewOAuthProxy(opts *options.Options, provider api.ProxyOutpostConfig, c *http.Client) (*OAuthProxy, error) {
|
||||||
logger := log.WithField("logger", "authentik.outpost.proxy").WithField("provider", provider.Name)
|
logger := log.WithField("logger", "authentik.outpost.proxy").WithField("provider", provider.Name)
|
||||||
sessionStore, err := sessions.NewSessionStore(&opts.Session, &opts.Cookie)
|
sessionStore, err := sessions.NewSessionStore(&opts.Session, &opts.Cookie)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
@ -122,6 +124,7 @@ func NewOAuthProxy(opts *options.Options, provider api.ProxyOutpostConfig) (*OAu
|
||||||
sessionChain := buildSessionChain(opts, sessionStore)
|
sessionChain := buildSessionChain(opts, sessionStore)
|
||||||
|
|
||||||
return &OAuthProxy{
|
return &OAuthProxy{
|
||||||
|
client: c,
|
||||||
CookieName: opts.Cookie.Name,
|
CookieName: opts.Cookie.Name,
|
||||||
CSRFCookieName: fmt.Sprintf("%v_%v", opts.Cookie.Name, "csrf"),
|
CSRFCookieName: fmt.Sprintf("%v_%v", opts.Cookie.Name, "csrf"),
|
||||||
CookieSeed: opts.Cookie.Secret,
|
CookieSeed: opts.Cookie.Secret,
|
||||||
|
|
Reference in New Issue