internal: add X-authentik-logout signature to trigger logouts when URLs are not exposed

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2022-08-07 18:50:24 +02:00
parent 7e3c21d77b
commit 201bea6d30
3 changed files with 5 additions and 1 deletions

View file

@ -150,6 +150,8 @@ func NewApplication(p api.ProxyOutpostConfig, c *http.Client, cs *ak.CryptoStore
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
if _, set := r.URL.Query()[CallbackSignature]; set { if _, set := r.URL.Query()[CallbackSignature]; set {
a.handleAuthCallback(w, r) a.handleAuthCallback(w, r)
} else if _, set := r.URL.Query()[LogoutSignature]; set {
a.handleSignOut(w, r)
} else { } else {
inner.ServeHTTP(w, r) inner.ServeHTTP(w, r)
} }

View file

@ -15,6 +15,7 @@ import (
const ( const (
redirectParam = "rd" redirectParam = "rd"
CallbackSignature = "X-authentik-auth-callback" CallbackSignature = "X-authentik-auth-callback"
LogoutSignature = "X-authentik-logout"
) )
func (a *Application) checkRedirectParam(r *http.Request) (string, bool) { func (a *Application) checkRedirectParam(r *http.Request) (string, bool) {

View file

@ -54,7 +54,8 @@ func (ws *WebServer) configureProxy() {
before := time.Now() before := time.Now()
if ws.ProxyServer != nil { if ws.ProxyServer != nil {
_, oauthCallbackSet := r.URL.Query()[application.CallbackSignature] _, oauthCallbackSet := r.URL.Query()[application.CallbackSignature]
if ws.ProxyServer.HandleHost(rw, r) || oauthCallbackSet { _, logoutSet := r.URL.Query()[application.LogoutSignature]
if ws.ProxyServer.HandleHost(rw, r) || oauthCallbackSet || logoutSet {
Requests.With(prometheus.Labels{ Requests.With(prometheus.Labels{
"dest": "embedded_outpost", "dest": "embedded_outpost",
}).Observe(float64(time.Since(before))) }).Observe(float64(time.Since(before)))