internal: add X-authentik-logout signature to trigger logouts when URLs are not exposed

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2022-08-07 18:50:24 +02:00
parent 7e3c21d77b
commit 201bea6d30
3 changed files with 5 additions and 1 deletions

View file

@ -150,6 +150,8 @@ func NewApplication(p api.ProxyOutpostConfig, c *http.Client, cs *ak.CryptoStore
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
if _, set := r.URL.Query()[CallbackSignature]; set {
a.handleAuthCallback(w, r)
} else if _, set := r.URL.Query()[LogoutSignature]; set {
a.handleSignOut(w, r)
} else {
inner.ServeHTTP(w, r)
}

View file

@ -15,6 +15,7 @@ import (
const (
redirectParam = "rd"
CallbackSignature = "X-authentik-auth-callback"
LogoutSignature = "X-authentik-logout"
)
func (a *Application) checkRedirectParam(r *http.Request) (string, bool) {

View file

@ -54,7 +54,8 @@ func (ws *WebServer) configureProxy() {
before := time.Now()
if ws.ProxyServer != nil {
_, oauthCallbackSet := r.URL.Query()[application.CallbackSignature]
if ws.ProxyServer.HandleHost(rw, r) || oauthCallbackSet {
_, logoutSet := r.URL.Query()[application.LogoutSignature]
if ws.ProxyServer.HandleHost(rw, r) || oauthCallbackSet || logoutSet {
Requests.With(prometheus.Labels{
"dest": "embedded_outpost",
}).Observe(float64(time.Since(before)))