internal: add X-authentik-logout signature to trigger logouts when URLs are not exposed
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
parent
7e3c21d77b
commit
201bea6d30
|
@ -150,6 +150,8 @@ func NewApplication(p api.ProxyOutpostConfig, c *http.Client, cs *ak.CryptoStore
|
|||
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
if _, set := r.URL.Query()[CallbackSignature]; set {
|
||||
a.handleAuthCallback(w, r)
|
||||
} else if _, set := r.URL.Query()[LogoutSignature]; set {
|
||||
a.handleSignOut(w, r)
|
||||
} else {
|
||||
inner.ServeHTTP(w, r)
|
||||
}
|
||||
|
|
|
@ -15,6 +15,7 @@ import (
|
|||
const (
|
||||
redirectParam = "rd"
|
||||
CallbackSignature = "X-authentik-auth-callback"
|
||||
LogoutSignature = "X-authentik-logout"
|
||||
)
|
||||
|
||||
func (a *Application) checkRedirectParam(r *http.Request) (string, bool) {
|
||||
|
|
|
@ -54,7 +54,8 @@ func (ws *WebServer) configureProxy() {
|
|||
before := time.Now()
|
||||
if ws.ProxyServer != nil {
|
||||
_, oauthCallbackSet := r.URL.Query()[application.CallbackSignature]
|
||||
if ws.ProxyServer.HandleHost(rw, r) || oauthCallbackSet {
|
||||
_, logoutSet := r.URL.Query()[application.LogoutSignature]
|
||||
if ws.ProxyServer.HandleHost(rw, r) || oauthCallbackSet || logoutSet {
|
||||
Requests.With(prometheus.Labels{
|
||||
"dest": "embedded_outpost",
|
||||
}).Observe(float64(time.Since(before)))
|
||||
|
|
Reference in a new issue