outposts/proxy: cleanup

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2021-12-21 19:16:01 +01:00
parent f742c73e24
commit ba55538a34
2 changed files with 2 additions and 7 deletions

View File

@ -85,7 +85,7 @@ func (a *Application) IsAllowlisted(r *http.Request) bool {
// Since that would be /akprox/auth/... // Since that would be /akprox/auth/...
if a.Mode() == api.PROXYMODE_FORWARD_SINGLE || a.Mode() == api.PROXYMODE_FORWARD_DOMAIN { if a.Mode() == api.PROXYMODE_FORWARD_SINGLE || a.Mode() == api.PROXYMODE_FORWARD_DOMAIN {
// For traefik, we can get the Upstream URL from headers // For traefik, we can get the Upstream URL from headers
// For nginx we can attempt to as well, but it's not guranteed to work. // For nginx we can attempt to as well, but it's not guaranteed to work.
if strings.HasPrefix(r.URL.Path, "/akprox/auth") { if strings.HasPrefix(r.URL.Path, "/akprox/auth") {
url = a.getTraefikForwardUrl(r) url = a.getTraefikForwardUrl(r)
} }

View File

@ -48,12 +48,7 @@ func (a *Application) forwardHandleTraefik(rw http.ResponseWriter, r *http.Reque
// to the application // to the application
// see https://doc.traefik.io/traefik/middlewares/forwardauth/ // see https://doc.traefik.io/traefik/middlewares/forwardauth/
// X-Forwarded-Uri is only the path, so we need to build the entire URL // X-Forwarded-Uri is only the path, so we need to build the entire URL
s.Values[constants.SessionRedirect] = fmt.Sprintf( s.Values[constants.SessionRedirect] = a.getTraefikForwardUrl(r).String()
"%s://%s%s",
r.Header.Get("X-Forwarded-Proto"),
r.Header.Get("X-Forwarded-Host"),
r.Header.Get("X-Forwarded-Uri"),
)
if r.Header.Get("X-Forwarded-Uri") == "/akprox/start" { if r.Header.Get("X-Forwarded-Uri") == "/akprox/start" {
a.log.Info("Detected potential redirect loop") a.log.Info("Detected potential redirect loop")
if val, ok := s.Values[constants.SessionLoopDetection]; !ok { if val, ok := s.Values[constants.SessionLoopDetection]; !ok {