providers/proxy: use same redirect-save code for all modes

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

internal/outpost/proxyv2/application/mode_forward.go

@@ -13,18 +13,13 @@ import (
 
 const (
 	envoyPrefix   = "/outpost.goauthentik.io/auth/envoy"
+	traefikPrefix = "/outpost.goauthentik.io/auth/traefik"
+	nginxPrefix   = "/outpost.goauthentik.io/auth/nginx"
 )
 
 func (a *Application) configureForward() error {
-	a.mux.HandleFunc("/outpost.goauthentik.io/auth", func(rw http.ResponseWriter, r *http.Request) {
+	a.mux.HandleFunc(traefikPrefix, a.forwardHandleTraefik)
-		if _, ok := r.URL.Query()["traefik"]; ok {
+	a.mux.HandleFunc(nginxPrefix, a.forwardHandleNginx)
-			a.forwardHandleTraefik(rw, r)
-			return
-		}
-		a.forwardHandleNginx(rw, r)
-	})
-	a.mux.HandleFunc("/outpost.goauthentik.io/auth/traefik", a.forwardHandleTraefik)
-	a.mux.HandleFunc("/outpost.goauthentik.io/auth/nginx", a.forwardHandleNginx)
 	a.mux.PathPrefix(envoyPrefix).HandlerFunc(a.forwardHandleEnvoy)
 	return nil
 }
@@ -59,7 +54,6 @@ func (a *Application) forwardHandleTraefik(rw http.ResponseWriter, r *http.Reque
 		return
 	}
 	host := ""
-	s, _ := a.sessions.Get(r, constants.SessionName)
 	// Optional suffix, which is appended to the URL
 	if *a.proxyConfig.Mode.Get() == api.PROXYMODE_FORWARD_SINGLE {
 		host = web.GetHost(r)
@@ -75,11 +69,14 @@ func (a *Application) forwardHandleTraefik(rw http.ResponseWriter, r *http.Reque
 	// to a (possibly) different domain, but we want to be redirected back
 	// to the application
 	// X-Forwarded-Uri is only the path, so we need to build the entire URL
+	s, _ := a.sessions.Get(r, constants.SessionName)
+	if _, redirectSet := s.Values[constants.SessionRedirect]; !redirectSet {
 		s.Values[constants.SessionRedirect] = fwd.String()
 		err = s.Save(r, rw)
 		if err != nil {
 			a.log.WithError(err).Warning("failed to save session before redirect")
 		}
+	}
 
 	proto := r.Header.Get("X-Forwarded-Proto")
 	if proto != "" {
@@ -117,11 +114,13 @@ func (a *Application) forwardHandleNginx(rw http.ResponseWriter, r *http.Request
 	}
 
 	s, _ := a.sessions.Get(r, constants.SessionName)
+	if _, redirectSet := s.Values[constants.SessionRedirect]; !redirectSet {
 		s.Values[constants.SessionRedirect] = fwd.String()
 		err = s.Save(r, rw)
 		if err != nil {
 			a.log.WithError(err).Warning("failed to save session before redirect")
 		}
+	}
 
 	if fwd.String() != r.URL.String() {
 		if strings.HasPrefix(fwd.Path, "/outpost.goauthentik.io") {
@@ -152,7 +151,6 @@ func (a *Application) forwardHandleEnvoy(rw http.ResponseWriter, r *http.Request
 		return
 	}
 	host := ""
-	s, _ := a.sessions.Get(r, constants.SessionName)
 	// Optional suffix, which is appended to the URL
 	if *a.proxyConfig.Mode.Get() == api.PROXYMODE_FORWARD_SINGLE {
 		host = web.GetHost(r)
@@ -168,6 +166,7 @@ func (a *Application) forwardHandleEnvoy(rw http.ResponseWriter, r *http.Request
 	// to a (possibly) different domain, but we want to be redirected back
 	// to the application
 	// X-Forwarded-Uri is only the path, so we need to build the entire URL
+	s, _ := a.sessions.Get(r, constants.SessionName)
 	if _, redirectSet := s.Values[constants.SessionRedirect]; !redirectSet {
 		s.Values[constants.SessionRedirect] = fwd.String()
 		err = s.Save(r, rw)

internal/outpost/proxyv2/application/utils.go

@@ -36,11 +36,13 @@ func (a *Application) redirectToStart(rw http.ResponseWriter, r *http.Request) {
 			redirectUrl = a.proxyConfig.ExternalHost
 		}
 	}
+	if _, redirectSet := s.Values[constants.SessionRedirect]; !redirectSet {
 		s.Values[constants.SessionRedirect] = redirectUrl
 		err = s.Save(r, rw)
 		if err != nil {
 			a.log.WithError(err).Warning("failed to save session before redirect")
 		}
+	}
 
 	urlArgs := url.Values{
 		"rd": []string{redirectUrl},