trustchain-oc1-orchestral
/
authentik
Archived
10
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

providers/proxy: use same redirect-save code for all modes 

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2022-06-04 23:25:47 +02:00
parent dc9203789e
commit e30103aa9f
2 changed files with 25 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
internal/outpost/proxyv2/application/mode_forward.go
View File

@ -13,18 +13,13 @@ import (
const (
envoyPrefix = "/outpost.goauthentik.io/auth/envoy"
traefikPrefix = "/outpost.goauthentik.io/auth/traefik"
nginxPrefix = "/outpost.goauthentik.io/auth/nginx"
)
func (a *Application) configureForward() error {
a.mux.HandleFunc("/outpost.goauthentik.io/auth", func(rw http.ResponseWriter, r *http.Request) {
if _, ok := r.URL.Query()["traefik"]; ok {
a.forwardHandleTraefik(rw, r)
return
}
a.forwardHandleNginx(rw, r)
})
a.mux.HandleFunc("/outpost.goauthentik.io/auth/traefik", a.forwardHandleTraefik)
a.mux.HandleFunc("/outpost.goauthentik.io/auth/nginx", a.forwardHandleNginx)
a.mux.HandleFunc(traefikPrefix, a.forwardHandleTraefik)
a.mux.HandleFunc(nginxPrefix, a.forwardHandleNginx)
a.mux.PathPrefix(envoyPrefix).HandlerFunc(a.forwardHandleEnvoy)
return nil
}
@ -59,7 +54,6 @@ func (a *Application) forwardHandleTraefik(rw http.ResponseWriter, r *http.Reque
return
}
host := ""
s, _ := a.sessions.Get(r, constants.SessionName)
// Optional suffix, which is appended to the URL
if *a.proxyConfig.Mode.Get() == api.PROXYMODE_FORWARD_SINGLE {
host = web.GetHost(r)
@ -75,11 +69,14 @@ func (a *Application) forwardHandleTraefik(rw http.ResponseWriter, r *http.Reque
// to a (possibly) different domain, but we want to be redirected back
// to the application
// X-Forwarded-Uri is only the path, so we need to build the entire URL
s, _ := a.sessions.Get(r, constants.SessionName)
if _, redirectSet := s.Values[constants.SessionRedirect]; !redirectSet {
s.Values[constants.SessionRedirect] = fwd.String()
err = s.Save(r, rw)
if err != nil {
a.log.WithError(err).Warning("failed to save session before redirect")
}
}
proto := r.Header.Get("X-Forwarded-Proto")
if proto != "" {
@ -117,11 +114,13 @@ func (a *Application) forwardHandleNginx(rw http.ResponseWriter, r *http.Request
}
s, _ := a.sessions.Get(r, constants.SessionName)
if _, redirectSet := s.Values[constants.SessionRedirect]; !redirectSet {
s.Values[constants.SessionRedirect] = fwd.String()
err = s.Save(r, rw)
if err != nil {
a.log.WithError(err).Warning("failed to save session before redirect")
}
}
if fwd.String() != r.URL.String() {
if strings.HasPrefix(fwd.Path, "/outpost.goauthentik.io") {
@ -152,7 +151,6 @@ func (a *Application) forwardHandleEnvoy(rw http.ResponseWriter, r *http.Request
return
}
host := ""
s, _ := a.sessions.Get(r, constants.SessionName)
// Optional suffix, which is appended to the URL
if *a.proxyConfig.Mode.Get() == api.PROXYMODE_FORWARD_SINGLE {
host = web.GetHost(r)
@ -168,6 +166,7 @@ func (a *Application) forwardHandleEnvoy(rw http.ResponseWriter, r *http.Request
// to a (possibly) different domain, but we want to be redirected back
// to the application
// X-Forwarded-Uri is only the path, so we need to build the entire URL
s, _ := a.sessions.Get(r, constants.SessionName)
if _, redirectSet := s.Values[constants.SessionRedirect]; !redirectSet {
s.Values[constants.SessionRedirect] = fwd.String()
err = s.Save(r, rw)

2
internal/outpost/proxyv2/application/utils.go
View File

@ -36,11 +36,13 @@ func (a *Application) redirectToStart(rw http.ResponseWriter, r *http.Request) {
redirectUrl = a.proxyConfig.ExternalHost
}
}
if _, redirectSet := s.Values[constants.SessionRedirect]; !redirectSet {
s.Values[constants.SessionRedirect] = redirectUrl
err = s.Save(r, rw)
if err != nil {
a.log.WithError(err).Warning("failed to save session before redirect")
}
}
urlArgs := url.Values{
"rd": []string{redirectUrl},