outposts/proxy: handle redirect loop in start handler, show error message

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-21 10:07:08 +01:00 · 2021-12-21 10:07:08 +01:00 · f10b57ba0b
parent e53114a645
commit f10b57ba0b
2 changed files with 7 additions and 5 deletions
--- a/internal/outpost/proxyv2/application/mode_forward.go
+++ b/internal/outpost/proxyv2/application/mode_forward.go
@ -60,11 +60,6 @@ func (a *Application) forwardHandleTraefik(rw http.ResponseWriter, r *http.Reque
 			s.Values[constants.SessionLoopDetection] = 1
 		} else {
 			s.Values[constants.SessionLoopDetection] = val.(int) + 1
-			if val.(int) > 10 {
-				a.log.Error("Stopped redirect loop")
-				rw.WriteHeader(http.StatusBadRequest)
-				return
-			}
 		}
 	}
 	err = s.Save(r, rw)
--- a/internal/outpost/proxyv2/application/oauth.go
+++ b/internal/outpost/proxyv2/application/oauth.go
@ -16,6 +16,13 @@ func (a *Application) handleRedirect(rw http.ResponseWriter, r *http.Request) {
 	if err != nil {
 		a.log.WithError(err).Warning("failed to save session")
 	}
+	if loop, ok := s.Values[constants.SessionLoopDetection]; ok {
+		if loop.(int) > 10 {
+			rw.WriteHeader(http.StatusBadRequest)
+			a.ErrorPage(rw, r, "Detected redirect loop, make sure /akprox is accessible without authentication.")
+			return
+		}
+	}
 	http.Redirect(rw, r, a.oauthConfig.AuthCodeURL(state), http.StatusFound)
 }