providers/proxy: add is_superuser to ak_proxy object, only show full error when superuser
closes #3314 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
parent
393d7ec486
commit
fcf4657833
|
@ -8,7 +8,8 @@ SCOPE_AK_PROXY_EXPRESSION = """
|
|||
# which are used for example for the HTTP-Basic Authentication mapping.
|
||||
return {
|
||||
"ak_proxy": {
|
||||
"user_attributes": request.user.group_attributes(request)
|
||||
"user_attributes": request.user.group_attributes(request),
|
||||
"is_superuser": request.user.is_superuser,
|
||||
}
|
||||
}"""
|
||||
|
||||
|
|
|
@ -3,6 +3,7 @@ package application
|
|||
type ProxyClaims struct {
|
||||
UserAttributes map[string]interface{} `json:"user_attributes"`
|
||||
BackendOverride string `json:"backend_override"`
|
||||
IsSuperuser bool `json:"is_superuser"`
|
||||
}
|
||||
|
||||
type Claims struct {
|
||||
|
|
|
@ -20,8 +20,10 @@ func (a *Application) ErrorPage(rw http.ResponseWriter, r *http.Request, err str
|
|||
Message: "Error proxying to upstream server",
|
||||
ProxyPrefix: "/outpost.goauthentik.io",
|
||||
}
|
||||
if claims != nil && len(err) > 0 {
|
||||
if claims != nil && claims.Proxy.IsSuperuser {
|
||||
data.Message = err
|
||||
} else {
|
||||
data.Message = "Failed to connect to backend."
|
||||
}
|
||||
er := a.errorTemplates.Execute(rw, data)
|
||||
if er != nil {
|
||||
|
@ -34,6 +36,6 @@ func (a *Application) newProxyErrorHandler() func(http.ResponseWriter, *http.Req
|
|||
return func(rw http.ResponseWriter, req *http.Request, proxyErr error) {
|
||||
log.WithError(proxyErr).Warning("Error proxying to upstream server")
|
||||
rw.WriteHeader(http.StatusBadGateway)
|
||||
a.ErrorPage(rw, req, fmt.Sprintf("Error proxying to upstream server: %s", proxyErr.Error()))
|
||||
a.ErrorPage(rw, req, fmt.Sprintf("Error proxying to upstream server: %v", proxyErr))
|
||||
}
|
||||
}
|
||||
|
|
Reference in New Issue