3c1b70c355
* outposts/proxyv2: initial commit Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> add rs256 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> more stuff Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> add forward auth an sign_out Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> match cookie name Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> re-add support for rs256 for backwards compat Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> add error handler Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> ensure unique user-agent is used Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> set cookie duration based on id_token expiry Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> build proxy v2 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> add ssl Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> add basic auth and custom header support Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> add application cert loading Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> implement whitelist Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> add redis Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> migrate embedded outpost to v2 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> remove old proxy Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> providers/proxy: make token expiration configurable Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> add metrics Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> fix tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * providers/proxy: only allow one redirect URI Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix docker build for proxy Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * remove default port offset Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add AUTHENTIK_HOST_BROWSER Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * tests: fix e2e/integration tests not using proper tags Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * remove references of old port Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix user_attributes not being loaded correctly Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * cleanup dependencies Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * cleanup Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
113 lines
2.8 KiB
Go
113 lines
2.8 KiB
Go
package web
|
|
|
|
import (
|
|
"bufio"
|
|
"errors"
|
|
"fmt"
|
|
"net"
|
|
"net/http"
|
|
"time"
|
|
|
|
log "github.com/sirupsen/logrus"
|
|
)
|
|
|
|
// responseLogger is wrapper of http.ResponseWriter that keeps track of its HTTP status
|
|
// code and body size
|
|
type responseLogger struct {
|
|
w http.ResponseWriter
|
|
status int
|
|
size int
|
|
upstream string
|
|
}
|
|
|
|
// Header returns the ResponseWriter's Header
|
|
func (l *responseLogger) Header() http.Header {
|
|
return l.w.Header()
|
|
}
|
|
|
|
// Support Websocket
|
|
func (l *responseLogger) Hijack() (rwc net.Conn, buf *bufio.ReadWriter, err error) {
|
|
if hj, ok := l.w.(http.Hijacker); ok {
|
|
return hj.Hijack()
|
|
}
|
|
return nil, nil, errors.New("http.Hijacker is not available on writer")
|
|
}
|
|
|
|
// Write writes the response using the ResponseWriter
|
|
func (l *responseLogger) Write(b []byte) (int, error) {
|
|
if l.status == 0 {
|
|
// The status will be StatusOK if WriteHeader has not been called yet
|
|
l.status = http.StatusOK
|
|
}
|
|
size, err := l.w.Write(b)
|
|
l.size += size
|
|
return size, err
|
|
}
|
|
|
|
// WriteHeader writes the status code for the Response
|
|
func (l *responseLogger) WriteHeader(s int) {
|
|
l.w.WriteHeader(s)
|
|
l.status = s
|
|
}
|
|
|
|
// Status returns the response status code
|
|
func (l *responseLogger) Status() int {
|
|
return l.status
|
|
}
|
|
|
|
// Size returns the response size
|
|
func (l *responseLogger) Size() int {
|
|
return l.size
|
|
}
|
|
|
|
// Flush sends any buffered data to the client
|
|
func (l *responseLogger) Flush() {
|
|
if flusher, ok := l.w.(http.Flusher); ok {
|
|
flusher.Flush()
|
|
}
|
|
}
|
|
|
|
// loggingHandler is the http.Handler implementation for LoggingHandler
|
|
type loggingHandler struct {
|
|
handler http.Handler
|
|
logger *log.Entry
|
|
afterHandler afterHandler
|
|
}
|
|
|
|
type afterHandler func(l *log.Entry, r *http.Request) *log.Entry
|
|
|
|
// NewLoggingHandler provides an http.Handler which logs requests to the HTTP server
|
|
func NewLoggingHandler(logger *log.Entry, after afterHandler) func(h http.Handler) http.Handler {
|
|
if after == nil {
|
|
after = func(l *log.Entry, r *http.Request) *log.Entry {
|
|
return l
|
|
}
|
|
}
|
|
return func(h http.Handler) http.Handler {
|
|
return loggingHandler{
|
|
handler: h,
|
|
logger: logger,
|
|
afterHandler: after,
|
|
}
|
|
}
|
|
}
|
|
|
|
func (h loggingHandler) ServeHTTP(w http.ResponseWriter, req *http.Request) {
|
|
t := time.Now()
|
|
url := *req.URL
|
|
responseLogger := &responseLogger{w: w}
|
|
h.handler.ServeHTTP(responseLogger, req)
|
|
duration := float64(time.Since(t)) / float64(time.Millisecond)
|
|
h.afterHandler(h.logger.WithFields(log.Fields{
|
|
"host": req.RemoteAddr,
|
|
"vhost": GetHost(req),
|
|
"request_protocol": req.Proto,
|
|
"runtime": fmt.Sprintf("%0.3f", duration),
|
|
"method": req.Method,
|
|
"size": responseLogger.Size(),
|
|
"status": responseLogger.Status(),
|
|
"upstream": responseLogger.upstream,
|
|
"request_useragent": req.UserAgent(),
|
|
}), req).Info(url.RequestURI())
|
|
}
|