extern/zrok
1
1
Fork 0
mirror of https://github.com/openziti/zrok.git synced 2025-08-13 17:57:37 +02:00
Code Issues Packages Projects Releases Wiki Activity

fixed redirect to respect intended route, added additional logging around token swapping

Browse Source
This commit is contained in:
Cam
2023-09-13 10:37:38 -05:00
parent 4cf8b7d7c6
commit 4be9089cfe
3 changed files with 26 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
endpoints/publicProxy/github.go
View File

@ -67,7 +67,7 @@ func configureGithubOauth(cfg *OauthConfig, tls bool) error {
type IntermediateJWT struct {
State string `json:"state"`
Share string `json:"share"`
Host string `json:"host"`
AuthorizationCheckInterval string `json:"authorizationCheckInterval"`
jwt.RegisteredClaims
}
@ -81,11 +81,15 @@ func configureGithubOauth(cfg *OauthConfig, tls bool) error {
authHandlerWithQueryState := func(party rp.RelyingParty) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
host, err := url.QueryUnescape(r.URL.Query().Get("targethost"))
if err != nil {
logrus.Errorf("Unable to unescape target host: %v", err)
}
rp.AuthURLHandler(func() string {
id := uuid.New().String()
t := jwt.NewWithClaims(jwt.SigningMethodHS256, IntermediateJWT{
id,
r.URL.Query().Get("share"),
host,
r.URL.Query().Get("checkInterval"),
jwt.RegisteredClaims{
ExpiresAt: jwt.NewNumericDate(time.Now().Add(24 * time.Hour)),
@ -120,19 +124,21 @@ func configureGithubOauth(cfg *OauthConfig, tls bool) error {
req.Header.Add("Authorization", fmt.Sprintf("Bearer %s", tokens.AccessToken))
resp, err := http.DefaultClient.Do(req)
if err != nil {
logrus.Error("Get: " + err.Error() + "\n")
logrus.Error("Error getting user info from github: " + err.Error() + "\n")
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
defer resp.Body.Close()
response, err := io.ReadAll(resp.Body)
if err != nil {
logrus.Errorf("Error reading response body: %v", err)
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
rDat := []githubUserResp{}
err = json.Unmarshal(response, &rDat)
if err != nil {
logrus.Errorf("Error unmarshalling google oauth response: %v", err)
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
@ -162,7 +168,7 @@ func configureGithubOauth(cfg *OauthConfig, tls bool) error {
}
SetZrokCookie(w, primaryEmail, tokens.AccessToken, "github", authCheckInterval, key)
http.Redirect(w, r, fmt.Sprintf("%s://%s.%s:8080", scheme, token.Claims.(*IntermediateJWT).Share, cfg.RedirectUrl), http.StatusFound)
http.Redirect(w, r, fmt.Sprintf("%s://%s", scheme, token.Claims.(*IntermediateJWT).Host), http.StatusFound)
}
http.Handle(callbackPath, rp.CodeExchangeHandler(getEmail, relyingParty))