extern/zrok
1
1
Fork 0
mirror of https://github.com/openziti/zrok.git synced 2025-01-09 07:28:15 +01:00
Code Issues Packages Projects Releases Wiki Activity

switchable auth scheme based on service config (#12)

Browse Source
This commit is contained in:
Michael Quigley 2022-08-16 11:41:04 -04:00
parent b510190910
commit 83b573bfa8
No known key found for this signature in database
GPG Key ID: 9B60314A9DD20A62
1 changed files with 30 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
proxy/proxy.go
View File

@ -44,7 +44,7 @@ func Run(cfg *Config) error {
{Username: "hello", Password: "world"},
},
}
return http.ListenAndServe(cfg.Address, basicAuth(util.NewProxyHandler(proxy), users, "zrok"))
return http.ListenAndServe(cfg.Address, basicAuth(util.NewProxyHandler(proxy), users, "zrok", &resolver{}, zCtx))
}
type resolver struct{}
@ -165,28 +165,39 @@ func getRefreshedService(name string, ctx ziti.Context) (*edge.Service, bool) {
return svc, found
}
func basicAuth(handler http.Handler, users *model.BasicAuth, realm string) http.HandlerFunc {
func basicAuth(handler http.Handler, users *model.BasicAuth, realm string, rslv ProxyServiceResolver, ctx ziti.Context) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
inUser, inPass, ok := r.BasicAuth()
if !ok {
writeUnauthorizedResponse(w, realm)
return
}
svcName := rslv.Service(r.Host)
if svc, found := getRefreshedService(svcName, ctx); found {
if cfg, found := svc.Configs[model.ZrokProxyConfig]; found {
if scheme, found := cfg["auth_scheme"]; found {
switch scheme {
case model.None:
handler.ServeHTTP(w, r)
return
authed := false
for _, v := range users.Users {
if subtle.ConstantTimeCompare([]byte(inUser), []byte(v.Username)) == 1 && subtle.ConstantTimeCompare([]byte(inPass), []byte(v.Password)) == 1 {
authed = true
break
case model.Basic:
inUser, inPass, ok := r.BasicAuth()
if !ok {
writeUnauthorizedResponse(w, realm)
return
}
authed := false
for _, v := range users.Users {
if subtle.ConstantTimeCompare([]byte(inUser), []byte(v.Username)) == 1 && subtle.ConstantTimeCompare([]byte(inPass), []byte(v.Password)) == 1 {
authed = true
break
}
}
if !authed {
writeUnauthorizedResponse(w, realm)
return
}
handler.ServeHTTP(w, r)
}
}
}
}
if !authed {
writeUnauthorizedResponse(w, realm)
return
}
handler.ServeHTTP(w, r)
}
}