diff --git a/controller/share.go b/controller/share.go index a2047669..c7bc6323 100644 --- a/controller/share.go +++ b/controller/share.go @@ -22,6 +22,8 @@ func newShareHandler() *shareHandler { } func (h *shareHandler) Handle(params share.ShareParams, principal *rest_model_zrok.Principal) middleware.Responder { + logrus.Info("handling") + trx, err := str.Begin() if err != nil { logrus.Errorf("error starting transaction: %v", err) @@ -147,6 +149,8 @@ func (h *shareHandler) Handle(params share.ShareParams, principal *rest_model_zr skipInterstitial = true } + logrus.Infof("allocating public resources for '%v'", shrToken) + shrZId, frontendEndpoints, err = newPublicResourceAllocator().allocate(envZId, shrToken, frontendZIds, frontendTemplates, params, !skipInterstitial, edge) if err != nil { logrus.Error(err) diff --git a/controller/sharePublic.go b/controller/sharePublic.go index c09c55b7..239d3aea 100644 --- a/controller/sharePublic.go +++ b/controller/sharePublic.go @@ -29,6 +29,13 @@ func (a *publicResourceAllocator) allocate(envZId, shrToken string, frontendZIds switch authScheme { case sdk.Basic: options.AuthSecrets = true + + case sdk.Oauth: + options.AuthScheme = authScheme + options.Oauth = &sdk.OauthConfig{ + Provider: params.Body.OauthProvider, + EmailDomains: params.Body.OauthEmailDomains, + } } cfgId, err := zrokEdgeSdk.CreateConfig(zrokProxyConfigId, envZId, shrToken, options, edge) if err != nil { diff --git a/endpoints/publicProxy/http.go b/endpoints/publicProxy/http.go index 19763b4b..5c7d0b03 100644 --- a/endpoints/publicProxy/http.go +++ b/endpoints/publicProxy/http.go @@ -232,6 +232,7 @@ func (h *httpHandler) handleBasicAuth(w http.ResponseWriter, r *http.Request, sh } func (h *httpHandler) handleOAuthAuth(w http.ResponseWriter, r *http.Request, shrToken string, proxyConfig map[string]interface{}) bool { + logrus.Infof("handling '%v'", shrToken) if oauthCfg, found := proxyConfig["oauth"]; found { if provider, found := oauthCfg.(map[string]interface{})["provider"]; found { authCheckInterval := h.getAuthCheckInterval(oauthCfg) @@ -311,6 +312,8 @@ func (h *httpHandler) validateOAuthCookie(w http.ResponseWriter, r *http.Request return false } + logrus.Infof("validated oauth cookie for '%v'", target) + return true } @@ -383,6 +386,8 @@ func (h *httpHandler) handleAuth(w http.ResponseWriter, r *http.Request, shrToke } } + logrus.Infof("authScheme = %v", authScheme) + if authScheme != "" { switch authScheme { case string(sdk.None): @@ -392,7 +397,7 @@ func (h *httpHandler) handleAuth(w http.ResponseWriter, r *http.Request, shrToke logrus.Debugf("auth scheme basic '%v", shrToken) return h.handleBasicAuth(w, r, shrToken, secrets) case string(sdk.Oauth): - logrus.Debugf("auth scheme oauth '%v'", shrToken) + logrus.Infof("auth scheme oauth '%v'", shrToken) return h.handleOAuthAuth(w, r, shrToken, proxyConfig) default: logrus.Infof("invalid auth scheme '%v'", authScheme) @@ -428,6 +433,8 @@ func (h *httpHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) { return } + logrus.Infof("proxyConfig = %v", proxyConfig) + if h.handleInterstitial(w, r, proxyConfig) { return } diff --git a/rest_model_zrok/share_request.go b/rest_model_zrok/share_request.go index 0b15f10e..75ab7b67 100644 --- a/rest_model_zrok/share_request.go +++ b/rest_model_zrok/share_request.go @@ -25,7 +25,7 @@ type ShareRequest struct { AccessGrants []string `json:"accessGrants"` // auth scheme - // Enum: [none basic oidc] + // Enum: [none basic oauth] AuthScheme string `json:"authScheme,omitempty"` // auth users @@ -107,7 +107,7 @@ var shareRequestTypeAuthSchemePropEnum []interface{} func init() { var res []string - if err := json.Unmarshal([]byte(`["none","basic","oidc"]`), &res); err != nil { + if err := json.Unmarshal([]byte(`["none","basic","oauth"]`), &res); err != nil { panic(err) } for _, v := range res { @@ -123,8 +123,8 @@ const ( // ShareRequestAuthSchemeBasic captures enum value "basic" ShareRequestAuthSchemeBasic string = "basic" - // ShareRequestAuthSchemeOidc captures enum value "oidc" - ShareRequestAuthSchemeOidc string = "oidc" + // ShareRequestAuthSchemeOauth captures enum value "oauth" + ShareRequestAuthSchemeOauth string = "oauth" ) // prop value enum diff --git a/rest_server_zrok/embedded_spec.go b/rest_server_zrok/embedded_spec.go index 759882a8..a7e47d40 100644 --- a/rest_server_zrok/embedded_spec.go +++ b/rest_server_zrok/embedded_spec.go @@ -2844,7 +2844,7 @@ func init() { "enum": [ "none", "basic", - "oidc" + "oauth" ] }, "authUsers": { @@ -5803,7 +5803,7 @@ func init() { "enum": [ "none", "basic", - "oidc" + "oauth" ] }, "authUsers": { diff --git a/sdk/nodejs/sdk/src/api/models/ShareRequest.ts b/sdk/nodejs/sdk/src/api/models/ShareRequest.ts index 2ed36d8a..f32a4df9 100644 --- a/sdk/nodejs/sdk/src/api/models/ShareRequest.ts +++ b/sdk/nodejs/sdk/src/api/models/ShareRequest.ts @@ -144,7 +144,7 @@ export type ShareRequestBackendModeEnum = typeof ShareRequestBackendModeEnum[key export const ShareRequestAuthSchemeEnum = { None: 'none', Basic: 'basic', - Oidc: 'oidc' + Oauth: 'oauth' } as const; export type ShareRequestAuthSchemeEnum = typeof ShareRequestAuthSchemeEnum[keyof typeof ShareRequestAuthSchemeEnum]; diff --git a/sdk/python/src/zrok_api/models/share_request.py b/sdk/python/src/zrok_api/models/share_request.py index b7e925f5..0582013b 100644 --- a/sdk/python/src/zrok_api/models/share_request.py +++ b/sdk/python/src/zrok_api/models/share_request.py @@ -69,8 +69,8 @@ class ShareRequest(BaseModel): if value is None: return value - if value not in set(['none', 'basic', 'oidc']): - raise ValueError("must be one of enum values ('none', 'basic', 'oidc')") + if value not in set(['none', 'basic', 'oauth']): + raise ValueError("must be one of enum values ('none', 'basic', 'oauth')") return value @field_validator('oauth_provider') diff --git a/specs/zrok.yml b/specs/zrok.yml index 0a3b69b5..a7d08ffa 100644 --- a/specs/zrok.yml +++ b/specs/zrok.yml @@ -1786,7 +1786,7 @@ definitions: type: string authScheme: type: string - enum: ["none", "basic", "oidc"] + enum: ["none", "basic", "oauth"] authUsers: type: array items: diff --git a/ui/src/api/models/ShareRequest.ts b/ui/src/api/models/ShareRequest.ts index 2ed36d8a..f32a4df9 100644 --- a/ui/src/api/models/ShareRequest.ts +++ b/ui/src/api/models/ShareRequest.ts @@ -144,7 +144,7 @@ export type ShareRequestBackendModeEnum = typeof ShareRequestBackendModeEnum[key export const ShareRequestAuthSchemeEnum = { None: 'none', Basic: 'basic', - Oidc: 'oidc' + Oauth: 'oauth' } as const; export type ShareRequestAuthSchemeEnum = typeof ShareRequestAuthSchemeEnum[keyof typeof ShareRequestAuthSchemeEnum];