extern/zrok
1
1
Fork 0
mirror of https://github.com/openziti/zrok.git synced 2025-06-26 12:42:18 +02:00
Code Issues Packages Projects Releases Wiki Activity

realign legacy oauth support for tesing (#987)

Browse Source
This commit is contained in:
Michael Quigley 2025-06-23 13:47:31 -04:00
parent 28881e1409
commit 8be5540d6d
No known key found for this signature in database
GPG Key ID: 9B60314A9DD20A62
9 changed files with 30 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
controller/share.go
View File

@ -22,6 +22,8 @@ func newShareHandler() *shareHandler {
} }
func (h *shareHandler) Handle(params share.ShareParams, principal *rest_model_zrok.Principal) middleware.Responder { func (h *shareHandler) Handle(params share.ShareParams, principal *rest_model_zrok.Principal) middleware.Responder {
logrus.Info("handling")
trx, err := str.Begin() trx, err := str.Begin()
if err != nil { if err != nil {
logrus.Errorf("error starting transaction: %v", err) logrus.Errorf("error starting transaction: %v", err)
@ -147,6 +149,8 @@ func (h *shareHandler) Handle(params share.ShareParams, principal *rest_model_zr
skipInterstitial = true skipInterstitial = true
} }
logrus.Infof("allocating public resources for '%v'", shrToken)
shrZId, frontendEndpoints, err = newPublicResourceAllocator().allocate(envZId, shrToken, frontendZIds, frontendTemplates, params, !skipInterstitial, edge) shrZId, frontendEndpoints, err = newPublicResourceAllocator().allocate(envZId, shrToken, frontendZIds, frontendTemplates, params, !skipInterstitial, edge)
if err != nil { if err != nil {
logrus.Error(err) logrus.Error(err)

7
controller/sharePublic.go
View File

@ -29,6 +29,13 @@ func (a *publicResourceAllocator) allocate(envZId, shrToken string, frontendZIds
switch authScheme { switch authScheme {
case sdk.Basic: case sdk.Basic:
options.AuthSecrets = true options.AuthSecrets = true
case sdk.Oauth:
options.AuthScheme = authScheme
options.Oauth = &sdk.OauthConfig{
Provider: params.Body.OauthProvider,
EmailDomains: params.Body.OauthEmailDomains,
}
} }
cfgId, err := zrokEdgeSdk.CreateConfig(zrokProxyConfigId, envZId, shrToken, options, edge) cfgId, err := zrokEdgeSdk.CreateConfig(zrokProxyConfigId, envZId, shrToken, options, edge)
if err != nil { if err != nil {

9
endpoints/publicProxy/http.go
View File

@ -232,6 +232,7 @@ func (h *httpHandler) handleBasicAuth(w http.ResponseWriter, r *http.Request, sh
} }
func (h *httpHandler) handleOAuthAuth(w http.ResponseWriter, r *http.Request, shrToken string, proxyConfig map[string]interface{}) bool { func (h *httpHandler) handleOAuthAuth(w http.ResponseWriter, r *http.Request, shrToken string, proxyConfig map[string]interface{}) bool {
logrus.Infof("handling '%v'", shrToken)
if oauthCfg, found := proxyConfig["oauth"]; found { if oauthCfg, found := proxyConfig["oauth"]; found {
if provider, found := oauthCfg.(map[string]interface{})["provider"]; found { if provider, found := oauthCfg.(map[string]interface{})["provider"]; found {
authCheckInterval := h.getAuthCheckInterval(oauthCfg) authCheckInterval := h.getAuthCheckInterval(oauthCfg)
@ -311,6 +312,8 @@ func (h *httpHandler) validateOAuthCookie(w http.ResponseWriter, r *http.Request
return false return false
} }
logrus.Infof("validated oauth cookie for '%v'", target)
return true return true
} }
@ -383,6 +386,8 @@ func (h *httpHandler) handleAuth(w http.ResponseWriter, r *http.Request, shrToke
} }
} }
logrus.Infof("authScheme = %v", authScheme)
if authScheme != "" { if authScheme != "" {
switch authScheme { switch authScheme {
case string(sdk.None): case string(sdk.None):
@ -392,7 +397,7 @@ func (h *httpHandler) handleAuth(w http.ResponseWriter, r *http.Request, shrToke
logrus.Debugf("auth scheme basic '%v", shrToken) logrus.Debugf("auth scheme basic '%v", shrToken)
return h.handleBasicAuth(w, r, shrToken, secrets) return h.handleBasicAuth(w, r, shrToken, secrets)
case string(sdk.Oauth): case string(sdk.Oauth):
logrus.Debugf("auth scheme oauth '%v'", shrToken) logrus.Infof("auth scheme oauth '%v'", shrToken)
return h.handleOAuthAuth(w, r, shrToken, proxyConfig) return h.handleOAuthAuth(w, r, shrToken, proxyConfig)
default: default:
logrus.Infof("invalid auth scheme '%v'", authScheme) logrus.Infof("invalid auth scheme '%v'", authScheme)
@ -428,6 +433,8 @@ func (h *httpHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
return return
} }
logrus.Infof("proxyConfig = %v", proxyConfig)
if h.handleInterstitial(w, r, proxyConfig) { if h.handleInterstitial(w, r, proxyConfig) {
return return
} }

8
rest_model_zrok/share_request.go
View File

@ -25,7 +25,7 @@ type ShareRequest struct {
AccessGrants []string `json:"accessGrants"` AccessGrants []string `json:"accessGrants"`
// auth scheme // auth scheme
// Enum: [none basic oidc] // Enum: [none basic oauth]
AuthScheme string `json:"authScheme,omitempty"` AuthScheme string `json:"authScheme,omitempty"`
// auth users // auth users
@ -107,7 +107,7 @@ var shareRequestTypeAuthSchemePropEnum []interface{}
func init() { func init() {
var res []string var res []string
if err := json.Unmarshal([]byte(`["none","basic","oidc"]`), &res); err != nil { if err := json.Unmarshal([]byte(`["none","basic","oauth"]`), &res); err != nil {
panic(err) panic(err)
} }
for _, v := range res { for _, v := range res {
@ -123,8 +123,8 @@ const (
// ShareRequestAuthSchemeBasic captures enum value "basic" // ShareRequestAuthSchemeBasic captures enum value "basic"
ShareRequestAuthSchemeBasic string = "basic" ShareRequestAuthSchemeBasic string = "basic"
// ShareRequestAuthSchemeOidc captures enum value "oidc" // ShareRequestAuthSchemeOauth captures enum value "oauth"
ShareRequestAuthSchemeOidc string = "oidc" ShareRequestAuthSchemeOauth string = "oauth"
) )
// prop value enum // prop value enum

4
rest_server_zrok/embedded_spec.go
View File

@ -2844,7 +2844,7 @@ func init() {
"enum": [ "enum": [
"none", "none",
"basic", "basic",
"oidc" "oauth"
] ]
}, },
"authUsers": { "authUsers": {
@ -5803,7 +5803,7 @@ func init() {
"enum": [ "enum": [
"none", "none",
"basic", "basic",
"oidc" "oauth"
] ]
}, },
"authUsers": { "authUsers": {

2
sdk/nodejs/sdk/src/api/models/ShareRequest.ts
View File

@ -144,7 +144,7 @@ export type ShareRequestBackendModeEnum = typeof ShareRequestBackendModeEnum[key
export const ShareRequestAuthSchemeEnum = { export const ShareRequestAuthSchemeEnum = {
None: 'none', None: 'none',
Basic: 'basic', Basic: 'basic',
Oidc: 'oidc' Oauth: 'oauth'
} as const; } as const;
export type ShareRequestAuthSchemeEnum = typeof ShareRequestAuthSchemeEnum[keyof typeof ShareRequestAuthSchemeEnum]; export type ShareRequestAuthSchemeEnum = typeof ShareRequestAuthSchemeEnum[keyof typeof ShareRequestAuthSchemeEnum];

4
sdk/python/src/zrok_api/models/share_request.py
View File

@ -69,8 +69,8 @@ class ShareRequest(BaseModel):
if value is None: if value is None:
return value return value
if value not in set(['none', 'basic', 'oidc']): if value not in set(['none', 'basic', 'oauth']):
raise ValueError("must be one of enum values ('none', 'basic', 'oidc')") raise ValueError("must be one of enum values ('none', 'basic', 'oauth')")
return value return value
@field_validator('oauth_provider') @field_validator('oauth_provider')

2
specs/zrok.yml
View File

@ -1786,7 +1786,7 @@ definitions:
type: string type: string
authScheme: authScheme:
type: string type: string
enum: ["none", "basic", "oidc"] enum: ["none", "basic", "oauth"]
authUsers: authUsers:
type: array type: array
items: items:

2
ui/src/api/models/ShareRequest.ts
View File

@ -144,7 +144,7 @@ export type ShareRequestBackendModeEnum = typeof ShareRequestBackendModeEnum[key
export const ShareRequestAuthSchemeEnum = { export const ShareRequestAuthSchemeEnum = {
None: 'none', None: 'none',
Basic: 'basic', Basic: 'basic',
Oidc: 'oidc' Oauth: 'oauth'
} as const; } as const;
export type ShareRequestAuthSchemeEnum = typeof ShareRequestAuthSchemeEnum[keyof typeof ShareRequestAuthSchemeEnum]; export type ShareRequestAuthSchemeEnum = typeof ShareRequestAuthSchemeEnum[keyof typeof ShareRequestAuthSchemeEnum];