extern/zrok
1
1
Fork 0
mirror of https://github.com/openziti/zrok.git synced 2025-08-17 19:31:12 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'main' into oauth-testing

Browse Source
This commit is contained in:
Ziti-Ci
2023-09-05 10:10:25 -05:00
parent 2b0dc71f93 ca6a11cc59
commit 8e63548552
109 changed files with 8112 additions and 3928 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
endpoints/publicProxy/http.go
View File

@@ -3,6 +3,15 @@ package publicProxy
import (
"context"
"fmt"
"github.com/openziti/sdk-golang/ziti"
"github.com/openziti/zrok/endpoints"
"github.com/openziti/zrok/endpoints/publicProxy/healthUi"
"github.com/openziti/zrok/endpoints/publicProxy/notFoundUi"
"github.com/openziti/zrok/environment"
"github.com/openziti/zrok/sdk"
"github.com/openziti/zrok/util"
"github.com/pkg/errors"
"github.com/sirupsen/logrus"
"net"
"net/http"
"net/http/httputil"
@@ -16,9 +25,7 @@ import (
"github.com/openziti/zrok/endpoints/publicProxy/healthUi"
"github.com/openziti/zrok/endpoints/publicProxy/notFoundUi"
"github.com/openziti/zrok/endpoints/publicProxy/unauthorizedUi"
"github.com/openziti/zrok/model"
"github.com/openziti/zrok/util"
"github.com/openziti/zrok/zrokdir"
"github.com/pkg/errors"
"github.com/sirupsen/logrus"
zhttp "github.com/zitadel/oidc/v2/pkg/http"
@@ -31,15 +38,19 @@ type httpFrontend struct {
}
func NewHTTP(cfg *Config) (*httpFrontend, error) {
zCfgPath, err := zrokdir.ZitiIdentityFile(cfg.Identity)
env, err := environment.LoadRoot()
if err != nil {
return nil, errors.Wrapf(err, "error getting ziti identity '%v' from zrokdir", cfg.Identity)
return nil, errors.Wrap(err, "error loading environment root")
}
zCfgPath, err := env.ZitiIdentityNamed(cfg.Identity)
if err != nil {
return nil, errors.Wrapf(err, "error getting ziti identity '%v' from environment", cfg.Identity)
}
zCfg, err := ziti.NewConfigFromFile(zCfgPath)
if err != nil {
return nil, errors.Wrap(err, "error loading config")
}
zCfg.ConfigTypes = []string{model.ZrokProxyConfig}
zCfg.ConfigTypes = []string{sdk.ZrokProxyConfig}
zCtx, err := ziti.NewContext(zCfg)
if err != nil {
return nil, errors.Wrap(err, "error loading ziti context")
@@ -102,7 +113,7 @@ func hostTargetReverseProxy(cfg *Config, ctx ziti.Context) *httputil.ReverseProx
director := func(req *http.Request) {
targetShrToken := resolveService(cfg.HostMatch, req.Host)
if svc, found := endpoints.GetRefreshedService(targetShrToken, ctx); found {
if cfg, found := svc.Config[model.ZrokProxyConfig]; found {
if cfg, found := svc.Config[sdk.ZrokProxyConfig]; found {
logrus.Debugf("auth model: %v", cfg)
} else {
logrus.Warn("no config!")
@@ -136,15 +147,15 @@ func authHandler(handler http.Handler, realm string, pcfg *Config, ctx ziti.Cont
shrToken := resolveService(pcfg.HostMatch, r.Host)
if shrToken != "" {
if svc, found := endpoints.GetRefreshedService(shrToken, ctx); found {
if cfg, found := svc.Config[model.ZrokProxyConfig]; found {
if cfg, found := svc.Config[sdk.ZrokProxyConfig]; found {
if scheme, found := cfg["auth_scheme"]; found {
switch scheme {
case string(model.None):
case string(sdk.None):
logrus.Debugf("auth scheme none '%v'", shrToken)
handler.ServeHTTP(w, r)
return
case string(model.Basic):
case string(sdk.Basic):
logrus.Debugf("auth scheme basic '%v", shrToken)
inUser, inPass, ok := r.BasicAuth()
if !ok {
@@ -188,7 +199,7 @@ func authHandler(handler http.Handler, realm string, pcfg *Config, ctx ziti.Cont
handler.ServeHTTP(w, r)
case string(model.Oauth):
case string(sdk.Oauth):
if oauthCfg, found := cfg["oauth"]; found {
if provider, found := oauthCfg.(map[string]interface{})["provider"]; found {
cookie, err := r.Cookie("zrok-access")