From c4f9cecd996ecdca630cd8dca81e7e92cc640767 Mon Sep 17 00:00:00 2001 From: Michael Quigley Date: Tue, 3 Oct 2023 17:11:52 -0400 Subject: [PATCH] redundant oauth configuration cleanup (#404) --- endpoints/publicProxy/config.go | 11 +++++------ endpoints/publicProxy/github.go | 5 ++--- endpoints/publicProxy/google.go | 5 ++--- endpoints/publicProxy/http.go | 2 +- etc/frontend.yml | 4 ++-- 5 files changed, 12 insertions(+), 15 deletions(-) diff --git a/endpoints/publicProxy/config.go b/endpoints/publicProxy/config.go index 02843465..f917669d 100644 --- a/endpoints/publicProxy/config.go +++ b/endpoints/publicProxy/config.go @@ -18,11 +18,10 @@ type Config struct { } type OauthConfig struct { - Host string - Port int - RedirectUrl string - HashKeyRaw string `cf:"+secret"` - Providers []*OauthProviderConfig + RedirectHost string + RedirectPort int + HashKeyRaw string `cf:"+secret"` + Providers []*OauthProviderConfig } func (oc *OauthConfig) GetProvider(name string) *OauthProviderConfig { @@ -65,6 +64,6 @@ func configureOauthHandlers(ctx context.Context, cfg *Config, tls bool) error { if err := configureGithubOauth(cfg.Oauth, tls); err != nil { return err } - zhttp.StartServer(ctx, fmt.Sprintf("%s:%d", strings.Split(cfg.Address, ":")[0], cfg.Oauth.Port)) + zhttp.StartServer(ctx, fmt.Sprintf("%s:%d", strings.Split(cfg.Address, ":")[0], cfg.Oauth.RedirectPort)) return nil } diff --git a/endpoints/publicProxy/github.go b/endpoints/publicProxy/github.go index 61712907..96da339a 100644 --- a/endpoints/publicProxy/github.go +++ b/endpoints/publicProxy/github.go @@ -34,12 +34,11 @@ func configureGithubOauth(cfg *OauthConfig, tls bool) error { } clientID := providerCfg.ClientId callbackPath := "/github/oauth" - port := cfg.Port - redirectUrl := fmt.Sprintf("%s://%s", scheme, cfg.RedirectUrl) + redirectUrl := fmt.Sprintf("%s://%s", scheme, cfg.RedirectHost) rpConfig := &oauth2.Config{ ClientID: clientID, ClientSecret: providerCfg.ClientSecret, - RedirectURL: fmt.Sprintf("%v:%v%v", redirectUrl, port, callbackPath), + RedirectURL: fmt.Sprintf("%v:%v%v", redirectUrl, cfg.RedirectPort, callbackPath), Scopes: []string{"user:email"}, Endpoint: githubOAuth.Endpoint, } diff --git a/endpoints/publicProxy/google.go b/endpoints/publicProxy/google.go index c42960e8..11918fca 100644 --- a/endpoints/publicProxy/google.go +++ b/endpoints/publicProxy/google.go @@ -35,12 +35,11 @@ func configureGoogleOauth(cfg *OauthConfig, tls bool) error { clientID := providerCfg.ClientId callbackPath := "/google/oauth" - port := cfg.Port - redirectUrl := fmt.Sprintf("%s://%s", scheme, cfg.RedirectUrl) + redirectUrl := fmt.Sprintf("%s://%s", scheme, cfg.RedirectHost) rpConfig := &oauth2.Config{ ClientID: clientID, ClientSecret: providerCfg.ClientSecret, - RedirectURL: fmt.Sprintf("%v:%v%v", redirectUrl, port, callbackPath), + RedirectURL: fmt.Sprintf("%v:%v%v", redirectUrl, cfg.RedirectPort, callbackPath), Scopes: []string{"https://www.googleapis.com/auth/userinfo.email"}, Endpoint: googleOauth.Endpoint, } diff --git a/endpoints/publicProxy/http.go b/endpoints/publicProxy/http.go index dcd1154f..9c9fa518 100644 --- a/endpoints/publicProxy/http.go +++ b/endpoints/publicProxy/http.go @@ -348,7 +348,7 @@ func basicAuthRequired(w http.ResponseWriter, realm string) { } func oauthLoginRequired(w http.ResponseWriter, r *http.Request, shrToken string, pcfg *Config, provider, target string, authCheckInterval time.Duration) { - http.Redirect(w, r, fmt.Sprintf("http://%s.%s:%d/%s/login?targethost=%s&checkInterval=%s", shrToken, pcfg.Oauth.Host, pcfg.Oauth.Port, provider, url.QueryEscape(target), authCheckInterval.String()), http.StatusFound) + http.Redirect(w, r, fmt.Sprintf("http://%s.%s:%d/%s/login?targethost=%s&checkInterval=%s", shrToken, pcfg.Oauth.RedirectHost, pcfg.Oauth.RedirectPort, provider, url.QueryEscape(target), authCheckInterval.String()), http.StatusFound) } func resolveService(hostMatch string, host string) string { diff --git a/etc/frontend.yml b/etc/frontend.yml index a088481b..a7d15b31 100644 --- a/etc/frontend.yml +++ b/etc/frontend.yml @@ -5,8 +5,8 @@ #host_match: zrok.io #oauth: -# port: 28080 -# redirect_url: zrok.io +# redirect_host: zrok.io +# redirect_port: 28080 # hash_key_raw: "test1234test1234" # providers: # - name: google