redundant oauth configuration cleanup (#404)

2025-06-20 17:58:50 +02:00 · 2023-10-03 17:11:52 -04:00 · 2023-10-03 17:11:52 -04:00 · c4f9cecd99
commit c4f9cecd99
parent d0a9353872
5 changed files with 12 additions and 15 deletions
--- a/endpoints/publicProxy/config.go
+++ b/endpoints/publicProxy/config.go
@ -18,11 +18,10 @@ type Config struct {
 }
 type OauthConfig struct {
-	Host        string
+	RedirectHost string
-	Port        int
+	RedirectPort int
-	RedirectUrl string
+	HashKeyRaw   string `cf:"+secret"`
-	HashKeyRaw  string `cf:"+secret"`
+	Providers    []*OauthProviderConfig
 	Providers   []*OauthProviderConfig
 }
 func (oc *OauthConfig) GetProvider(name string) *OauthProviderConfig {
@ -65,6 +64,6 @@ func configureOauthHandlers(ctx context.Context, cfg *Config, tls bool) error {
 	if err := configureGithubOauth(cfg.Oauth, tls); err != nil {
 		return err
 	}
-	zhttp.StartServer(ctx, fmt.Sprintf("%s:%d", strings.Split(cfg.Address, ":")[0], cfg.Oauth.Port))
+	zhttp.StartServer(ctx, fmt.Sprintf("%s:%d", strings.Split(cfg.Address, ":")[0], cfg.Oauth.RedirectPort))
 	return nil
 }
--- a/endpoints/publicProxy/github.go
+++ b/endpoints/publicProxy/github.go
@ -34,12 +34,11 @@ func configureGithubOauth(cfg *OauthConfig, tls bool) error {
 	}
 	clientID := providerCfg.ClientId
 	callbackPath := "/github/oauth"
-	port := cfg.Port
+	redirectUrl := fmt.Sprintf("%s://%s", scheme, cfg.RedirectHost)
 	redirectUrl := fmt.Sprintf("%s://%s", scheme, cfg.RedirectUrl)
 	rpConfig := &oauth2.Config{
 		ClientID:     clientID,
 		ClientSecret: providerCfg.ClientSecret,
-		RedirectURL:  fmt.Sprintf("%v:%v%v", redirectUrl, port, callbackPath),
+		RedirectURL:  fmt.Sprintf("%v:%v%v", redirectUrl, cfg.RedirectPort, callbackPath),
 		Scopes:       []string{"user:email"},
 		Endpoint:     githubOAuth.Endpoint,
 	}
--- a/endpoints/publicProxy/google.go
+++ b/endpoints/publicProxy/google.go
@ -35,12 +35,11 @@ func configureGoogleOauth(cfg *OauthConfig, tls bool) error {
 	clientID := providerCfg.ClientId
 	callbackPath := "/google/oauth"
-	port := cfg.Port
+	redirectUrl := fmt.Sprintf("%s://%s", scheme, cfg.RedirectHost)
 	redirectUrl := fmt.Sprintf("%s://%s", scheme, cfg.RedirectUrl)
 	rpConfig := &oauth2.Config{
 		ClientID:     clientID,
 		ClientSecret: providerCfg.ClientSecret,
-		RedirectURL:  fmt.Sprintf("%v:%v%v", redirectUrl, port, callbackPath),
+		RedirectURL:  fmt.Sprintf("%v:%v%v", redirectUrl, cfg.RedirectPort, callbackPath),
 		Scopes:       []string{"https://www.googleapis.com/auth/userinfo.email"},
 		Endpoint:     googleOauth.Endpoint,
 	}
--- a/endpoints/publicProxy/http.go
+++ b/endpoints/publicProxy/http.go
@ -348,7 +348,7 @@ func basicAuthRequired(w http.ResponseWriter, realm string) {
 }
 func oauthLoginRequired(w http.ResponseWriter, r *http.Request, shrToken string, pcfg *Config, provider, target string, authCheckInterval time.Duration) {
-	http.Redirect(w, r, fmt.Sprintf("http://%s.%s:%d/%s/login?targethost=%s&checkInterval=%s", shrToken, pcfg.Oauth.Host, pcfg.Oauth.Port, provider, url.QueryEscape(target), authCheckInterval.String()), http.StatusFound)
+	http.Redirect(w, r, fmt.Sprintf("http://%s.%s:%d/%s/login?targethost=%s&checkInterval=%s", shrToken, pcfg.Oauth.RedirectHost, pcfg.Oauth.RedirectPort, provider, url.QueryEscape(target), authCheckInterval.String()), http.StatusFound)
 }
 func resolveService(hostMatch string, host string) string {
--- a/etc/frontend.yml
+++ b/etc/frontend.yml
@ -5,8 +5,8 @@
 #host_match: zrok.io
 #oauth:
-#  port: 28080
+#  redirect_host: zrok.io
-#  redirect_url: zrok.io
+#  redirect_port: 28080
 #  hash_key_raw: "test1234test1234"
 #  providers:
 #    - name: google