trustchain-oc1-orchestral
/
authentik
Archived
10
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

internal/proxyv2: only allow access to /akprox in nginx mode when forward url could be extracted 

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2022-01-24 09:30:33 +01:00
parent e5ff47bf14
commit 1dce408c72
1 changed files with 6 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
internal/outpost/proxyv2/application/mode_forward.go
View File

@ -80,9 +80,12 @@ func (a *Application) forwardHandleNginx(rw http.ResponseWriter, r *http.Request
a.log.Trace("path can be accessed without authentication") a.log.Trace("path can be accessed without authentication")
return return
} }
if strings.HasPrefix(a.getTraefikForwardUrl(r).Path, "/akprox") { fwu := a.getTraefikForwardUrl(r)
a.log.WithField("url", r.URL.String()).Trace("path begins with /akprox, allowing access") if fwu.String() != r.URL.String() {
return if strings.HasPrefix(fwu.Path, "/akprox") {
a.log.WithField("url", r.URL.String()).Trace("path begins with /akprox, allowing access")
return
}
} }
http.Error(rw, "unauthorized request", http.StatusUnauthorized) http.Error(rw, "unauthorized request", http.StatusUnauthorized)
} }