From 514c48a986b48c2f1448c37458d4ec2d5a51ade7 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Thu, 18 Aug 2022 20:43:01 +0200 Subject: [PATCH] internal: fix routing for requests with querystring signature to embedded outpost Signed-off-by: Jens Langhammer --- internal/outpost/proxyv2/application/application.go | 10 ++++++++++ internal/outpost/proxyv2/proxyv2.go | 11 ++++++----- internal/web/proxy.go | 5 +---- 3 files changed, 17 insertions(+), 9 deletions(-) diff --git a/internal/outpost/proxyv2/application/application.go b/internal/outpost/proxyv2/application/application.go index dc134efc8..aa0dae765 100644 --- a/internal/outpost/proxyv2/application/application.go +++ b/internal/outpost/proxyv2/application/application.go @@ -201,6 +201,16 @@ func (a *Application) Mode() api.ProxyMode { return *a.proxyConfig.Mode.Get() } +func (a *Application) HasQuerySignature(r *http.Request) bool { + if strings.EqualFold(r.URL.Query().Get(CallbackSignature), "true") { + return true + } + if strings.EqualFold(r.URL.Query().Get(LogoutSignature), "true") { + return true + } + return false +} + func (a *Application) ProxyConfig() api.ProxyOutpostConfig { return a.proxyConfig } diff --git a/internal/outpost/proxyv2/proxyv2.go b/internal/outpost/proxyv2/proxyv2.go index 951a0068a..784bc5860 100644 --- a/internal/outpost/proxyv2/proxyv2.go +++ b/internal/outpost/proxyv2/proxyv2.go @@ -67,11 +67,12 @@ func NewProxyServer(ac *ak.APIController) *ProxyServer { func (ps *ProxyServer) HandleHost(rw http.ResponseWriter, r *http.Request) bool { a, _ := ps.lookupApp(r) - if a != nil { - if a.Mode() == api.PROXYMODE_PROXY { - a.ServeHTTP(rw, r) - return true - } + if a == nil { + return false + } + if a.HasQuerySignature(r) || a.Mode() == api.PROXYMODE_PROXY { + a.ServeHTTP(rw, r) + return true } return false } diff --git a/internal/web/proxy.go b/internal/web/proxy.go index 388d53fa1..0b9f2435e 100644 --- a/internal/web/proxy.go +++ b/internal/web/proxy.go @@ -9,7 +9,6 @@ import ( "time" "github.com/prometheus/client_golang/prometheus" - "goauthentik.io/internal/outpost/proxyv2/application" "goauthentik.io/internal/utils/sentry" ) @@ -52,9 +51,7 @@ func (ws *WebServer) configureProxy() { } before := time.Now() if ws.ProxyServer != nil { - _, oauthCallbackSet := r.URL.Query()[application.CallbackSignature] - _, logoutSet := r.URL.Query()[application.LogoutSignature] - if ws.ProxyServer.HandleHost(rw, r) || oauthCallbackSet || logoutSet { + if ws.ProxyServer.HandleHost(rw, r) { Requests.With(prometheus.Labels{ "dest": "embedded_outpost", }).Observe(float64(time.Since(before)))