providers/proxy: use same redirect-save code for all modes
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
parent
dc9203789e
commit
e30103aa9f
|
@ -13,18 +13,13 @@ import (
|
||||||
|
|
||||||
const (
|
const (
|
||||||
envoyPrefix = "/outpost.goauthentik.io/auth/envoy"
|
envoyPrefix = "/outpost.goauthentik.io/auth/envoy"
|
||||||
|
traefikPrefix = "/outpost.goauthentik.io/auth/traefik"
|
||||||
|
nginxPrefix = "/outpost.goauthentik.io/auth/nginx"
|
||||||
)
|
)
|
||||||
|
|
||||||
func (a *Application) configureForward() error {
|
func (a *Application) configureForward() error {
|
||||||
a.mux.HandleFunc("/outpost.goauthentik.io/auth", func(rw http.ResponseWriter, r *http.Request) {
|
a.mux.HandleFunc(traefikPrefix, a.forwardHandleTraefik)
|
||||||
if _, ok := r.URL.Query()["traefik"]; ok {
|
a.mux.HandleFunc(nginxPrefix, a.forwardHandleNginx)
|
||||||
a.forwardHandleTraefik(rw, r)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
a.forwardHandleNginx(rw, r)
|
|
||||||
})
|
|
||||||
a.mux.HandleFunc("/outpost.goauthentik.io/auth/traefik", a.forwardHandleTraefik)
|
|
||||||
a.mux.HandleFunc("/outpost.goauthentik.io/auth/nginx", a.forwardHandleNginx)
|
|
||||||
a.mux.PathPrefix(envoyPrefix).HandlerFunc(a.forwardHandleEnvoy)
|
a.mux.PathPrefix(envoyPrefix).HandlerFunc(a.forwardHandleEnvoy)
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
@ -59,7 +54,6 @@ func (a *Application) forwardHandleTraefik(rw http.ResponseWriter, r *http.Reque
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
host := ""
|
host := ""
|
||||||
s, _ := a.sessions.Get(r, constants.SessionName)
|
|
||||||
// Optional suffix, which is appended to the URL
|
// Optional suffix, which is appended to the URL
|
||||||
if *a.proxyConfig.Mode.Get() == api.PROXYMODE_FORWARD_SINGLE {
|
if *a.proxyConfig.Mode.Get() == api.PROXYMODE_FORWARD_SINGLE {
|
||||||
host = web.GetHost(r)
|
host = web.GetHost(r)
|
||||||
|
@ -75,11 +69,14 @@ func (a *Application) forwardHandleTraefik(rw http.ResponseWriter, r *http.Reque
|
||||||
// to a (possibly) different domain, but we want to be redirected back
|
// to a (possibly) different domain, but we want to be redirected back
|
||||||
// to the application
|
// to the application
|
||||||
// X-Forwarded-Uri is only the path, so we need to build the entire URL
|
// X-Forwarded-Uri is only the path, so we need to build the entire URL
|
||||||
|
s, _ := a.sessions.Get(r, constants.SessionName)
|
||||||
|
if _, redirectSet := s.Values[constants.SessionRedirect]; !redirectSet {
|
||||||
s.Values[constants.SessionRedirect] = fwd.String()
|
s.Values[constants.SessionRedirect] = fwd.String()
|
||||||
err = s.Save(r, rw)
|
err = s.Save(r, rw)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
a.log.WithError(err).Warning("failed to save session before redirect")
|
a.log.WithError(err).Warning("failed to save session before redirect")
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
proto := r.Header.Get("X-Forwarded-Proto")
|
proto := r.Header.Get("X-Forwarded-Proto")
|
||||||
if proto != "" {
|
if proto != "" {
|
||||||
|
@ -117,11 +114,13 @@ func (a *Application) forwardHandleNginx(rw http.ResponseWriter, r *http.Request
|
||||||
}
|
}
|
||||||
|
|
||||||
s, _ := a.sessions.Get(r, constants.SessionName)
|
s, _ := a.sessions.Get(r, constants.SessionName)
|
||||||
|
if _, redirectSet := s.Values[constants.SessionRedirect]; !redirectSet {
|
||||||
s.Values[constants.SessionRedirect] = fwd.String()
|
s.Values[constants.SessionRedirect] = fwd.String()
|
||||||
err = s.Save(r, rw)
|
err = s.Save(r, rw)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
a.log.WithError(err).Warning("failed to save session before redirect")
|
a.log.WithError(err).Warning("failed to save session before redirect")
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
if fwd.String() != r.URL.String() {
|
if fwd.String() != r.URL.String() {
|
||||||
if strings.HasPrefix(fwd.Path, "/outpost.goauthentik.io") {
|
if strings.HasPrefix(fwd.Path, "/outpost.goauthentik.io") {
|
||||||
|
@ -152,7 +151,6 @@ func (a *Application) forwardHandleEnvoy(rw http.ResponseWriter, r *http.Request
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
host := ""
|
host := ""
|
||||||
s, _ := a.sessions.Get(r, constants.SessionName)
|
|
||||||
// Optional suffix, which is appended to the URL
|
// Optional suffix, which is appended to the URL
|
||||||
if *a.proxyConfig.Mode.Get() == api.PROXYMODE_FORWARD_SINGLE {
|
if *a.proxyConfig.Mode.Get() == api.PROXYMODE_FORWARD_SINGLE {
|
||||||
host = web.GetHost(r)
|
host = web.GetHost(r)
|
||||||
|
@ -168,6 +166,7 @@ func (a *Application) forwardHandleEnvoy(rw http.ResponseWriter, r *http.Request
|
||||||
// to a (possibly) different domain, but we want to be redirected back
|
// to a (possibly) different domain, but we want to be redirected back
|
||||||
// to the application
|
// to the application
|
||||||
// X-Forwarded-Uri is only the path, so we need to build the entire URL
|
// X-Forwarded-Uri is only the path, so we need to build the entire URL
|
||||||
|
s, _ := a.sessions.Get(r, constants.SessionName)
|
||||||
if _, redirectSet := s.Values[constants.SessionRedirect]; !redirectSet {
|
if _, redirectSet := s.Values[constants.SessionRedirect]; !redirectSet {
|
||||||
s.Values[constants.SessionRedirect] = fwd.String()
|
s.Values[constants.SessionRedirect] = fwd.String()
|
||||||
err = s.Save(r, rw)
|
err = s.Save(r, rw)
|
||||||
|
|
|
@ -36,11 +36,13 @@ func (a *Application) redirectToStart(rw http.ResponseWriter, r *http.Request) {
|
||||||
redirectUrl = a.proxyConfig.ExternalHost
|
redirectUrl = a.proxyConfig.ExternalHost
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
if _, redirectSet := s.Values[constants.SessionRedirect]; !redirectSet {
|
||||||
s.Values[constants.SessionRedirect] = redirectUrl
|
s.Values[constants.SessionRedirect] = redirectUrl
|
||||||
err = s.Save(r, rw)
|
err = s.Save(r, rw)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
a.log.WithError(err).Warning("failed to save session before redirect")
|
a.log.WithError(err).Warning("failed to save session before redirect")
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
urlArgs := url.Values{
|
urlArgs := url.Values{
|
||||||
"rd": []string{redirectUrl},
|
"rd": []string{redirectUrl},
|
||||||
|
|
Reference in a new issue