providers/proxy: fix routing for external_host when using forward_auth_domain

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#2180
This commit is contained in:
Jens Langhammer 2022-02-01 10:14:46 +01:00
parent 8b8ed3527a
commit f5cc6c67ec

View file

@ -8,6 +8,7 @@ import (
"time" "time"
"github.com/prometheus/client_golang/prometheus" "github.com/prometheus/client_golang/prometheus"
"goauthentik.io/api"
"goauthentik.io/internal/outpost/proxyv2/application" "goauthentik.io/internal/outpost/proxyv2/application"
"goauthentik.io/internal/outpost/proxyv2/metrics" "goauthentik.io/internal/outpost/proxyv2/metrics"
"goauthentik.io/internal/utils/web" "goauthentik.io/internal/utils/web"
@ -58,6 +59,9 @@ func (ps *ProxyServer) lookupApp(r *http.Request) (*application.Application, str
var longestMatch *application.Application var longestMatch *application.Application
longestMatchLength := 0 longestMatchLength := 0
for _, app := range ps.apps { for _, app := range ps.apps {
if app.Mode() != api.PROXYMODE_FORWARD_DOMAIN {
continue
}
// Check if the cookie domain has a leading period for a wildcard // Check if the cookie domain has a leading period for a wildcard
// This will decrease the weight of a wildcard domain, but a request to example.com // This will decrease the weight of a wildcard domain, but a request to example.com
// with the cookie domain set to example.com will still be routed correctly. // with the cookie domain set to example.com will still be routed correctly.
@ -70,6 +74,11 @@ func (ps *ProxyServer) lookupApp(r *http.Request) (*application.Application, str
} }
longestMatch = app longestMatch = app
longestMatchLength = len(cd) longestMatchLength = len(cd)
// Also for forward_auth_domain, we need to respond on the external domain
if app.ProxyConfig().ExternalHost == host {
ps.log.WithField("host", host).WithField("app", app.ProxyConfig().Name).Debug("Found app based on external_host")
return app, host
}
} }
// Check if our longes match is 0, in which case we didn't match, so we // Check if our longes match is 0, in which case we didn't match, so we
// manually return no app // manually return no app