providers/proxy: add is_superuser to ak_proxy object, only show full error when superuser

closes #3314

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2022-07-30 20:29:23 +02:00
parent 393d7ec486
commit fcf4657833
3 changed files with 7 additions and 3 deletions

View file

@ -8,7 +8,8 @@ SCOPE_AK_PROXY_EXPRESSION = """
# which are used for example for the HTTP-Basic Authentication mapping. # which are used for example for the HTTP-Basic Authentication mapping.
return { return {
"ak_proxy": { "ak_proxy": {
"user_attributes": request.user.group_attributes(request) "user_attributes": request.user.group_attributes(request),
"is_superuser": request.user.is_superuser,
} }
}""" }"""

View file

@ -3,6 +3,7 @@ package application
type ProxyClaims struct { type ProxyClaims struct {
UserAttributes map[string]interface{} `json:"user_attributes"` UserAttributes map[string]interface{} `json:"user_attributes"`
BackendOverride string `json:"backend_override"` BackendOverride string `json:"backend_override"`
IsSuperuser bool `json:"is_superuser"`
} }
type Claims struct { type Claims struct {

View file

@ -20,8 +20,10 @@ func (a *Application) ErrorPage(rw http.ResponseWriter, r *http.Request, err str
Message: "Error proxying to upstream server", Message: "Error proxying to upstream server",
ProxyPrefix: "/outpost.goauthentik.io", ProxyPrefix: "/outpost.goauthentik.io",
} }
if claims != nil && len(err) > 0 { if claims != nil && claims.Proxy.IsSuperuser {
data.Message = err data.Message = err
} else {
data.Message = "Failed to connect to backend."
} }
er := a.errorTemplates.Execute(rw, data) er := a.errorTemplates.Execute(rw, data)
if er != nil { if er != nil {
@ -34,6 +36,6 @@ func (a *Application) newProxyErrorHandler() func(http.ResponseWriter, *http.Req
return func(rw http.ResponseWriter, req *http.Request, proxyErr error) { return func(rw http.ResponseWriter, req *http.Request, proxyErr error) {
log.WithError(proxyErr).Warning("Error proxying to upstream server") log.WithError(proxyErr).Warning("Error proxying to upstream server")
rw.WriteHeader(http.StatusBadGateway) rw.WriteHeader(http.StatusBadGateway)
a.ErrorPage(rw, req, fmt.Sprintf("Error proxying to upstream server: %s", proxyErr.Error())) a.ErrorPage(rw, req, fmt.Sprintf("Error proxying to upstream server: %v", proxyErr))
} }
} }