Skip to content
GitLab
Explore
Sign in
Primary navigation
Search or go to…
Project
K
keycloak-proxy
Manage
Activity
Members
Labels
Plan
Issues
Issue boards
Milestones
Wiki
Code
Merge requests
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Snippets
Build
Pipelines
Jobs
Pipeline schedules
Artifacts
Deploy
Releases
Container registry
Model registry
Operate
Environments
Monitor
Incidents
Service Desk
Analyze
Value stream analytics
Contributor analytics
CI/CD analytics
Repository analytics
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
Community forum
Contribute to GitLab
Provide feedback
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
Janne Mareike Koschinski
keycloak-proxy
Commits
36215832
Commit
36215832
authored
9 years ago
by
Rohith
Browse files
Options
Downloads
Plain Diff
Merge pull request #24 from gambol99/cors_config
- cleaning up the cors options
parents
15d55b51
c48d52cd
No related branches found
No related tags found
No related merge requests found
Changes
6
Show whitespace changes
Inline
Side-by-side
Showing
6 changed files
config.go
+30
-15
30 additions, 15 deletions
config.go
config_sample.yml
+16
-0
16 additions, 0 deletions
config_sample.yml
doc.go
+7
-3
7 additions, 3 deletions
doc.go
handlers.go
+0
-25
0 additions, 25 deletions
handlers.go
server.go
+25
-1
25 additions, 1 deletion
server.go
server_test.go
+1
-1
1 addition, 1 deletion
server_test.go
with
79 additions
and
45 deletions
config.go
+
30
−
15
View file @
36215832
...
...
@@ -40,7 +40,7 @@ func newDefaultConfig() *Config {
TagData
:
make
(
map
[
string
]
string
,
0
),
ClaimsMatch
:
make
(
map
[
string
]
string
,
0
),
Header
:
make
(
map
[
string
]
string
,
0
),
CORS
Config
:
&
CORS
{
CORS
:
&
CORS
{
Origins
:
[]
string
{},
Methods
:
[]
string
{},
Headers
:
[]
string
{},
...
...
@@ -203,6 +203,24 @@ func readOptions(cx *cli.Context, config *Config) (err error) {
if
cx
.
IsSet
(
"hostname"
)
{
config
.
Hostnames
=
cx
.
StringSlice
(
"hostname"
)
}
if
cx
.
IsSet
(
"cors-origins"
)
{
config
.
CORS
.
Origins
=
cx
.
StringSlice
(
"cors-origins"
)
}
if
cx
.
IsSet
(
"cors-methods"
)
{
config
.
CORS
.
Methods
=
cx
.
StringSlice
(
"cors-methods"
)
}
if
cx
.
IsSet
(
"cors-headers"
)
{
config
.
CORS
.
Headers
=
cx
.
StringSlice
(
"cors-headers"
)
}
if
cx
.
IsSet
(
"cors-exposed-headers"
)
{
config
.
CORS
.
ExposedHeaders
=
cx
.
StringSlice
(
"cors-exposed-headers"
)
}
if
cx
.
IsSet
(
"cors-max-age"
)
{
config
.
CORS
.
MaxAge
=
cx
.
Duration
(
"cors-max-age"
)
}
if
cx
.
IsSet
(
"cors-credentials"
)
{
config
.
CORS
.
Credentials
=
cx
.
BoolT
(
"cors-credentials"
)
}
if
cx
.
IsSet
(
"tag"
)
{
config
.
TagData
,
err
=
decodeKeyPairs
(
cx
.
StringSlice
(
"tag"
))
if
err
!=
nil
{
...
...
@@ -221,18 +239,7 @@ func readOptions(cx *cli.Context, config *Config) (err error) {
return
err
}
}
if
cx
.
IsSet
(
"cors-origins"
)
{
config
.
CORSConfig
.
Origins
=
cx
.
StringSlice
(
"cors-origins"
)
}
if
cx
.
IsSet
(
"cors-methods"
)
{
config
.
CORSConfig
.
Methods
=
cx
.
StringSlice
(
"cors-methods"
)
}
if
cx
.
IsSet
(
"cors-headers"
)
{
config
.
CORSConfig
.
Headers
=
cx
.
StringSlice
(
"cors-headers"
)
}
if
cx
.
IsSet
(
"cors-max-age"
)
{
config
.
CORSConfig
.
MaxAge
=
cx
.
Duration
(
"cors-max-age"
)
}
if
cx
.
IsSet
(
"resource"
)
{
for
_
,
x
:=
range
cx
.
StringSlice
(
"resource"
)
{
resource
,
err
:=
decodeResource
(
x
)
...
...
@@ -355,18 +362,26 @@ func getOptions() []cli.Flag {
Name
:
"cors-origins"
,
Usage
:
"a set of origins to add to the CORS access control (Access-Control-Allow-Origin)"
,
},
cli
.
StringSliceFlag
{
Name
:
"cors-methods"
,
Usage
:
"the method permitted in the access control (Access-Control-Allow-Methods)"
,
},
cli
.
StringSliceFlag
{
Name
:
"cors-headers"
,
Usage
:
"a set of headers to add to the CORS access control (Access-Control-Allow-Headers)"
,
},
cli
.
StringSliceFlag
{
Name
:
"cors-
method
s"
,
Usage
:
"
the method permitted in the
access control (Access-Control-
Allow-Method
s)"
,
Name
:
"cors-
exposes-header
s"
,
Usage
:
"
set the expose cors headers
access control (Access-Control-
Expose-Header
s)"
,
},
cli
.
DurationFlag
{
Name
:
"cors-max-age"
,
Usage
:
"the max age applied to cors headers (Access-Control-Max-Age)"
,
},
cli
.
BoolFlag
{
Name
:
"cors-credentials"
,
Usage
:
"the credentials access control header (Access-Control-Allow-Credentials)"
,
},
cli
.
BoolFlag
{
Name
:
"skip-token-verification"
,
Usage
:
"testing purposes ONLY, the option allows you to bypass the token verification, expiration and roles are still enforced"
,
...
...
This diff is collapsed.
Click to expand it.
config_sample.yml
+
16
−
0
View file @
36215832
...
...
@@ -53,3 +53,19 @@ resources:
roles
:
-
openvpn:vpn-user
-
openvpn:prod-vpn
# set the cross origin resource sharing headers
cors
:
# an array of origins (Access-Control-Allow-Origin)
origins
:
[]
# an array of headers to apply (Access-Control-Allow-Headers)
headers
:
[]
# an array of expose headers (Access-Control-Expose-Headers)
exposed-headers
:
[]
# an array of methods (Access-Control-Allow-Methods)
methods
:
[]
# the credentials flag (Access-Control-Allow-Credentials)
credentials
:
true
|false
# the max age (Access-Control-Max-Age)
max-age
:
1h
This diff is collapsed.
Click to expand it.
doc.go
+
7
−
3
View file @
36215832
...
...
@@ -22,7 +22,7 @@ import (
const
(
prog
=
"keycloak-proxy"
version
=
"v1.0.0-rc
1
"
version
=
"v1.0.0-rc
2
"
author
=
"Rohith"
email
=
"gambol99@gmail.com"
description
=
"is a proxy using the keycloak service for auth and authorization"
...
...
@@ -67,7 +67,7 @@ type Resource struct {
Roles
[]
string
`json:"roles" yaml:"roles"`
}
// CORS controls
// CORS
access
controls
type
CORS
struct
{
// Origins is a list of origins permitted
Origins
[]
string
`json:"origins" yaml:"origins"`
...
...
@@ -75,6 +75,10 @@ type CORS struct {
Methods
[]
string
`json:"methods" yaml:"methods"`
// Headers is a set of cors headers
Headers
[]
string
`json:"headers" yaml:"headers"`
// ExposedHeaders are the exposed header fields
ExposedHeaders
[]
string
`json:"exposed-headers" yaml:"exposed-headers"`
// Credentials set the creds flag
Credentials
bool
`json:"credentials" yaml:"credentials"`
// MaxAge is the age for CORS
MaxAge
time
.
Duration
`json:"max-age" yaml:"max-age"`
}
...
...
@@ -116,7 +120,7 @@ type Config struct {
// TagData is passed to the templates
TagData
map
[
string
]
string
`json:"TagData" yaml:"TagData"`
// CORS permits adding headers to the /oauth handlers
CORS
Config
*
CORS
`json:"cors" yaml:"cors"`
CORS
*
CORS
`json:"cors" yaml:"cors"`
// Header permits adding customs headers across the board
Header
map
[
string
]
string
`json:"headers" yaml:"headers"`
// Scopes is a list of scope we should request
...
...
This diff is collapsed.
Click to expand it.
handlers.go
+
0
−
25
View file @
36215832
...
...
@@ -16,7 +16,6 @@ limitations under the License.
package
main
import
(
"fmt"
"net/http"
"path"
"regexp"
...
...
@@ -452,9 +451,6 @@ func (r *KeycloakProxy) oauthAuthorizationHandler(cx *gin.Context) {
return
}
// step: add the cors headers
r
.
corsAccessHeaders
(
cx
)
// step: get the redirection url
r
.
redirectToURL
(
redirectionURL
,
cx
)
}
...
...
@@ -564,9 +560,6 @@ func (r *KeycloakProxy) oauthCallbackHandler(cx *gin.Context) {
}
}
// step: add the cors headers
r
.
corsAccessHeaders
(
cx
)
r
.
redirectToURL
(
state
,
cx
)
}
...
...
@@ -576,21 +569,3 @@ func (r *KeycloakProxy) oauthCallbackHandler(cx *gin.Context) {
func
(
r
*
KeycloakProxy
)
healthHandler
(
cx
*
gin
.
Context
)
{
cx
.
String
(
http
.
StatusOK
,
"OK"
)
}
// corsAccessHeaders adds the cors access controls to the oauth responses
func
(
r
*
KeycloakProxy
)
corsAccessHeaders
(
cx
*
gin
.
Context
)
{
cors
:=
r
.
config
.
CORSConfig
if
len
(
cors
.
Origins
)
>
0
{
cx
.
Writer
.
Header
()
.
Set
(
"Access-Control-Allow-Origin"
,
strings
.
Join
(
cors
.
Origins
,
","
))
}
if
len
(
cors
.
Methods
)
>
0
{
cx
.
Writer
.
Header
()
.
Set
(
"Access-Control-Allow-Methods"
,
strings
.
Join
(
cors
.
Methods
,
","
))
}
if
len
(
cors
.
Headers
)
>
0
{
cx
.
Writer
.
Header
()
.
Set
(
"Access-Control-Allow-Headers"
,
strings
.
Join
(
cors
.
Headers
,
","
))
}
if
cors
.
MaxAge
>
0
{
cx
.
Writer
.
Header
()
.
Set
(
"Access-Control-Max-Age"
,
fmt
.
Sprintf
(
"%d"
,
int
(
cors
.
MaxAge
.
Seconds
())))
}
}
This diff is collapsed.
Click to expand it.
server.go
+
25
−
1
View file @
36215832
...
...
@@ -29,6 +29,7 @@ import (
log
"github.com/Sirupsen/logrus"
"github.com/gin-gonic/gin"
"strings"
)
// KeycloakProxy is the server component
...
...
@@ -193,7 +194,7 @@ func (r *KeycloakProxy) Run() error {
// redirectToURL redirects the user and aborts the context
func
(
r
KeycloakProxy
)
redirectToURL
(
url
string
,
cx
*
gin
.
Context
)
{
// step: add the cors headers
r
.
corsAccess
Headers
(
cx
)
r
.
injectCORS
Headers
(
cx
)
cx
.
Redirect
(
http
.
StatusTemporaryRedirect
,
url
)
cx
.
Abort
()
...
...
@@ -227,6 +228,29 @@ func (r KeycloakProxy) redirectToAuthorization(cx *gin.Context) {
r
.
redirectToURL
(
authorizationURL
+
authQuery
,
cx
)
}
// injectCORSHeaders adds the cors access controls to the oauth responses
func
(
r
*
KeycloakProxy
)
injectCORSHeaders
(
cx
*
gin
.
Context
)
{
c
:=
r
.
config
.
CORS
if
len
(
c
.
Origins
)
>
0
{
cx
.
Writer
.
Header
()
.
Set
(
"Access-Control-Allow-Origin"
,
strings
.
Join
(
c
.
Origins
,
","
))
}
if
len
(
c
.
Methods
)
>
0
{
cx
.
Writer
.
Header
()
.
Set
(
"Access-Control-Allow-Methods"
,
strings
.
Join
(
c
.
Methods
,
","
))
}
if
len
(
c
.
Headers
)
>
0
{
cx
.
Writer
.
Header
()
.
Set
(
"Access-Control-Allow-Headers"
,
strings
.
Join
(
c
.
Headers
,
","
))
}
if
len
(
c
.
ExposedHeaders
)
>
0
{
cx
.
Writer
.
Header
()
.
Set
(
"Access-Control-Expose-Headers"
,
strings
.
Join
(
c
.
ExposedHeaders
,
","
))
}
if
c
.
Credentials
{
cx
.
Writer
.
Header
()
.
Set
(
"Access-Control-Allow-Credentials"
,
"true"
)
}
if
c
.
MaxAge
>
0
{
cx
.
Writer
.
Header
()
.
Set
(
"Access-Control-Max-Age"
,
fmt
.
Sprintf
(
"%d"
,
int
(
c
.
MaxAge
.
Seconds
())))
}
}
// tryUpdateConnection attempt to upgrade the connection to a http pdy stream
func
(
r
*
KeycloakProxy
)
tryUpdateConnection
(
cx
*
gin
.
Context
)
error
{
// step: dial the endpoint
...
...
This diff is collapsed.
Click to expand it.
server_test.go
+
1
−
1
View file @
36215832
...
...
@@ -94,7 +94,7 @@ func newFakeKeycloakProxy(t *testing.T) *KeycloakProxy {
Roles
:
[]
string
{},
},
},
CORS
Config
:
&
CORS
{},
CORS
:
&
CORS
{},
},
proxy
:
new
(
fakeReverseProxy
),
}
...
...
This diff is collapsed.
Click to expand it.
Preview
0%
Loading
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment