diff --git a/pkg/api/config.go b/pkg/api/config.go
index 42940fa00e4c01534cdc3c2b04738ab1572d7731..137d77ba384fb68ffe2bf276634146a244dc24c2 100644
--- a/pkg/api/config.go
+++ b/pkg/api/config.go
@@ -63,11 +63,11 @@ func (c *Config) IsValid() error {
if c.TLSPrivateKey != "" && c.TLSCertificate == "" {
return errors.New("you have not provided a certificate file")
}
- if c.UseLetsEncrypt && c.LetsEncryptCacheDir == "" {
+ if c.UseLetsEncrypt && c.LetsEncryptCacheDir == "" {
return fmt.Errorf("the letsencrypt cache dir has not been set")
}
- if r.EnableForwarding {
+ if c.EnableForwarding {
if c.ClientID == "" {
return errors.New("you have not specified the client id")
}
@@ -93,8 +93,8 @@ func (c *Config) IsValid() error {
if _, err := url.Parse(c.Upstream); err != nil {
return fmt.Errorf("the upstream endpoint is invalid, %s", err)
}
- if r.SkipUpstreamTLSVerify && r.UpstreamCA != "" {
- return fmt.Errorf("you cannot skip upstream tls and load a root ca: %s to verify it", r.UpstreamCA)
+ if c.SkipUpstreamTLSVerify && c.UpstreamCA != "" {
+ return fmt.Errorf("you cannot skip upstream tls and load a root ca: %s to verify it", c.UpstreamCA)
}
// step: if the skip verification is off, we need the below
diff --git a/pkg/api/doc.go b/pkg/api/doc.go
index 94937460bb4f9e47bcbbab1fa6247fac4fe01eb5..b65ea529225d0b47594eb152dad892c37f5a90f8 100644
--- a/pkg/api/doc.go
+++ b/pkg/api/doc.go
@@ -15,11 +15,7 @@ limitations under the License.
package api
-import (
- "fmt"
- "strconv"
- "time"
-)
+import "time"
// Resource represents a url resource to protect
type Resource struct {
@@ -264,6 +260,7 @@ type Config struct {
DisableAllLogging bool `json:"disable-all-logging" yaml:"disable-all-logging" usage:"disables all logging to stdout and stderr"`
}
+/*
// getVersion returns the proxy version
func getVersion() string {
if version == "" {
@@ -276,24 +273,4 @@ func getVersion() string {
return version
}
-
-// RequestScope is a request level context scope passed between middleware
-type RequestScope struct {
- // AccessDenied indicates the request should not be proxied on
- AccessDenied bool
- // Identity is the user Identity of the request
- Identity *userContext
-}
-
-// storage is used to hold the offline refresh token, assuming you don't want to use
-// the default practice of a encrypted cookie
-type storage interface {
- // Set the token to the store
- Set(string, string) error
- // Get retrieves a token from the store
- Get(string) (string, error)
- // Delete removes a key from the store
- Delete(string) error
- // Close is used to close off any resources
- Close() error
-}
+*/
diff --git a/pkg/server/handlers_test.go b/pkg/server/handlers_test.go
index 4e95f264926a0d565cb5f4f655683668e8a12986..6208645fd12dd272a0c2ba019f67f61078c46d64 100644
--- a/pkg/server/handlers_test.go
+++ b/pkg/server/handlers_test.go
@@ -291,19 +291,19 @@ func TestCallbackURL(t *testing.T) {
},
{
URI: constants.OauthURL + constants.CallbackURL + "?code=fake",
- ExpectedCookies: []string{cfg.CookieAccessName},
+ ExpectedCookies: map[string]string{cfg.CookieAccessName: ""},
ExpectedLocation: "/",
ExpectedCode: http.StatusTemporaryRedirect,
},
{
URI: constants.OauthURL + constants.CallbackURL + "?code=fake&state=/admin",
- ExpectedCookies: []string{cfg.CookieAccessName},
+ ExpectedCookies: map[string]string{cfg.CookieAccessName: ""},
ExpectedLocation: "/",
ExpectedCode: http.StatusTemporaryRedirect,
},
{
URI: constants.OauthURL + constants.CallbackURL + "?code=fake&state=L2FkbWlu",
- ExpectedCookies: []string{cfg.CookieAccessName},
+ ExpectedCookies: map[string]string{cfg.CookieAccessName: ""},
ExpectedLocation: "/admin",
ExpectedCode: http.StatusTemporaryRedirect,
},
diff --git a/pkg/server/middleware_test.go b/pkg/server/middleware_test.go
index 4284f7b2538109802ef427fada8ee6baeb1e8776..6132370737aa53fb334e910073f251add96901c0 100644
--- a/pkg/server/middleware_test.go
+++ b/pkg/server/middleware_test.go
@@ -25,15 +25,15 @@ import (
"testing"
"time"
- "github.com/gambol99/keycloak-proxy/pkg/api"
- "github.com/gambol99/keycloak-proxy/pkg/constants"
- "github.com/gambol99/keycloak-proxy/pkg/utils"
-
- "github.com/gambol99/go-oidc/jose"
"github.com/go-resty/resty"
"github.com/rs/cors"
"github.com/stretchr/testify/assert"
"go.uber.org/zap"
+
+ "github.com/gambol99/go-oidc/jose"
+ "github.com/gambol99/keycloak-proxy/pkg/api"
+ "github.com/gambol99/keycloak-proxy/pkg/constants"
+ "github.com/gambol99/keycloak-proxy/pkg/utils"
)
type fakeRequest struct {
@@ -61,7 +61,7 @@ type fakeRequest struct {
ExpectedCode int
ExpectedContent string
ExpectedContentContains string
- ExpectedCookies []string
+ ExpectedCookies map[string]string
ExpectedHeaders map[string]string
ExpectedProxyHeaders map[string]string
ExpectedLocation string
@@ -243,7 +243,7 @@ func (f *fakeProxy) RunTests(t *testing.T, requests []fakeRequest) {
}
if len(c.ExpectedCookies) > 0 {
for k, v := range c.ExpectedCookies {
- cookie := findCookie(k, resp.Cookies())
+ cookie := utils.FindCookie(k, resp.Cookies())
if !assert.NotNil(t, cookie, "case %d, expected cookie %s not found", i, k) {
continue
}
@@ -337,7 +337,7 @@ func TestMethodExclusions(t *testing.T) {
cfg := newFakeKeycloakConfig()
cfg.Resources = []*api.Resource{
{
- URL: "/post",
+ URI: "/post",
Methods: []string{http.MethodPost, http.MethodPut},
},
}
diff --git a/pkg/server/server.go b/pkg/server/server.go
index 76271296d7b3ada6b30dc24e89508d26250a1e80..807ebe2d3a89b1710cb3b1a3fb3e202fef5bba54 100644
--- a/pkg/server/server.go
+++ b/pkg/server/server.go
@@ -16,7 +16,6 @@ limitations under the License.
package server
import (
- "context"
"crypto/tls"
"crypto/x509"
"errors"
@@ -32,8 +31,6 @@ import (
"strings"
"time"
- "golang.org/x/crypto/acme/autocert"
-
httplog "log"
"github.com/gambol99/keycloak-proxy/pkg/api"
@@ -239,10 +236,10 @@ func (r *oauthProxy) createReverseProxy() error {
for _, m := range x.Methods {
if !x.WhiteListed {
- e.MethodFunc(m, x.URL, emptyHandler)
+ e.MethodFunc(m, x.URI, emptyHandler)
continue
}
- engine.MethodFunc(m, x.URL, emptyHandler)
+ engine.MethodFunc(m, x.URI, emptyHandler)
}
}
@@ -401,7 +398,6 @@ type listenerConfig struct {
proxyProtocol bool // whether to enable proxy protocol on the listen
redirectionURL string // url to redirect to
useLetsEncrypt bool // whether to use lets encrypt for retrieving ssl certificates
- letsEncryptCacheDir string // the path to cache letsencrypt certificates
}
// ErrHostNotConfigured indicates the hostname was not configured
diff --git a/pkg/server/server_test.go b/pkg/server/server_test.go
index 0740c27b125ae795c91ce8eaba5f2fba98157e62..41b9e470b71032d2e1160ce0db4364c69476cb78 100644
--- a/pkg/server/server_test.go
+++ b/pkg/server/server_test.go
@@ -26,11 +26,11 @@ import (
"testing"
"time"
- "github.com/gambol99/keycloak-proxy/pkg/api"
- "github.com/gambol99/keycloak-proxy/pkg/constants"
+ "github.com/stretchr/testify/assert"
"github.com/gambol99/go-oidc/jose"
- "github.com/stretchr/testify/assert"
+ "github.com/gambol99/keycloak-proxy/pkg/api"
+ "github.com/gambol99/keycloak-proxy/pkg/constants"
)
const (
@@ -408,14 +408,15 @@ func newFakeKeycloakConfig() *api.Config {
DisableAllLogging: true,
DiscoveryURL: "127.0.0.1:0",
EnableAuthorizationHeader: true,
- EnableAuthorizationCookies: true,
+ EnableAuthorizationCookies: true,
EnableLogging: false,
EnableLoginHandler: true,
EnableTokenHeader: true,
Listen: "127.0.0.1:0",
Scopes: []string{},
+ Upstream: "http://127.0.0.1:8080",
Verbose: true,
- Resources: []*Resource{
+ Resources: []*api.Resource{
{
URI: fakeAdminRoleURL,
Methods: []string{"GET"},
diff --git a/pkg/server/session.go b/pkg/server/session.go
index 1f63902af213313848d1750aeb39834604dcb898..af61455ed5fb93578637f106c50ceb9a8cc8a68d 100644
--- a/pkg/server/session.go
+++ b/pkg/server/session.go
@@ -114,7 +114,7 @@ func getTokenInCookie(req *http.Request, name string) (string, error) {
// add also divided cookies
for i := 1; i < 600; i++ {
- cookie := findCookie(name+"-"+strconv.Itoa(i), req.Cookies())
+ cookie := utils.FindCookie(name+"-"+strconv.Itoa(i), req.Cookies())
if cookie == nil {
break
} else {
@@ -123,7 +123,7 @@ func getTokenInCookie(req *http.Request, name string) (string, error) {
}
if token.Len() == 0 {
- return "", ErrSessionNotFound
+ return "", errors.ErrSessionNotFound
}
return token.String(), nil