From 51beab325fec302cc7b3db8645dc4d24511fb03a Mon Sep 17 00:00:00 2001
From: Rohith <gambol99@gmail.com>
Date: Mon, 18 Dec 2017 18:15:28 +0000
Subject: [PATCH] - fixing up the conflicts following a rebase
---
pkg/api/config.go | 8 ++++----
pkg/api/doc.go | 29 +++--------------------------
pkg/server/handlers_test.go | 6 +++---
pkg/server/middleware_test.go | 16 ++++++++--------
pkg/server/server.go | 8 ++------
pkg/server/server_test.go | 11 ++++++-----
pkg/server/session.go | 4 ++--
7 files changed, 28 insertions(+), 54 deletions(-)
diff --git a/pkg/api/config.go b/pkg/api/config.go
index 42940fa..137d77b 100644
--- a/pkg/api/config.go
+++ b/pkg/api/config.go
@@ -63,11 +63,11 @@ func (c *Config) IsValid() error {
if c.TLSPrivateKey != "" && c.TLSCertificate == "" {
return errors.New("you have not provided a certificate file")
}
- if c.UseLetsEncrypt && c.LetsEncryptCacheDir == "" {
+ if c.UseLetsEncrypt && c.LetsEncryptCacheDir == "" {
return fmt.Errorf("the letsencrypt cache dir has not been set")
}
- if r.EnableForwarding {
+ if c.EnableForwarding {
if c.ClientID == "" {
return errors.New("you have not specified the client id")
}
@@ -93,8 +93,8 @@ func (c *Config) IsValid() error {
if _, err := url.Parse(c.Upstream); err != nil {
return fmt.Errorf("the upstream endpoint is invalid, %s", err)
}
- if r.SkipUpstreamTLSVerify && r.UpstreamCA != "" {
- return fmt.Errorf("you cannot skip upstream tls and load a root ca: %s to verify it", r.UpstreamCA)
+ if c.SkipUpstreamTLSVerify && c.UpstreamCA != "" {
+ return fmt.Errorf("you cannot skip upstream tls and load a root ca: %s to verify it", c.UpstreamCA)
}
// step: if the skip verification is off, we need the below
diff --git a/pkg/api/doc.go b/pkg/api/doc.go
index 9493746..b65ea52 100644
--- a/pkg/api/doc.go
+++ b/pkg/api/doc.go
@@ -15,11 +15,7 @@ limitations under the License.
package api
-import (
- "fmt"
- "strconv"
- "time"
-)
+import "time"
// Resource represents a url resource to protect
type Resource struct {
@@ -264,6 +260,7 @@ type Config struct {
DisableAllLogging bool `json:"disable-all-logging" yaml:"disable-all-logging" usage:"disables all logging to stdout and stderr"`
}
+/*
// getVersion returns the proxy version
func getVersion() string {
if version == "" {
@@ -276,24 +273,4 @@ func getVersion() string {
return version
}
-
-// RequestScope is a request level context scope passed between middleware
-type RequestScope struct {
- // AccessDenied indicates the request should not be proxied on
- AccessDenied bool
- // Identity is the user Identity of the request
- Identity *userContext
-}
-
-// storage is used to hold the offline refresh token, assuming you don't want to use
-// the default practice of a encrypted cookie
-type storage interface {
- // Set the token to the store
- Set(string, string) error
- // Get retrieves a token from the store
- Get(string) (string, error)
- // Delete removes a key from the store
- Delete(string) error
- // Close is used to close off any resources
- Close() error
-}
+*/
diff --git a/pkg/server/handlers_test.go b/pkg/server/handlers_test.go
index 4e95f26..6208645 100644
--- a/pkg/server/handlers_test.go
+++ b/pkg/server/handlers_test.go
@@ -291,19 +291,19 @@ func TestCallbackURL(t *testing.T) {
},
{
URI: constants.OauthURL + constants.CallbackURL + "?code=fake",
- ExpectedCookies: []string{cfg.CookieAccessName},
+ ExpectedCookies: map[string]string{cfg.CookieAccessName: ""},
ExpectedLocation: "/",
ExpectedCode: http.StatusTemporaryRedirect,
},
{
URI: constants.OauthURL + constants.CallbackURL + "?code=fake&state=/admin",
- ExpectedCookies: []string{cfg.CookieAccessName},
+ ExpectedCookies: map[string]string{cfg.CookieAccessName: ""},
ExpectedLocation: "/",
ExpectedCode: http.StatusTemporaryRedirect,
},
{
URI: constants.OauthURL + constants.CallbackURL + "?code=fake&state=L2FkbWlu",
- ExpectedCookies: []string{cfg.CookieAccessName},
+ ExpectedCookies: map[string]string{cfg.CookieAccessName: ""},
ExpectedLocation: "/admin",
ExpectedCode: http.StatusTemporaryRedirect,
},
diff --git a/pkg/server/middleware_test.go b/pkg/server/middleware_test.go
index 4284f7b..6132370 100644
--- a/pkg/server/middleware_test.go
+++ b/pkg/server/middleware_test.go
@@ -25,15 +25,15 @@ import (
"testing"
"time"
- "github.com/gambol99/keycloak-proxy/pkg/api"
- "github.com/gambol99/keycloak-proxy/pkg/constants"
- "github.com/gambol99/keycloak-proxy/pkg/utils"
-
- "github.com/gambol99/go-oidc/jose"
"github.com/go-resty/resty"
"github.com/rs/cors"
"github.com/stretchr/testify/assert"
"go.uber.org/zap"
+
+ "github.com/gambol99/go-oidc/jose"
+ "github.com/gambol99/keycloak-proxy/pkg/api"
+ "github.com/gambol99/keycloak-proxy/pkg/constants"
+ "github.com/gambol99/keycloak-proxy/pkg/utils"
)
type fakeRequest struct {
@@ -61,7 +61,7 @@ type fakeRequest struct {
ExpectedCode int
ExpectedContent string
ExpectedContentContains string
- ExpectedCookies []string
+ ExpectedCookies map[string]string
ExpectedHeaders map[string]string
ExpectedProxyHeaders map[string]string
ExpectedLocation string
@@ -243,7 +243,7 @@ func (f *fakeProxy) RunTests(t *testing.T, requests []fakeRequest) {
}
if len(c.ExpectedCookies) > 0 {
for k, v := range c.ExpectedCookies {
- cookie := findCookie(k, resp.Cookies())
+ cookie := utils.FindCookie(k, resp.Cookies())
if !assert.NotNil(t, cookie, "case %d, expected cookie %s not found", i, k) {
continue
}
@@ -337,7 +337,7 @@ func TestMethodExclusions(t *testing.T) {
cfg := newFakeKeycloakConfig()
cfg.Resources = []*api.Resource{
{
- URL: "/post",
+ URI: "/post",
Methods: []string{http.MethodPost, http.MethodPut},
},
}
diff --git a/pkg/server/server.go b/pkg/server/server.go
index 7627129..807ebe2 100644
--- a/pkg/server/server.go
+++ b/pkg/server/server.go
@@ -16,7 +16,6 @@ limitations under the License.
package server
import (
- "context"
"crypto/tls"
"crypto/x509"
"errors"
@@ -32,8 +31,6 @@ import (
"strings"
"time"
- "golang.org/x/crypto/acme/autocert"
-
httplog "log"
"github.com/gambol99/keycloak-proxy/pkg/api"
@@ -239,10 +236,10 @@ func (r *oauthProxy) createReverseProxy() error {
for _, m := range x.Methods {
if !x.WhiteListed {
- e.MethodFunc(m, x.URL, emptyHandler)
+ e.MethodFunc(m, x.URI, emptyHandler)
continue
}
- engine.MethodFunc(m, x.URL, emptyHandler)
+ engine.MethodFunc(m, x.URI, emptyHandler)
}
}
@@ -401,7 +398,6 @@ type listenerConfig struct {
proxyProtocol bool // whether to enable proxy protocol on the listen
redirectionURL string // url to redirect to
useLetsEncrypt bool // whether to use lets encrypt for retrieving ssl certificates
- letsEncryptCacheDir string // the path to cache letsencrypt certificates
}
// ErrHostNotConfigured indicates the hostname was not configured
diff --git a/pkg/server/server_test.go b/pkg/server/server_test.go
index 0740c27..41b9e47 100644
--- a/pkg/server/server_test.go
+++ b/pkg/server/server_test.go
@@ -26,11 +26,11 @@ import (
"testing"
"time"
- "github.com/gambol99/keycloak-proxy/pkg/api"
- "github.com/gambol99/keycloak-proxy/pkg/constants"
+ "github.com/stretchr/testify/assert"
"github.com/gambol99/go-oidc/jose"
- "github.com/stretchr/testify/assert"
+ "github.com/gambol99/keycloak-proxy/pkg/api"
+ "github.com/gambol99/keycloak-proxy/pkg/constants"
)
const (
@@ -408,14 +408,15 @@ func newFakeKeycloakConfig() *api.Config {
DisableAllLogging: true,
DiscoveryURL: "127.0.0.1:0",
EnableAuthorizationHeader: true,
- EnableAuthorizationCookies: true,
+ EnableAuthorizationCookies: true,
EnableLogging: false,
EnableLoginHandler: true,
EnableTokenHeader: true,
Listen: "127.0.0.1:0",
Scopes: []string{},
+ Upstream: "http://127.0.0.1:8080",
Verbose: true,
- Resources: []*Resource{
+ Resources: []*api.Resource{
{
URI: fakeAdminRoleURL,
Methods: []string{"GET"},
diff --git a/pkg/server/session.go b/pkg/server/session.go
index 1f63902..af61455 100644
--- a/pkg/server/session.go
+++ b/pkg/server/session.go
@@ -114,7 +114,7 @@ func getTokenInCookie(req *http.Request, name string) (string, error) {
// add also divided cookies
for i := 1; i < 600; i++ {
- cookie := findCookie(name+"-"+strconv.Itoa(i), req.Cookies())
+ cookie := utils.FindCookie(name+"-"+strconv.Itoa(i), req.Cookies())
if cookie == nil {
break
} else {
@@ -123,7 +123,7 @@ func getTokenInCookie(req *http.Request, name string) (string, error) {
}
if token.Len() == 0 {
- return "", ErrSessionNotFound
+ return "", errors.ErrSessionNotFound
}
return token.String(), nil
--
GitLab