Skip to content
GitLab
Explore
Sign in
Primary navigation
Search or go to…
Project
K
keycloak-proxy
Manage
Activity
Members
Labels
Plan
Issues
Issue boards
Milestones
Wiki
Code
Merge requests
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Snippets
Build
Pipelines
Jobs
Pipeline schedules
Artifacts
Deploy
Releases
Container registry
Model registry
Operate
Environments
Monitor
Incidents
Service Desk
Analyze
Value stream analytics
Contributor analytics
CI/CD analytics
Repository analytics
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
Community forum
Contribute to GitLab
Provide feedback
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
Janne Mareike Koschinski
keycloak-proxy
Commits
abdfe8d8
Commit
abdfe8d8
authored
9 years ago
by
Rohith
Browse files
Options
Downloads
Patches
Plain Diff
- shifting the routing into a separate method
- adding some extra tests
parent
ed113cc9
Branches
Branches containing commit
Tags
Tags containing commit
No related merge requests found
Changes
6
Show whitespace changes
Inline
Side-by-side
Showing
6 changed files
handlers.go
+1
-1
1 addition, 1 deletion
handlers.go
oauth.yml
+0
-0
0 additions, 0 deletions
oauth.yml
oauth_test.go
+0
-0
0 additions, 0 deletions
oauth_test.go
server.go
+22
-16
22 additions, 16 deletions
server.go
server_test.go
+5
-0
5 additions, 0 deletions
server_test.go
util_test.go
+18
-0
18 additions, 0 deletions
util_test.go
with
46 additions
and
17 deletions
handlers.go
+
1
−
1
View file @
abdfe8d8
...
@@ -87,7 +87,7 @@ func (r *KeycloakProxy) securityHandler() gin.HandlerFunc {
...
@@ -87,7 +87,7 @@ func (r *KeycloakProxy) securityHandler() gin.HandlerFunc {
}
}
//
//
// entry
p
ointHandler checks to see if the request requires authentication
// entry
P
ointHandler checks to see if the request requires authentication
//
//
func
(
r
*
KeycloakProxy
)
entryPointHandler
()
gin
.
HandlerFunc
{
func
(
r
*
KeycloakProxy
)
entryPointHandler
()
gin
.
HandlerFunc
{
return
func
(
cx
*
gin
.
Context
)
{
return
func
(
cx
*
gin
.
Context
)
{
...
...
This diff is collapsed.
Click to expand it.
oauth.yml
0 → 100644
+
0
−
0
View file @
abdfe8d8
This diff is collapsed.
Click to expand it.
oauth_test.go
0 → 100644
+
0
−
0
View file @
abdfe8d8
This diff is collapsed.
Click to expand it.
server.go
+
22
−
16
View file @
abdfe8d8
...
@@ -16,18 +16,19 @@ limitations under the License.
...
@@ -16,18 +16,19 @@ limitations under the License.
package
main
package
main
import
(
import
(
"crypto/tls"
"crypto/x509"
"fmt"
"fmt"
"io/ioutil"
"net/http"
"net/http"
"net/url"
"net/url"
"os"
"os"
"sync"
"sync"
"crypto/tls"
"crypto/x509"
log
"github.com/Sirupsen/logrus"
"github.com/gambol99/go-oidc/oidc"
"github.com/gambol99/go-oidc/oidc"
log
"github.com/Sirupsen/logrus"
"github.com/gin-gonic/gin"
"github.com/gin-gonic/gin"
"io/ioutil"
)
)
// KeycloakProxy is the server component
// KeycloakProxy is the server component
...
@@ -96,7 +97,6 @@ func newKeycloakProxy(cfg *Config) (*KeycloakProxy, error) {
...
@@ -96,7 +97,6 @@ func newKeycloakProxy(cfg *Config) (*KeycloakProxy, error) {
// step: initialize the gin router
// step: initialize the gin router
router
:=
gin
.
New
()
router
:=
gin
.
New
()
service
.
router
=
router
service
.
router
=
router
// step: load the templates
// step: load the templates
service
.
initializeTemplates
()
service
.
initializeTemplates
()
for
_
,
resource
:=
range
cfg
.
Resources
{
for
_
,
resource
:=
range
cfg
.
Resources
{
...
@@ -106,25 +106,29 @@ func newKeycloakProxy(cfg *Config) (*KeycloakProxy, error) {
...
@@ -106,25 +106,29 @@ func newKeycloakProxy(cfg *Config) (*KeycloakProxy, error) {
log
.
Infof
(
"the token must container the claim: %s, required: %s"
,
name
,
value
)
log
.
Infof
(
"the token must container the claim: %s, required: %s"
,
name
,
value
)
}
}
router
.
Use
(
gin
.
Recovery
())
service
.
initializeRouter
()
// step: are we logging the traffic?
if
cfg
.
LogRequests
{
return
service
,
nil
router
.
Use
(
service
.
loggingHandler
())
}
}
// initializeRouter sets up the gin routing
func
(
r
KeycloakProxy
)
initializeRouter
()
{
r
.
router
.
Use
(
gin
.
Recovery
())
// step: are we logging the traffic?
if
r
.
config
.
LogRequests
{
r
.
router
.
Use
(
r
.
loggingHandler
())
}
// step: if gin release production
// step: if gin release production
if
os
.
Getenv
(
"GIN_MODE"
)
==
"release"
{
if
os
.
Getenv
(
"GIN_MODE"
)
==
"release"
{
log
.
Infof
(
"enabling the security handler for release mode"
)
log
.
Infof
(
"enabling the security handler for release mode"
)
router
.
Use
(
service
.
securityHandler
())
r
.
router
.
Use
(
r
.
securityHandler
())
}
}
// step: add the routing
// step: add the routing
router
.
GET
(
authorizationURL
,
service
.
oauthAuthorizationHandler
)
r
.
router
.
GET
(
authorizationURL
,
r
.
oauthAuthorizationHandler
)
router
.
GET
(
callbackURL
,
service
.
oauthCallbackHandler
)
r
.
router
.
GET
(
callbackURL
,
r
.
oauthCallbackHandler
)
router
.
GET
(
healthURL
,
service
.
healthHandler
)
r
.
router
.
GET
(
healthURL
,
r
.
healthHandler
)
router
.
Use
(
service
.
entryPointHandler
(),
service
.
authenticationHandler
(),
service
.
admissionHandler
())
r
.
router
.
Use
(
r
.
entryPointHandler
(),
r
.
authenticationHandler
(),
r
.
admissionHandler
())
return
service
,
nil
}
}
// initializeTemplates loads the custom template
// initializeTemplates loads the custom template
...
@@ -151,6 +155,8 @@ func (r *KeycloakProxy) Run() error {
...
@@ -151,6 +155,8 @@ func (r *KeycloakProxy) Run() error {
// step: are we doing mutual tls?
// step: are we doing mutual tls?
if
r
.
config
.
TLSCaCertificate
!=
""
{
if
r
.
config
.
TLSCaCertificate
!=
""
{
log
.
Infof
(
"enabling mutual tls, reading in the ca: %s"
,
r
.
config
.
TLSCaCertificate
)
caCert
,
err
:=
ioutil
.
ReadFile
(
r
.
config
.
TLSCaCertificate
)
caCert
,
err
:=
ioutil
.
ReadFile
(
r
.
config
.
TLSCaCertificate
)
if
err
!=
nil
{
if
err
!=
nil
{
return
err
return
err
...
...
This diff is collapsed.
Click to expand it.
server_test.go
+
5
−
0
View file @
abdfe8d8
...
@@ -50,6 +50,7 @@ func newFakeKeycloakProxyWithResources(t *testing.T, resources []*Resource) *Key
...
@@ -50,6 +50,7 @@ func newFakeKeycloakProxyWithResources(t *testing.T, resources []*Resource) *Key
func
newFakeKeycloakProxy
(
t
*
testing
.
T
)
*
KeycloakProxy
{
func
newFakeKeycloakProxy
(
t
*
testing
.
T
)
*
KeycloakProxy
{
log
.
SetOutput
(
ioutil
.
Discard
)
log
.
SetOutput
(
ioutil
.
Discard
)
kc
:=
&
KeycloakProxy
{
kc
:=
&
KeycloakProxy
{
config
:
&
Config
{
config
:
&
Config
{
DiscoveryURL
:
"127.0.0.1:"
,
DiscoveryURL
:
"127.0.0.1:"
,
...
@@ -96,6 +97,10 @@ func newFakeKeycloakProxy(t *testing.T) *KeycloakProxy {
...
@@ -96,6 +97,10 @@ func newFakeKeycloakProxy(t *testing.T) *KeycloakProxy {
},
},
proxy
:
new
(
fakeReverseProxy
),
proxy
:
new
(
fakeReverseProxy
),
}
}
kc
.
router
=
gin
.
New
()
gin
.
SetMode
(
gin
.
ReleaseMode
)
// step: add the gin routing
kc
.
initializeRouter
()
return
kc
return
kc
}
}
...
...
This diff is collapsed.
Click to expand it.
util_test.go
+
18
−
0
View file @
abdfe8d8
...
@@ -17,8 +17,11 @@ package main
...
@@ -17,8 +17,11 @@ package main
import
(
import
(
"bytes"
"bytes"
"fmt"
"io/ioutil"
"net/http"
"net/http"
"net/url"
"net/url"
"os"
"reflect"
"reflect"
"testing"
"testing"
...
@@ -205,6 +208,21 @@ func TestValidateResources(t *testing.T) {
...
@@ -205,6 +208,21 @@ func TestValidateResources(t *testing.T) {
}
}
}
}
func
TestFileExists
(
t
*
testing
.
T
)
{
if
fileExists
(
"no_such_file_exsit_32323232"
)
{
t
.
Errorf
(
"we should have received false"
)
}
tmpfile
,
err
:=
ioutil
.
TempFile
(
"/tmp"
,
fmt
.
Sprintf
(
"test_file_%d"
,
os
.
Getpid
()))
if
err
!=
nil
{
t
.
Fatalf
(
"failed to create the temporary file, %s"
,
err
)
}
defer
os
.
Remove
(
tmpfile
.
Name
())
if
!
fileExists
(
tmpfile
.
Name
())
{
t
.
Errorf
(
"we should have received a true"
)
}
}
func
TestDecodeResource
(
t
*
testing
.
T
)
{
func
TestDecodeResource
(
t
*
testing
.
T
)
{
testCases
:=
[]
struct
{
testCases
:=
[]
struct
{
Option
string
Option
string
...
...
This diff is collapsed.
Click to expand it.
Preview
0%
Loading
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment