cmd/pomerium : refactor main to more testable (#112)

- cmd/pomerium: refactor global timeouts to be configurable - cmd/pomerium: add tests - cmd/pomerium: remove debug flag, set with env vars only - cmd/pomerium: global ping now returns version not OK - proxy: validate shared secret encoding and length - docs: add timeout to example policy - docs: document timeouts and cors - docs: update pomerium logo - docs: add policy authorization docs
2025-06-01 18:33:19 +02:00 · 2019-05-09 23:10:19 -07:00 · 2019-05-09 23:10:19 -07:00 · 5448e3599a
commit 5448e3599a
parent 5e37c29dfe
16 changed files with 541 additions and 137 deletions
--- a/proxy/proxy.go
+++ b/proxy/proxy.go
@ -109,13 +109,19 @@ func OptionsFromEnvConfig() (*Options, error) {
 // Validate checks that proper configuration settings are set to create
 // a proper Proxy instance
 func (o *Options) Validate() error {
+	decoded, err := base64.StdEncoding.DecodeString(o.SharedKey)
+	if err != nil {
+		return fmt.Errorf("authorize: `SHARED_SECRET` setting is invalid base64: %v", err)
+	}
+	if len(decoded) != 32 {
+		return fmt.Errorf("authorize: `SHARED_SECRET` want 32 but got %d bytes", len(decoded))
+	}
 	if len(o.Routes) != 0 {
 		return errors.New("routes setting is deprecated, use policy instead")
 	}
 	if o.Policy == "" && o.PolicyFile == "" {
 		return errors.New("proxy: either `POLICY` or `POLICY_FILE` must be non-nil")
 	}
-	var err error
 	if o.Policy != "" {
 		confBytes, err := base64.StdEncoding.DecodeString(o.Policy)
 		if err != nil {
@ -148,9 +154,6 @@ func (o *Options) Validate() error {
 	if o.CookieSecret == "" {
 		return errors.New("missing setting: cookie-secret")
 	}
-	if o.SharedKey == "" {
-		return errors.New("missing setting: client-secret")
-	}
 	decodedCookieSecret, err := base64.StdEncoding.DecodeString(o.CookieSecret)
 	if err != nil {
 		return fmt.Errorf("cookie secret is invalid base64: %v", err)