mirror of
https://github.com/pomerium/pomerium.git
synced 2025-05-10 07:37:33 +02:00
config: add internal service URLs (#2801)
* config: add internal service URLs * maybe fix integration tests * add docs * fix integration tests * for databroker connect to external name, but listen on internal name * Update docs/reference/readme.md Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com> * Update docs/reference/readme.md Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com> * Update docs/reference/readme.md Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com> * Update docs/reference/settings.yaml Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com> * Update docs/reference/settings.yaml Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com> * Update docs/reference/settings.yaml Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com> Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com>
This commit is contained in:
Caleb Doxsey
GitHub
parent
2d04106e6d
commit
5a858f5d48
29 changed files with 2867 additions and 434 deletions
|
|
@ -13,7 +13,7 @@ import (
|
|||
func (a *Authenticate) requireValidSignatureOnRedirect(next httputil.HandlerFunc) http.Handler {
|
||||
return httputil.HandlerFunc(func(w http.ResponseWriter, r *http.Request) error {
|
||||
if r.FormValue(urlutil.QueryRedirectURI) != "" || r.FormValue(urlutil.QueryHmacSignature) != "" {
|
||||
err := middleware.ValidateRequestURL(r, a.state.Load().sharedKey)
|
||||
err := middleware.ValidateRequestURL(a.getExternalRequest(r), a.state.Load().sharedKey)
|
||||
if err != nil {
|
||||
return httputil.NewError(http.StatusBadRequest, err)
|
||||
}
|
||||
|
|
@ -25,10 +25,39 @@ func (a *Authenticate) requireValidSignatureOnRedirect(next httputil.HandlerFunc
|
|||
// requireValidSignature validates the pomerium_signature.
|
||||
func (a *Authenticate) requireValidSignature(next httputil.HandlerFunc) http.Handler {
|
||||
return httputil.HandlerFunc(func(w http.ResponseWriter, r *http.Request) error {
|
||||
err := middleware.ValidateRequestURL(r, a.state.Load().sharedKey)
|
||||
err := middleware.ValidateRequestURL(a.getExternalRequest(r), a.state.Load().sharedKey)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return next(w, r)
|
||||
})
|
||||
}
|
||||
|
||||
func (a *Authenticate) getExternalRequest(r *http.Request) *http.Request {
|
||||
options := a.options.Load()
|
||||
|
||||
externalURL, err := options.GetAuthenticateURL()
|
||||
if err != nil {
|
||||
return r
|
||||
}
|
||||
|
||||
internalURL, err := options.GetInternalAuthenticateURL()
|
||||
if err != nil {
|
||||
return r
|
||||
}
|
||||
|
||||
// if we're not using a different internal URL there's nothing to do
|
||||
if externalURL.String() == internalURL.String() {
|
||||
return r
|
||||
}
|
||||
|
||||
// replace the internal host with the external host
|
||||
er := r.Clone(r.Context())
|
||||
if er.URL.Host == internalURL.Host {
|
||||
er.URL.Host = externalURL.Host
|
||||
}
|
||||
if er.Host == internalURL.Host {
|
||||
er.Host = externalURL.Host
|
||||
}
|
||||
return er
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue