3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-08-02 16:30:17 +02:00
Code Issues Projects Releases Packages Wiki Activity

controlplane: add well-known endpoint to the controlplane http handler (#3555)

Browse source 
* controlplane: add well-known endpoint to the controlplane http handler

* add support for trailing /

* remove redundant test
This commit is contained in:
Caleb Doxsey 2022-08-16 09:59:39 -06:00 committed by GitHub
parent dc122bcbc6
commit 6140ee1d88
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
5 changed files with 87 additions and 40 deletions
Download patch file Download diff file Expand all files Collapse all files

31
internal/controlplane/http.go
View file

@ -3,19 +3,22 @@ package controlplane
import (
"net/http"
"net/url"
"time"
"github.com/CAFxX/httpcompression"
"github.com/gorilla/handlers"
"github.com/gorilla/mux"
"github.com/pomerium/csrf"
"github.com/pomerium/pomerium/config"
"github.com/pomerium/pomerium/internal/httputil"
"github.com/pomerium/pomerium/internal/log"
"github.com/pomerium/pomerium/internal/telemetry"
"github.com/pomerium/pomerium/internal/telemetry/requestid"
)
func (srv *Server) addHTTPMiddleware(root *mux.Router) {
func (srv *Server) addHTTPMiddleware(root *mux.Router, cfg *config.Config) {
compressor, err := httpcompression.DefaultAdapter()
if err != nil {
panic(err)
@ -46,4 +49,30 @@ func (srv *Server) addHTTPMiddleware(root *mux.Router) {
}, srv.name))
root.HandleFunc("/healthz", httputil.HealthCheck)
root.HandleFunc("/ping", httputil.HealthCheck)
root.Handle("/.well-known/pomerium", httputil.HandlerFunc(func(w http.ResponseWriter, r *http.Request) error {
return wellKnownPomerium(w, r, cfg)
}))
root.Handle("/.well-known/pomerium/", httputil.HandlerFunc(func(w http.ResponseWriter, r *http.Request) error {
return wellKnownPomerium(w, r, cfg)
}))
}
func wellKnownPomerium(w http.ResponseWriter, r *http.Request, cfg *config.Config) error {
authenticateURL, err := cfg.Options.GetAuthenticateURL()
if err != nil {
return err
}
wellKnownURLs := struct {
OAuth2Callback string `json:"authentication_callback_endpoint"` // RFC6749
JSONWebKeySetURL string `json:"jwks_uri"` // RFC7517
FrontchannelLogoutURI string `json:"frontchannel_logout_uri"` // https://openid.net/specs/openid-connect-frontchannel-1_0.html
}{
authenticateURL.ResolveReference(&url.URL{Path: "/oauth2/callback"}).String(),
authenticateURL.ResolveReference(&url.URL{Path: "/.well-known/pomerium/jwks.json"}).String(),
authenticateURL.ResolveReference(&url.URL{Path: "/.pomerium/sign_out"}).String(),
}
w.Header().Set("X-CSRF-Token", csrf.Token(r))
httputil.RenderJSON(w, http.StatusOK, wellKnownURLs)
return nil
}