3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-08-02 00:10:45 +02:00
Code Issues Projects Releases Packages Wiki Activity

authenticate: fix authenticate_internal_service_url for all in one (#4003)

Browse source
This commit is contained in:
Denis Mishin 2023-02-22 10:42:27 -05:00 committed by GitHub
parent 74fe336f5f
commit 62ca7ffaa2
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
5 changed files with 57 additions and 46 deletions
Download patch file Download diff file Expand all files Collapse all files

19
internal/controlplane/server.go
View file

@ -5,6 +5,7 @@ import (
"net"
"net/http"
"net/http/pprof"
"net/url"
"time"
envoy_service_discovery_v3 "github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3"
@ -289,12 +290,20 @@ func (srv *Server) updateRouter(cfg *config.Config) error {
return err
}
if srv.authenticateSvc != nil {
authenticateURL, err := cfg.Options.GetInternalAuthenticateURL()
if err != nil {
return err
seen := make(map[string]struct{})
// mount auth handler for both internal and external endpoints
for _, fn := range []func() (*url.URL, error){cfg.Options.GetAuthenticateURL, cfg.Options.GetInternalAuthenticateURL} {
authenticateURL, err := fn()
if err != nil {
return err
}
authenticateHost := urlutil.StripPort(authenticateURL.Host)
if _, ok := seen[authenticateHost]; ok {
continue
}
seen[authenticateHost] = struct{}{}
srv.authenticateSvc.Mount(httpRouter.Host(authenticateHost).Subrouter())
}
authenticateHost := urlutil.StripPort(authenticateURL.Host)
srv.authenticateSvc.Mount(httpRouter.Host(authenticateHost).Subrouter())
}
if srv.proxySvc != nil {
srv.proxySvc.Mount(httpRouter)