3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-05-09 15:17:39 +02:00
Code Issues Projects Releases Packages Wiki Activity

controlplane: move jwks.json endpoint to control plane (#3691)

Browse source
This commit is contained in:
Caleb Doxsey 2022-10-25 08:01:33 -06:00 committed by GitHub
parent 63b210e51d
commit b68dc1ff4f
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
6 changed files with 99 additions and 70 deletions
Download patch file Download diff file Expand all files Collapse all files

34
internal/controlplane/http.go
View file

@ -2,15 +2,14 @@
package controlplane
import (
"fmt"
"net/http"
"net/url"
"time"
"github.com/CAFxX/httpcompression"
"github.com/gorilla/handlers"
"github.com/gorilla/mux"
"github.com/pomerium/csrf"
"github.com/pomerium/pomerium/config"
"github.com/pomerium/pomerium/internal/httputil"
"github.com/pomerium/pomerium/internal/log"
@ -47,32 +46,23 @@ func (srv *Server) addHTTPMiddleware(root *mux.Router, cfg *config.Config) {
root.Use(telemetry.HTTPStatsHandler(func() string {
return srv.currentConfig.Load().Options.InstallationID
}, srv.name))
root.HandleFunc("/healthz", httputil.HealthCheck)
root.HandleFunc("/ping", httputil.HealthCheck)
root.Handle("/.well-known/pomerium", httputil.HandlerFunc(func(w http.ResponseWriter, r *http.Request) error {
return wellKnownPomerium(w, r, cfg)
}))
root.Handle("/.well-known/pomerium/", httputil.HandlerFunc(func(w http.ResponseWriter, r *http.Request) error {
return wellKnownPomerium(w, r, cfg)
}))
}
func wellKnownPomerium(w http.ResponseWriter, r *http.Request, cfg *config.Config) error {
func (srv *Server) mountCommonEndpoints(root *mux.Router, cfg *config.Config) error {
authenticateURL, err := cfg.Options.GetAuthenticateURL()
if err != nil {
return err
return fmt.Errorf("invalid authenticate URL: %w", err)
}
wellKnownURLs := struct {
OAuth2Callback string `json:"authentication_callback_endpoint"` // RFC6749
JSONWebKeySetURL string `json:"jwks_uri"` // RFC7517
FrontchannelLogoutURI string `json:"frontchannel_logout_uri"` // https://openid.net/specs/openid-connect-frontchannel-1_0.html
}{
authenticateURL.ResolveReference(&url.URL{Path: "/oauth2/callback"}).String(),
authenticateURL.ResolveReference(&url.URL{Path: "/.well-known/pomerium/jwks.json"}).String(),
authenticateURL.ResolveReference(&url.URL{Path: "/.pomerium/sign_out"}).String(),
rawSigningKey, err := cfg.Options.GetSigningKey()
if err != nil {
return fmt.Errorf("invalid signing key: %w", err)
}
w.Header().Set("X-CSRF-Token", csrf.Token(r))
httputil.RenderJSON(w, http.StatusOK, wellKnownURLs)
root.HandleFunc("/healthz", httputil.HealthCheck)
root.HandleFunc("/ping", httputil.HealthCheck)
root.Handle("/.well-known/pomerium", httputil.WellKnownPomeriumHandler(authenticateURL))
root.Handle("/.well-known/pomerium/", httputil.WellKnownPomeriumHandler(authenticateURL))
root.Path("/.well-known/pomerium/jwks.json").Methods(http.MethodGet).Handler(httputil.JWKSHandler(rawSigningKey))
return nil
}