3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-05-11 16:17:39 +02:00
Code Issues Projects Releases Packages Wiki Activity

cache : add cache service (#457)

Browse source 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
This commit is contained in:
Bobby DeSimone 2020-01-20 18:25:34 -08:00 committed by GitHub
parent 8a9cb0f803
commit dccc7cd2ff
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
46 changed files with 1837 additions and 587 deletions
Download patch file Download diff file Expand all files Collapse all files

17
proxy/middleware.go
View file

@ -62,25 +62,32 @@ func (p *Proxy) refresh(ctx context.Context, w http.ResponseWriter, r *http.Requ
// 1 - build a signed url to call refresh on authenticate service
refreshURI := *p.authenticateRefreshURL
q := refreshURI.Query()
q.Set("ati", s.AccessTokenID) // hash value points to parent token
q.Set("aud", urlutil.StripPort(r.Host)) // request's audience, this route
q.Set(urlutil.QueryAccessTokenID, s.AccessTokenID) // hash value points to parent token
q.Set(urlutil.QueryAudience, urlutil.StripPort(r.Host)) // request's audience, this route
refreshURI.RawQuery = q.Encode()
signedRefreshURL := urlutil.NewSignedURL(p.SharedKey, &refreshURI).String()
// 2 - http call to authenticate service
req, err := http.NewRequestWithContext(ctx, http.MethodGet, signedRefreshURL, nil)
if err != nil {
return nil, fmt.Errorf("proxy: backend refresh: new request: %v", err)
return nil, fmt.Errorf("proxy: refresh request: %v", err)
}
req.Header.Set("X-Requested-With", "XmlHttpRequest")
req.Header.Set("Accept", "application/json")
res, err := httputil.DefaultClient.Do(req)
if err != nil {
return nil, fmt.Errorf("proxy: fetch %v: %w", signedRefreshURL, err)
return nil, fmt.Errorf("proxy: client err %s: %w", signedRefreshURL, err)
}
defer res.Body.Close()
jwtBytes, err := ioutil.ReadAll(io.LimitReader(res.Body, 4<<10))
if err != nil {
return nil, err
}
// auth couldn't refersh the session, delete the session and reload via 302
if res.StatusCode != http.StatusOK {
return nil, fmt.Errorf("proxy: backend refresh failed: %s", jwtBytes)
}
// 3 - save refreshed session to the client's session store
if err = p.sessionStore.SaveSession(w, r, jwtBytes); err != nil {
@ -99,10 +106,10 @@ func (p *Proxy) refresh(ctx context.Context, w http.ResponseWriter, r *http.Requ
func (p *Proxy) redirectToSignin(w http.ResponseWriter, r *http.Request) error {
s, err := sessions.FromContext(r.Context())
p.sessionStore.ClearSession(w, r)
if s != nil && err != nil && s.Programmatic {
return httputil.NewError(http.StatusUnauthorized, err)
}
p.sessionStore.ClearSession(w, r)
signinURL := *p.authenticateSigninURL
q := signinURL.Query()
q.Set(urlutil.QueryRedirectURI, urlutil.GetAbsoluteURL(r).String())