3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-08-02 08:19:23 +02:00
Code Issues Projects Releases Packages Wiki Activity

authenticate: add verify endpoints

Browse source
This commit is contained in:
Caleb Doxsey 2025-02-13 16:00:03 -07:00
parent 6157363f49
commit f19dd8b371
2 changed files with 102 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

12
authenticate/handlers.go
View file

@ -43,6 +43,16 @@ func (a *Authenticate) Handler() http.Handler {
func (a *Authenticate) Mount(r *mux.Router) {
r.StrictSlash(true)
r.Use(middleware.SetHeaders(httputil.HeadersContentSecurityPolicy))
// disable csrf checking for these endpoints
r.Use(func(h http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
if r.URL.Path == "/.pomerium/verify-access-token" ||
r.URL.Path == "/.pomerium/verify-identity-token" {
r = csrf.UnsafeSkipCheck(r)
}
h.ServeHTTP(w, r)
})
})
r.Use(func(h http.Handler) http.Handler {
options := a.options.Load()
state := a.state.Load()
@ -95,6 +105,8 @@ func (a *Authenticate) mountDashboard(r *mux.Router) {
// routes that don't need a session:
sr.Path("/sign_out").Handler(httputil.HandlerFunc(a.SignOut))
sr.Path("/signed_out").Handler(httputil.HandlerFunc(a.signedOut)).Methods(http.MethodGet)
sr.Path("/verify-access-token").Handler(httputil.HandlerFunc(a.verifyAccessToken)).Methods(http.MethodPost)
sr.Path("/verify-identity-token").Handler(httputil.HandlerFunc(a.verifyIdentityToken)).Methods(http.MethodPost)
// routes that need a session:
sr = sr.NewRoute().Subrouter()