pomerium

mirror of https://github.com/pomerium/pomerium.git synced 2025-04-30 10:56:28 +02:00

Author	SHA1	Message	Date
Joe Kralicky	d588135b3a	very bad demo code	2025-02-18 01:33:15 +00:00
Joe Kralicky	56ce79e662	Prototype device authorization flow (core)	2025-02-11 21:07:22 +00:00
Joe Kralicky	396c35b6b4	New tracing system (#5388 ) * update tracing config definitions * new tracing system * performance improvements * only configure tracing in envoy if it is enabled in pomerium * [tracing] refactor to use custom extension for trace id editing (#5420) refactor to use custom extension for trace id editing * set default tracing sample rate to 1.0 * fix proxy service http middleware * improve some existing auth related traces * test fixes * bump envoyproxy/go-control-plane * code cleanup * test fixes * Fix missing spans for well-known endpoints * import extension apis from pomerium/envoy-custom	2025-01-21 13:26:32 -05:00
Caleb Doxsey	71bcb4f28e	UDP support (#5390 )	2024-12-11 13:07:31 -07:00
Joe Kralicky	177f789e63	change Policy.Matches to accept a URL pointer (#5360 )	2024-11-07 14:55:44 -05:00
Caleb Doxsey	1a5b8b606f	core/lint: upgrade golangci-lint, replace interface{} with any (#5099 ) * core/lint: upgrade golangci-lint, replace interface{} with any * regen proto	2024-05-02 14:33:52 -06:00
Caleb Doxsey	5373e25ac4	core/config: add support for stripping the port for matching routes (#5085 ) * core/config: add support for stripping the port for matching routes * fix test * rename option, improve port detection * add more test cases	2024-04-26 08:24:46 -06:00
Denis Mishin	b6c100d880	validate: fix typo (#4963 )	2024-02-16 15:49:37 -05:00
Kenneth Jenkins	a1388592d8	stub out HPKE public key fetch for self-hosted authenticate (#4360 ) Fetch the HPKE public key only when configured to use the hosted authenticate service. Determine whether we are using the hosted authenticate service by comparing the resolved authenticate domain with a hard-coded list of hosted authenticate domains. Extract this list of hosted authenticate domains to the internal/urlutil package in order to keep a single source of truth for this data.	2023-07-13 10:04:34 -07:00
Caleb Doxsey	facf9ab093	hpke: compress query string (#4147 ) * hpke: compress query string * only use v2 in authenticate if v2 was used for the initial request * fix comment	2023-05-02 14:12:34 -06:00
Denis Mishin	0ab2057714	authenticate: add events (#4051 )	2023-05-01 15:11:30 -04:00
Caleb Doxsey	bbed421cd8	config: remove source, remove deadcode, fix linting issues (#4118 ) * remove source, remove deadcode, fix linting issues * use github action for lint * fix missing envoy	2023-04-21 17:25:11 -06:00
Caleb Doxsey	0f295d4a63	hpke: move published public keys to a new endpoint (#4044 )	2023-03-08 09:17:04 -07:00
Caleb Doxsey	2b8d51def5	urlutil: add version to query string (#4028 )	2023-02-28 14:01:13 -07:00
Caleb Doxsey	76a7ce3a6f	authorize: allow access to /.pomerium/webauthn when policy denies access (#4015 )	2023-02-27 09:49:06 -07:00
Caleb Doxsey	271b0787a8	config: add support for extended TCP route URLs (#3845 ) * config: add support for extended TCP route URLs * nevermind, add duplicate names	2022-12-27 12:50:33 -07:00
Caleb Doxsey	67e12101fa	envoyconfig: clean up filter chain construction (#3844 ) * cleanup filter chain construction * rename domains to server names * rename to hosts * fix tests * update function name * improved domaain matching	2022-12-27 10:07:26 -07:00
Caleb Doxsey	090601873f	urlutil: add time validation functions (#3776 )	2022-12-02 11:42:56 -07:00
Caleb Doxsey	fa26587f19	remove forward auth (#3628 )	2022-11-23 15:59:28 -07:00
dependabot[bot]	ec495bb682	chore(deps): bump github.com/golangci/golangci-lint from 1.48.0 to 1.50.0 (#3667 ) * chore(deps): bump github.com/golangci/golangci-lint Bumps [github.com/golangci/golangci-lint](https://github.com/golangci/golangci-lint) from 1.48.0 to 1.50.0. - [Release notes](https://github.com/golangci/golangci-lint/releases) - [Changelog](https://github.com/golangci/golangci-lint/blob/master/CHANGELOG.md) - [Commits](https://github.com/golangci/golangci-lint/compare/v1.48.0...v1.50.0) --- updated-dependencies: - dependency-name: github.com/golangci/golangci-lint dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * lint Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Caleb Doxsey <cdoxsey@pomerium.com>	2022-10-19 09:36:59 -06:00
Caleb Doxsey	bc078f8bd2	authorize: fix x-forwarded-uri (#3479 ) * authorize: fix x-forwarded-uri * fix raw path	2022-07-14 09:32:48 -06:00
Caleb Doxsey	b4cbecc4fd	Revert "userinfo: embed assets as data URLs for forward auth" (#3474 ) Revert "userinfo: embed assets as data URLs for forward auth (#3460)" This reverts commit `6c573282ee`.	2022-07-12 09:38:53 -06:00
Caleb Doxsey	6c573282ee	userinfo: embed assets as data URLs for forward auth (#3460 )	2022-07-11 08:04:24 -06:00
Caleb Doxsey	69ba511c64	authenticate: fix internal url with webauthn (#3194 )	2022-03-28 06:36:48 -06:00
Caleb Doxsey	f9b95a276b	authenticate: support for per-route client id and client secret (#3030 ) * implement dynamic provider support * authenticate: support per-route client id and secret	2022-02-16 12:31:55 -07:00
Caleb Doxsey	2824faecbf	frontend: react+mui (#3004 ) * mui v5 wip * wip * wip * wip * use compressor for all controlplane endpoints * wip * wip * add deps * fix authenticate URL * fix test * fix test * fix build * maybe fix build * fix integration test * remove image asset test * add yarn.lock	2022-02-07 08:47:58 -07:00
Caleb Doxsey	ace5bbb89a	config: fix policy matching for regular expressions (#2966 ) * config: fix policy matching for regular expressions * compile regex in validate, add test * fix test	2022-01-25 08:48:40 -07:00
Caleb Doxsey	9330f6b0ac	authenticate: add device-enrolled page (#2892 ) * authenticate: add device-enrolled page * remove device credential id from page	2022-01-06 10:01:12 -07:00
Caleb Doxsey	838c9e3a3d	dashboard: improve display of device credentials, allow deletion (#2829 ) * dashboard: improve display of device credentials, allow deletion * fix test	2021-12-20 12:19:54 -07:00
Caleb Doxsey	d390e80b30	authenticate: add databroker versions to session cookie (#2709 ) * authenticate: add databroker versions to session cookie authorize: wait for databroker synchronization on updated sessions * fix test	2021-10-26 14:45:53 -06:00
Caleb Doxsey	1162585471	authenticate: add support for webauthn (#2688 ) * authenticate: add support for webauthn * remove rfc4648 library due to missing LICENSE * fix test * put state function in separate function	2021-10-20 13:18:34 -06:00
Caleb Doxsey	9fa65e069c	github: support provider URL (#2490 )	2021-08-18 09:20:08 -06:00
Caleb Doxsey	8a74fae2e7	urlutil: improve error message for urls with port in path (#2377 )	2021-07-20 11:08:50 -06:00
wasaga	db00821001	auth: do not strip query parameters in forward auth (#2216 )	2021-05-28 17:19:18 -04:00
Caleb Doxsey	a51c7140ea	cryptutil: use bytes for hmac (#2067 )	2021-04-07 14:57:24 -06:00
Travis Groth	c7d243d742	proxy: restrict programmatic URLs to localhost (#2049 ) Co-authored-by: Caleb Doxsey <cdoxsey@pomerium.com>	2021-04-01 10:04:49 -04:00
wasaga	67f6030e1e	upstream endpoints load balancer weights (#1830 )	2021-01-28 09:11:14 -05:00
Caleb Doxsey	ab4a68f56f	remove user impersonation and service account cli (#1768 ) * remove user impersonation and service account cli * update doc * remove user impersonation url query params * fix flaky test	2021-01-12 09:28:29 -07:00
bobby	f837c92741	dev: update linter (#1728 ) - gofumpt everything - fix TLS MinVersion to be at least 1.2 - add octal syntax - remove newlines - fix potential decompression bomb in ecjson - remove implicit memory aliasing in for loops. Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>	2020-12-30 09:02:57 -08:00
Caleb Doxsey	ad828c6e84	add support for TCP routes (#1695 )	2020-12-16 13:09:48 -07:00
bobby	f719d885b7	authenticate: remove unused paths, generate cipher at startup, remove qp store (#1495 ) * authenticate: remove unused paths, generate cipher on boot - internal/httputil: add JSON renderer - internal/httputil: remove unused query param store and references Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>	2020-10-19 08:09:53 -07:00
bobby	9b39deabd8	forward-auth: use envoy's ext_authz check (#1482 ) Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>	2020-10-04 20:01:06 -07:00
Cuong Manh Le	ffaceadfdd	internal/urlutil: remove un-used constants (#1326 )	2020-08-25 02:07:56 +07:00
bobby	c1b3b45d12	proxy: remove unused handlers (#1317 ) proxy: remove unused handlers authenticate: remove unused references to refresh_token Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>	2020-08-22 10:02:12 -07:00
Cuong Manh Le	4f0d6bee68	internal/urlutil: add tests for GetDomainsForURL (#1183 ) Updates #959	2020-08-01 09:59:40 -07:00
Cuong Manh Le	f7ebf54305	authorize: strip port from host header if necessary (#1175 ) After #1153, envoy can handle routes for `example.com` and `example.com:443`. Authorize service should be updated to handle this case, too. Fixes #959	2020-07-31 21:41:58 +07:00
Caleb Doxsey	fae02791f5	cryptutil: move to pkg dir, add token generator (#1029 ) * cryptutil: move to pkg dir, add token generator * add gitignored files * add tests	2020-06-30 15:55:33 -06:00
Bobby DeSimone	666fd6aa35	authenticate: save oauth2 tokens to cache (#698 ) Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>	2020-05-18 17:10:10 -04:00
Caleb Doxsey	af649d3eb0	envoy: implement header and query param session loading (#684 ) * authorize: refactor session loading, implement headers and query params * authorize: fix http recorder header, use constant for pomerium authorization header * fix compile * remove dead code	2020-05-18 17:10:10 -04:00
Bobby DeSimone	ba14ea246d	*: remove import path comments (#545 ) - import path comments are obsoleted by the go.mod file's module statement Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>	2020-03-16 10:13:47 -07:00

1 2

62 commits