3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-05-04 12:56:02 +02:00
Code Issues Projects Releases Packages Wiki Activity
3669 commits 159 branches 125 tags 104 MiB
Commit graph

439 commits

Author SHA1 Message Date
Caleb Doxsey
baf964f44a
config: update logic for checking overlapping certificates (#4216) 
* config: update logic for checking overlapping certificates

* add test

* go mod tidy
 2023-06-01 09:30:46 -06:00
Caleb Doxsey
d315e68335
Merge pull request from GHSA-pvrc-wvj2-f59p 
* authorize: use route id from envoy for policy evaluation

* authorize: normalize URL query params

* config: enable envoy normalize_path option

* fix tests

---------

Co-authored-by: Kenneth Jenkins <51246568+kenjenkins@users.noreply.github.com>
 2023-05-26 13:34:21 -07:00
Caleb Doxsey
10662d7034
databroker: fix fast forward (#4192) 
* databroker: sort configs

* databroker: fix fast-forward

* newest not oldest
 2023-05-23 15:30:27 -06:00
Kenneth Jenkins
79beb86924
fix lint warning in pkg/envoy (#4181) 
Rename unused 'ctx' parameter to '_'.
 2023-05-16 13:58:00 -07:00
Caleb Doxsey
be0104b842
config: add cookie_same_site option (#4148) 2023-05-03 14:36:42 -06:00
Caleb Doxsey
facf9ab093
hpke: compress query string (#4147) 
* hpke: compress query string

* only use v2 in authenticate if v2 was used for the initial request

* fix comment
 2023-05-02 14:12:34 -06:00
Caleb Doxsey
bbed421cd8
config: remove source, remove deadcode, fix linting issues (#4118) 
* remove source, remove deadcode, fix linting issues

* use github action for lint

* fix missing envoy
 2023-04-21 17:25:11 -06:00
Caleb Doxsey
f63945c0ad
support loading route configuration via rds (#4098) 
* support loading route configuration via rds

* fix any shadowing

* fix test

* add fully static option

* support dynamically defined rds

* fix build

* downgrade opa
 2023-04-17 11:20:12 -06:00
Denis Mishin
ccf15f8f3d
move hpke public key handler out of internal (#4065) 2023-03-20 10:37:00 -04:00
Caleb Doxsey
0f295d4a63
hpke: move published public keys to a new endpoint (#4044) 2023-03-08 09:17:04 -07:00
dependabot[bot]
bc0aa564ff
chore(deps): bump github.com/golangci/golangci-lint from 1.50.1 to 1.51.2 (#4020) 
* chore(deps): bump github.com/golangci/golangci-lint

Bumps [github.com/golangci/golangci-lint](https://github.com/golangci/golangci-lint) from 1.50.1 to 1.51.2.
- [Release notes](https://github.com/golangci/golangci-lint/releases)
- [Changelog](https://github.com/golangci/golangci-lint/blob/master/CHANGELOG.md)
- [Commits](https://github.com/golangci/golangci-lint/compare/v1.50.1...v1.51.2)

---
updated-dependencies:
- dependency-name: github.com/golangci/golangci-lint
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* fix lint

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Caleb Doxsey <cdoxsey@pomerium.com>
 2023-02-27 10:37:46 -07:00
Caleb Doxsey
76a7ce3a6f
authorize: allow access to /.pomerium/webauthn when policy denies access (#4015) 2023-02-27 09:49:06 -07:00
Caleb Doxsey
d2b732243a
cryptutil: generate certificates from deriveca (#3992) 2023-02-23 08:38:56 -07:00
Caleb Doxsey
b13afc7b0c
derivecert: fix ecdsa code to be deterministic (#3989) 
* derivecert: fix ecdsa code to be deterministic

* lint
 2023-02-17 16:57:15 -07:00
Caleb Doxsey
b5094654fc
webauthn: only return known device credentials that match the given type (#3981) 2023-02-16 14:57:03 -07:00
Caleb Doxsey
7895bf431f
databroker: add list types method (#3937) 
* databroker: add list types method

* fix test

* Update pkg/storage/redis/redis.go

Co-authored-by: Denis Mishin <dmishin@pomerium.com>

---------

Co-authored-by: Denis Mishin <dmishin@pomerium.com>
 2023-02-03 13:16:28 -07:00
Caleb Doxsey
1e6a483ce9
config: add missing options (#3882) 
* config: add missing options

* remove _file options from protobuf

* fix

* lint
 2023-01-12 10:55:12 -07:00
Caleb Doxsey
92b50683ff
postgres: return unknown records instead of skipping them (#3876) 2023-01-09 15:10:52 -07:00
Caleb Doxsey
3f1a87727f
config: generate derived certificates instead of self-signed certificates (#3860) 2023-01-06 12:50:40 -07:00
Denis Mishin
488bcd6f72
auto tls (#3856) 2023-01-05 16:35:58 -05:00
Caleb Doxsey
67e12101fa
envoyconfig: clean up filter chain construction (#3844) 
* cleanup filter chain construction

* rename domains to server names

* rename to hosts

* fix tests

* update function name

* improved domaain matching
 2022-12-27 10:07:26 -07:00
Denis Mishin
a49f86d023
use tlsClientConfig instead of custom dialer (#3830) 
* use tlsClientConfig instead of custom dialer

* rm debug log
 2022-12-27 09:55:36 -07:00
Caleb Doxsey
3e892a8533
options: support multiple signing keys (#3828) 
* options: support multiple signing keys

* fix controlplane method, errors
 2022-12-22 09:31:09 -07:00
Caleb Doxsey
c048af7523
postgres: upgrade to pgx v5 (#3826) 2022-12-19 12:47:35 -07:00
Caleb Doxsey
c86ca6f76f
webauthn: require session when accessing /.pomerium/webauthn (#3814) 
* webauthn: require session when accessing /.pomerium/webauthn

* remove dead code

* remove unusued PomeriumDomains field
 2022-12-16 10:59:21 -07:00
Denis Mishin
44a5c1b2fb
derive CA from pre-shared key (#3815) 2022-12-16 12:56:26 -05:00
Caleb Doxsey
b375dc4896
jwt: require logged in user to return .pomerium/jwt (#3807) 
* jwt: require logged in user to return .pomerium/jwt

* fix test

* update test
 2022-12-13 13:49:36 -07:00
Denis Mishin
ce1b8701da
events: remove xds configuraton update (#3792) 2022-12-06 14:46:45 -05:00
Caleb Doxsey
57217af7dd
authenticate: implement hpke-based login flow (#3779) 
* urlutil: add time validation functions

* authenticate: implement hpke-based login flow

* fix import cycle

* fix tests

* log error

* fix callback url

* add idp param

* fix test

* fix test
 2022-12-05 15:31:07 -07:00
Caleb Doxsey
472370eded
identity: add identity profile (#3777) 2022-12-02 09:40:52 -07:00
Caleb Doxsey
1848a9737f
upgrade to golang-lru v2 (#3771) 2022-12-02 09:25:52 -07:00
Caleb Doxsey
cef6b355ae
config: add option for tls renegotiation (#3773) 
config: add option for tls renogotiation
 2022-11-28 14:34:06 -07:00
Denis Mishin
1d252f43ee
storage: ignore removed fields when deserializing the data (#3768) 
ignore removed fields when deserializing the data
 2022-11-28 09:31:57 -07:00
Caleb Doxsey
fa26587f19
remove forward auth (#3628) 2022-11-23 15:59:28 -07:00
Caleb Doxsey
ba07afc245
hpke: add HPKE key to JWKS endpoint (#3762) 
* hpke: add HPKE key to JWKS endpoint

* fix test, add http caching headers

* fix error message

* use pointers
 2022-11-23 08:45:59 -07:00
Caleb Doxsey
9e5eaa92c2
hpke: add hpke package (#3761) 
* hpke: add hpke package

* Update pkg/hpke/url.go

Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>

* Update pkg/hpke/url.go

Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>

* Update pkg/hpke/url.go

Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>

* gofmt

Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>
 2022-11-22 10:39:41 -07:00
Caleb Doxsey
c1a522cd82
proxy: add userinfo and webauthn endpoints (#3755) 
* proxy: add userinfo and webauthn endpoints

* use TLD for RP id

* use EffectiveTLDPlusOne

* upgrade webauthn

* fix test

* Update internal/handlers/jwks.go

Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>

Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>
 2022-11-22 10:26:35 -07:00
Caleb Doxsey
9413123c0f
config: generate cookie secret if not set in all-in-one mode (#3742) 
* config: generate cookie secret if not set in all-in-one mode

* fix tests

* config: add warning about cookie_secret

* breakup lines
 2022-11-11 14:14:30 -07:00
Caleb Doxsey
2c9087f5e7
config: disable Strict-Transport-Security when using a self-signed certificate (#3743) 2022-11-10 16:01:06 -07:00
Caleb Doxsey
2b319822a4
authenticate: update user info dashboard to show group info for enterprise (#3736) 
* authenticate: update user info dashboard to show group info for enterprise

* Update ui/src/components/GroupDetails.tsx

Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>

Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>
 2022-11-09 07:44:35 -07:00
Caleb Doxsey
c178819875
move directory providers (#3633) 
* remove directory providers and support for groups

* idp: remove directory providers

* better error messages

* fix errors

* restore postgres

* fix test
 2022-11-03 11:33:56 -06:00
Caleb Doxsey
3f9dfbef76
device: add generic methods for working with user+session devices (#3710) 2022-10-28 08:41:12 -06:00
Caleb Doxsey
1b596115e9
postgres: increase record batch size (#3708) 2022-10-26 07:40:13 -06:00
dependabot[bot]
ec495bb682
chore(deps): bump github.com/golangci/golangci-lint from 1.48.0 to 1.50.0 (#3667) 
* chore(deps): bump github.com/golangci/golangci-lint

Bumps [github.com/golangci/golangci-lint](https://github.com/golangci/golangci-lint) from 1.48.0 to 1.50.0.
- [Release notes](https://github.com/golangci/golangci-lint/releases)
- [Changelog](https://github.com/golangci/golangci-lint/blob/master/CHANGELOG.md)
- [Commits](https://github.com/golangci/golangci-lint/compare/v1.48.0...v1.50.0)

---
updated-dependencies:
- dependency-name: github.com/golangci/golangci-lint
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* lint

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Caleb Doxsey <cdoxsey@pomerium.com>
 2022-10-19 09:36:59 -06:00
Denis Mishin
2917f07dac
bump protoc to 3.21.7 (#3646) 2022-10-03 13:01:42 -04:00
Caleb Doxsey
de804edc19
ppl: support special characters in claim keys (#3639) 
* ppl: support special characters in claim keys

* fix test
 2022-10-03 07:35:18 -06:00
Caleb Doxsey
3b2cc6720a
postgres: return an empty list of addresses on dns errors (#3637) 2022-09-30 12:00:40 -06:00
Caleb Doxsey
3fec00f2a8
postgres: handle unknown types (#3632) 2022-09-28 09:41:29 -06:00
Caleb Doxsey
33794ff316
envoyconfig: add virtual host domains for certificates in addition to routes (#3593) 
* envoyconfig: add virtual host domains for certificates in addition to routes

* Update pkg/cryptutil/certificates.go

Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>

* Update pkg/cryptutil/tls.go

Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>

* comments

Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>
 2022-08-31 10:35:45 -06:00
Caleb Doxsey
23c42da8ec
postgres: remove not null constraint on data column of record changes table (#3594) 2022-08-31 10:16:19 -06:00