3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-05-01 03:16:31 +02:00
Code Issues Projects Releases Packages Wiki Activity
3669 commits 158 branches 125 tags 103 MiB
Commit graph

3669 commits

This branch
This branch
All branches
Author SHA1 Message Date
Bobby DeSimone
7c755d833f
authenticate: encrypt & mac oauth2 callback state 
- cryptutil: add hmac & tests
- cryptutil: rename cipher / encoders to be more clear
- cryptutil: simplify SecureEncoder interface
- cryptutil: renamed NewCipherFromBase64 to NewAEADCipherFromBase64
- cryptutil: move key & random generators to helpers

Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2019-09-23 19:15:52 -07:00
Bobby DeSimone
3a806c6dfc
Merge pull request #320 from desimone/bugs/middleware-healthcheck-other-methods 
middleware: health-check return 405 for non-get
 2019-09-20 08:45:42 -07:00
Bobby DeSimone
5842f3033a
middleware: health-check respond to all methods 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2019-09-19 16:05:07 -07:00
Stuart Howlette
490d131070 docs: add AWS Cognito identity provider instructions (#314) 
* Added AWS Cognito instructions for working with Pomerium
* pngcrushed the images, and added cognito to vuepress identity providers config
 2019-09-19 08:36:05 -07:00
Bobby DeSimone
cd6311773f
Merge pull request #311 from desimone/bug/308 
cmd/pomerium: add host to main logging handler
 2019-09-18 19:55:00 -07:00
Bobby DeSimone
cfeb5e1ef9
Merge pull request #310 from desimone/bug/262 
proxy: handle double slash in paths
 2019-09-18 19:54:38 -07:00
Bobby DeSimone
c315b62df4
Merge pull request #304 from desimone/bug/fix-group-impersonation 
proxy: fix group impersonation bug
 2019-09-18 19:54:17 -07:00
Travis Groth
d5ac4a676a
Add production configuration docs (#309) 2019-09-18 21:12:31 -04:00
Bobby DeSimone
da66784e6a
Merge pull request #317 from desimone/bugs/remove-csrf-from-proxy-route 
proxy: remove accidental csrf checks from proxied routes
 2019-09-18 14:28:44 -07:00
Bobby DeSimone
664fb8b0ea
proxy: remove csrf checks from proxied routes 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2019-09-18 12:47:30 -07:00
Bobby DeSimone
923dca3fe1
Merge pull request #315 from desimone/bugs/add-redirects 
docs: fix existing links
 2019-09-17 09:16:04 -07:00
Bobby DeSimone
4d05ca635e
docs: fix existing links 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2019-09-17 09:07:25 -07:00
Bobby DeSimone
21e215ccea
proxy: handle double slash in paths 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2019-09-16 20:34:04 -07:00
Bobby DeSimone
d9b18f77b7
update changelog 2019-09-16 20:24:30 -07:00
Bobby DeSimone
78b98e2746
cmd/pomerium: add host to main logging handler 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2019-09-16 20:22:59 -07:00
Bobby DeSimone
decf661eb0
proxy: fix group impersonation bug 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2019-09-16 19:23:55 -07:00
Bobby DeSimone
b373634012
Merge pull request #300 from desimone/feature/refactor-serve-mux 
all: refactor handler logic
 2019-09-16 18:58:59 -07:00
Bobby DeSimone
dc12947241
all: refactor handler logic 
- all: prefer `FormValues` to `ParseForm` with subsequent `Form.Get`s
- all: refactor authentication stack to be checked by middleware, and accessible via request context.
- all: replace http.ServeMux with gorilla/mux’s router
- all: replace custom CSRF checks with gorilla/csrf middleware
- authenticate: extract callback path as constant.
- internal/config: implement stringer interface for policy
- internal/cryptutil: add helper func `NewBase64Key`
- internal/cryptutil: rename `GenerateKey` to `NewKey`
- internal/cryptutil: rename `GenerateRandomString` to `NewRandomStringN`
- internal/middleware: removed alice in favor of gorilla/mux
- internal/sessions: remove unused `ValidateRedirectURI` and `ValidateClientSecret`
- internal/sessions: replace custom CSRF with gorilla/csrf fork that supports custom handler protection
- internal/urlutil: add `SignedRedirectURL` to create hmac'd URLs
- internal/urlutil: add `ValidateURL` helper to parse URL options
- internal/urlutil: add `GetAbsoluteURL` which takes a request and returns its absolute URL.
- proxy: remove holdover state verification checks; we no longer are setting sessions in any proxy routes so we don’t need them.
- proxy: replace un-named http.ServeMux with named domain routes.

Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2019-09-16 18:01:14 -07:00
Bobby DeSimone
a793249386
Merge pull request #301 from desimone/docs/fix-example-url-references 
docs: fix example configuration urls
 2019-09-14 09:42:32 -07:00
Bobby DeSimone
014d1e6e2b
Merge pull request #302 from desimone/bugs/staple-golangci-version 
deployment: staple linter versions
 2019-09-12 16:16:57 -07:00
Bobby DeSimone
b3a1a9a8b8
deployment: staple linter version 2019-09-12 16:02:16 -07:00
Bobby DeSimone
37b0897274
docs: fix example configuration urls 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2019-09-12 13:58:09 -07:00
Bobby DeSimone
1a46cd73ef
Merge pull request #297 from yegle/tls_server_name 
Add `tls_server_name` option to policy file.
 2019-09-07 09:10:55 -07:00
Yuchen Ying
27a3870373 Add tls_server_name option to policy file. 2019-09-07 04:09:49 +00:00
Bobby DeSimone
658e80f2af
Merge pull request #290 from desimone/feature/make-authn-http-only 
authenticate: make service http only
 2019-09-04 17:25:03 -07:00
Bobby DeSimone
380d314404
authenticate: make service http only 
- Rename SessionState to State to avoid stutter.
- Simplified option validation to use a wrapper function for base64 secrets.
- Removed authenticates grpc code.
- Abstracted logic to load and validate a user's authenticate session.
- Removed instances of url.Parse in favor of urlutil's version.
- proxy: replaces grpc refresh logic with forced deadline advancement.
- internal/sessions: remove rest store; parse authorize header as part of session store.
- proxy: refactor request signer
- sessions: remove extend deadline (fixes #294)
- remove AuthenticateInternalAddr
- remove AuthenticateInternalAddrString
- omit type tag.Key from declaration of vars TagKey* it will be inferred
  from the right-hand side
- remove compatibility package xerrors
- use cloned http.DefaultTransport as base transport
 2019-09-04 16:27:08 -07:00
Bobby DeSimone
bc72d08ad4
Merge pull request #292 from desimone/release/v0-3-0 
release: v0.3.0
 2019-09-01 10:59:21 -07:00
Bobby DeSimone
f8017b45b7
release: v0.3.0 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2019-09-01 10:29:26 -07:00
Felipe Zipitría
b945b415ed Remove duplicated text (#287) 
Fix typo in readme.
 2019-08-31 16:54:23 -07:00
Travis Groth
b9784fa3ff
Fix image build conditions (#293) 2019-08-31 12:06:14 -04:00
Travis Groth
e25b65d4b8
Move docker image builds to Travis CI (#288) 
- Faster
- Multi-Arch works correctly with Docker CI 19.03
 2019-08-31 09:29:05 -04:00
Travis Groth
247cf4781d
Disable serviceconfig (#289) 2019-08-29 19:44:31 -04:00
Bobby DeSimone
0e44aa64b5
Merge pull request #286 from pragkent/fix-strip-pomerium-cookie 
Fix pomerium cookie stripping
 2019-08-29 09:19:08 -07:00
Kent Wang
7723b8db6c Fix StripPomeriumCookie 2019-08-28 19:56:09 +08:00
Travis Groth
bdfe678635
- Switch to alpine image for ARM (#284) 
- Add Docker Hub hooks to set up build environment
- Include qemu-static binaries for AMD64 compatibility
 2019-08-28 07:33:51 -04:00
Travis Groth
2d2f314a7b
Make auth flow diagram fonts consistent (#278) 2019-08-24 15:16:02 -04:00
Bobby DeSimone
f0aaef3ef3
Merge pull request #272 from desimone/feature/improve-error-handling 
httputil: standardize http error handling
 2019-08-24 09:26:04 -07:00
Bobby DeSimone
6e6ab3baa0
httputil: use http error wrapper 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2019-08-24 09:15:07 -07:00
Bobby DeSimone
98762ab48e
Merge pull request #276 from desimone/dev/add-code-climate 
dev: add code climate
 2019-08-24 09:13:29 -07:00
Bobby DeSimone
013a0c3680
dev: add code climate 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2019-08-22 17:52:13 -07:00
Travis Groth
d26f935cbb
Add authenticatoin flow diagram (#275) 2019-08-22 18:30:49 -04:00
Bobby DeSimone
e3d78932d2
Merge pull request #271 from desimone/docs/enable-algolia 
docs: use algolia for search
 2019-08-21 16:26:41 -07:00
Bobby DeSimone
7d1c8ecc55
docs: enable algolia 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2019-08-20 09:35:01 -07:00
Bobby DeSimone
d7ecd76653
Merge pull request #270 from desimone/docs/263 
docs: update kubernetes example
 2019-08-20 08:51:20 -07:00
Bobby DeSimone
32f280f8f9
docs: update kubernetes example 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2019-08-20 08:46:18 -07:00
Travis Groth
66ce8ed8f2
Update architecture diagrams (#269) 2019-08-15 22:31:49 -04:00
Bobby DeSimone
e3581ebf93
Merge pull request #266 from desimone/feature/remove-named-ports 
config: remove references to named ports
 2019-08-15 09:40:56 -07:00
Bobby DeSimone
1bfb64ed31
config: remove references to named ports 
- Go 1.12.8 changed the way url parse handles service named ports.

Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2019-08-15 09:06:53 -07:00
Travis Groth
b3fa7023f6
Fix dockerhub tests (#267) 
* Remove race condition in tests
 2019-08-15 06:28:57 -04:00
Bobby DeSimone
7d41431e3b
Merge pull request #265 from desimone/docs/add-community-details 
docs: add mailing list and twitter
 2019-08-14 15:22:15 -07:00