3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-04-30 10:56:28 +02:00
Code Issues Projects Releases Packages Wiki Activity
3669 commits 157 branches 125 tags 103 MiB
Commit graph

3669 commits

This branch
This branch
All branches
Author SHA1 Message Date
Bobby DeSimone
2dc88d44ee
Merge pull request #124 from desimone/docs/update-helm-and-aws-script 
deployment: remove helm from main repo
 2019-05-26 14:59:32 -07:00
Bobby DeSimone
66b4c2d3cd
authenticate/proxy: add user impersonation, refresh, dashboard (#123) 
proxy: Add user dashboard. [GH-123]
proxy/authenticate: Add manual refresh of their session. [GH-73]
authorize: Add administrator (super user) account support. [GH-110]
internal/policy: Allow administrators to impersonate other users. [GH-110]
 2019-05-26 12:33:00 -07:00
Travis Groth
af254882e6 Fix some missing coverage 2019-05-26 07:56:52 -04:00
Bobby DeSimone
3ee23e3308
docs: add upgrade guide 2019-05-25 14:08:12 -07:00
Bobby DeSimone
dc2eb9668c
Merge pull request #130 from travisgroth/feature/viper-config 
deployment: switch to viper for config
 2019-05-25 13:44:57 -07:00
Travis Groth
febf9464a4 Switch options parsing to viper 2019-05-25 15:06:32 -04:00
Bobby DeSimone
702cc30b77
Merge pull request #134 from nareddyt/unauthenticated-routes 
proxy: support for public unauthenticated routes
 2019-05-22 20:29:39 -07:00
Tejasvi Nareddy
c5d2e40435 (proxy, internal\policy, docs\reference): define new access control option to bypass authentication 2019-05-22 23:12:30 -04:00
Bobby DeSimone
c53c07c274
Merge pull request #133 from nareddyt/bug-route-config-addresses 
proxy: fix bug with incorrect addressing causing invalid route configs
 2019-05-21 16:30:21 -07:00
Tejasvi Nareddy
9992eebcac proxy: fix bug with incorrect addressing causing invalid route configs 2019-05-21 17:08:03 -04:00
Bobby DeSimone
409f44a9be
Merge pull request #131 from desimone/feature/share-session-state 
internal/sessions: make user state domain scoped
 2019-05-20 20:51:03 -07:00
Bobby DeSimone
3eff6cce13
internal/sessions: make user state domain scoped 
internal/sessions: session state is domain scoped
internal/sessions: infer csrf cookie, route scoped
proxy & authenticate: use shared cookie name
proxy & authenticate: prevent resaving unchanged session
proxy & authenticate: redirect instead of error for no session on login
internal/config: merge cookies
proxy: remove favicon specific route
proxy: use mock server for tests
proxy: add tests for failures
 2019-05-20 20:44:05 -07:00
Bobby DeSimone
2eb2eb0620
Merge pull request #127 from deltabweb/master 
deployment: add arm64v8 dockerfile
 2019-05-19 20:07:26 -07:00
deltabweb
d1042d8c8b
Create Dockerfile for arm64 - Fixes #125 2019-05-20 14:16:47 +12:00
Bobby DeSimone
382f9de876
Merge pull request #126 from benny-gold/master 
authenticate: add more verbose errors to authenticate handler
 2019-05-19 11:31:27 -07:00
Ben Gould
07bb698bb9 more verbose errors on invalid uri parameter 2019-05-19 19:22:13 +01:00
Bobby DeSimone
af2c41a238
internal/config: centralize options handling 2019-05-18 12:44:32 -07:00
Travis Groth
ebb6df6c3f Refactor to central options struct and parsing 2019-05-18 08:17:36 -04:00
Bobby DeSimone
950f720660
docs: add amazon helm script to examples 2019-05-16 21:44:33 -07:00
Bobby DeSimone
562317dbf6
deployment: remove helm from main repo 
- docs: add helm deployment script for aws
 2019-05-16 21:35:02 -07:00
Bobby DeSimone
5970d6c766
Merge pull request #121 from banzaicloud/dockerfile-golint 
docker: add missing golint command
 2019-05-15 12:57:40 -07:00
Nandor Kracser
8b86454cb5 docker: add missing golint command 2019-05-15 13:29:16 +02:00
Bobby DeSimone
27d4683662
authenticate: add CSP headers to this service only (#120) 2019-05-14 22:29:24 -07:00
Bobby DeSimone
cfac5f10ff
cmd/pomerium: move middleware for all http handlers to global context (#117) 2019-05-14 13:23:25 -07:00
Bobby DeSimone
04a653f694
docs: fix typos and reorganize 2019-05-09 23:16:26 -07:00
Bobby DeSimone
5448e3599a
cmd/pomerium : refactor main to more testable (#112) 
- cmd/pomerium: refactor global timeouts to be configurable
- cmd/pomerium: add tests
- cmd/pomerium: remove debug flag, set with env vars only
- cmd/pomerium: global ping now returns version not OK
- proxy: validate shared secret encoding and length
- docs: add timeout to example policy
- docs: document timeouts and cors
- docs: update pomerium logo
- docs: add policy authorization docs
 2019-05-09 23:10:19 -07:00
Bobby DeSimone
5e37c29dfe
proxy: make http headers configurable (#108) 
- http headers can be disabled via an env config
- http headers can be configured by k/v map env config
- pomerium/envconfig updated to use original syntax v1.5.0
- go.mod / go.sum patches updated
 2019-05-07 12:05:25 -07:00
Bobby DeSimone
0086fa05f8
docs: fix typos in reference 2019-05-03 20:54:21 -07:00
Bobby DeSimone
25d76cd5c0
proxy: make http redirect server configurable (#105) 2019-05-03 20:48:26 -07:00
Bobby DeSimone
286aad3b92
internal/httputil: add strip port function (#106) 2019-05-03 20:21:38 -07:00
Bobby DeSimone
d235f8ebf2
deployment: just make non amd builds 2019-05-03 13:13:00 -07:00
Bobby DeSimone
bad57938ac
Merge pull request #86 from nitper/cors 
add cors_allow_preflight option to a route's policy
 2019-05-03 12:30:55 -07:00
Bobby DeSimone
7d2af213cc
deployment: add images for arm (#102) 2019-05-03 12:28:29 -07:00
nitper
45bb2e0a4d
add cors_allow_preflight option to route policy 2019-05-03 15:16:46 -04:00
Bobby DeSimone
c18f7d89ae
deployment: use distroless builds (#101) 
Replaces the current alpine based Dockerfile with distroless. Improvements include:

- Minimal surface area, ideal for static builds like pomerium.
- Includes `ca-certificates`
- Includes`nsswitch`

Closes #97 .
 2019-05-02 19:02:46 -07:00
Bobby DeSimone
1a3add8fbc
bug: version should be processed before other flags (#99) 2019-05-01 12:52:57 -07:00
Bobby DeSimone
4bdb9173ff
version++ 2019-04-30 21:22:48 -07:00
Bobby DeSimone
1d8eb12d7a
changelog++ 2019-04-30 21:20:48 -07:00
Bobby DeSimone
ce7a8b1f2d
docs: add certificate section (#96) 
Closes #88
 2019-04-27 20:21:43 -07:00
Bobby DeSimone
857b9e5773
cmd/pomerium: redirect http and add hsts headers (#92) 2019-04-24 13:29:11 -07:00
Bobby DeSimone
fbe1cae482
proxy: remove unused setting AuthorizeInternalAddr (#93) 
- Added unit tests for policy validation.
- Removed extraneous policy validation for URLs.
- Add dependency caching to dockerfile.
 2019-04-24 13:28:29 -07:00
Bobby DeSimone
96f4b8bd61
docs: add sitemap 2019-04-14 17:59:31 -07:00
Bobby DeSimone
603e6a17b9
authenticate: infer settings from authenticate url (#83) 2019-04-10 12:16:00 -07:00
Bobby DeSimone
06da599fbc
internal/identity: replace legacy approval_prompt=force with prompt=consent(#82) 
Fixes a bug where caused by setting both prompt=consent and approval_prompt=force.
 2019-04-08 17:32:40 -07:00
Bobby DeSimone
20b3950811
internal/identity: explicitly request a refresh_token from google on authorization 
Google only provide refresh_token on the first authorization from the user. If user clears cookies, re-authorization will not bring back refresh_token. A work around to this is to add prompt=consent to the OAuth redirect URL and will always return a refresh_token.

Fixes Issue #80
 2019-04-08 13:21:57 -07:00
Lian Duan
f54bf3f291
Force requesting refresh_token from Google 
Google only provide refresh_token on the first authorization from the user. If user clears cookies, re-authorization will not bring back refresh_token. A work around to this is to add prompt=consent to the OAuth redirect URL and will always return a refresh_token.
 2019-04-08 16:07:51 +02:00
Bobby DeSimone
7bf257f6e9
docs: add synology tutorial (#79) 2019-04-06 23:35:20 -07:00
Bobby DeSimone
41c42f590f
v0.0.3 2019-03-29 16:13:15 -07:00
Bobby DeSimone
0b0010e6ce
docs: changelog++ v0.0.3 (#76) 2019-03-29 16:09:46 -07:00
Bobby DeSimone
8ead5b2a7e
docs: update helm_gke script and docs 2019-03-29 11:41:37 -07:00