3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-04-28 09:56:31 +02:00
Code Issues Projects Releases Packages Wiki Activity
3735 commits 159 branches 125 tags 103 MiB
Commit graph

243 commits

Author SHA1 Message Date
Denis Mishin
db221cb826
mcp: storage scaffolding (#5581) 2025-04-23 13:39:27 -04:00
Denis Mishin
f1a9401ddc
mcp: scaffolding of /.pomerium/mcp routes (#5580) 2025-04-23 12:36:31 -04:00
Kenneth Jenkins
c848c225e8
multi-domain login redirects (#5564) 
Add a new 'depends_on' route configuration option taking a list of 
additional hosts to redirect through on login. Update the authorize 
service and proxy service to support a chain of /.pomerium/callback
redirects. Add an integration test for this feature.
 2025-04-04 13:14:30 -07:00
Caleb Doxsey
38ca6d52b9
only support loading idp tokens via bearer tokens (#5545) 2025-03-26 09:47:40 -06:00
Joe Kralicky
a96ab2fe93
move internal/telemetry/trace => pkg/telemetry/trace (#5541) 2025-03-25 10:43:04 -04:00
Caleb Doxsey
bc263e3ee5
proxy: use querier cache for user info (#5532) 2025-03-20 09:50:22 -06:00
Caleb Doxsey
fb06cd3c73
proxy: add short timeout for logo discovery (#5506) 2025-02-28 09:59:03 -07:00
Caleb Doxsey
7896ccda5c
support loading idp token sessions in the proxy service (#5488) 2025-02-24 11:09:51 -07:00
Caleb Doxsey
6e22b7a19a
proxy: fix connect command in routes portal (#5475) 2025-02-13 11:44:18 -07:00
Caleb Doxsey
dc9a6bdb81
replace xxhash with xxh3 (#5457) 
* update config file paths hash

* update filemgr

* use xxh3 for hashutil.Hash

* update hashutil digest, fix trace buffer test

* update comments

* update namegen, go mod tidy
 2025-01-31 08:44:08 -07:00
Caleb Doxsey
3e90f1e244
proxy: well known service icons (#5453) 
* proxy: add logo discovery

* use a static url for testing

* well known service icons

* better fitting avatars
 2025-01-30 08:52:59 -07:00
Caleb Doxsey
3c5c7fbd31
proxy: add logo discovery (#5448) 
* proxy: add logo discovery

* use a static url for testing
 2025-01-29 12:57:26 -07:00
Caleb Doxsey
97ba21b95a
proxy: add routes HTML page (#5443) 
* proxy: add route portal json

* fix 405 issue

* proxy: add routes HTML page
 2025-01-27 12:13:55 -07:00
Caleb Doxsey
e816cef2a1
proxy: add route portal json (#5428) 
* proxy: add route portal json

* fix 405 issue

* add link to issue

* Update proxy/portal/filter_test.go

Co-authored-by: Kenneth Jenkins <51246568+kenjenkins@users.noreply.github.com>

---------

Co-authored-by: Kenneth Jenkins <51246568+kenjenkins@users.noreply.github.com>
 2025-01-22 13:45:20 -07:00
Joe Kralicky
396c35b6b4
New tracing system (#5388) 
* update tracing config definitions

* new tracing system

* performance improvements

* only configure tracing in envoy if it is enabled in pomerium

* [tracing] refactor to use custom extension for trace id editing (#5420)

refactor to use custom extension for trace id editing

* set default tracing sample rate to 1.0

* fix proxy service http middleware

* improve some existing auth related traces

* test fixes

* bump envoyproxy/go-control-plane

* code cleanup

* test fixes

* Fix missing spans for well-known endpoints

* import extension apis from pomerium/envoy-custom
 2025-01-21 13:26:32 -05:00
Joe Kralicky
fe31799eb5
Fix many instances of contexts and loggers not being propagated (#5340) 
This also replaces instances where we manually write "return ctx.Err()"
with "return context.Cause(ctx)" which is functionally identical, but
will also correctly propagate cause errors if present.
 2024-10-25 14:50:56 -04:00
Caleb Doxsey
d2c14cd6d2
logging: remove ctx from global log methods (#5337) 
* log: remove warn

* log: update debug

* log: update info

* remove level, log

* remove contextLogger function
 2024-10-23 14:18:52 -06:00
Caleb Doxsey
9d6b656fbe
core/proxy: fix is-enterprise check (#5295) 2024-09-19 13:10:45 -06:00
Caleb Doxsey
52d4899d4c
core/proxy: support loading sessions from headers and query string (#5291) 
* core/proxy: support loading sessions from headers and query string

* update test
 2024-09-19 09:23:13 -06:00
Caleb Doxsey
dad954ae16
core/logging: change log.Error function (#5251) 
* core/logging: change log.Error function

* use request id
 2024-09-05 15:42:46 -06:00
Kenneth Jenkins
014824b525
proxy: deprecate the /.pomerium/jwt endpoint (#5254) 
Disable the /.pomerium/jwt endpoint by default. Add a runtime flag to
temporarily opt out of the deprecation.
 2024-09-04 11:22:18 -07:00
Caleb Doxsey
d062f9d68d
core/logs: remove warnings (#5235) 
* core/logs: remove warnings

* switch to error
 2024-08-27 09:38:50 -06:00
Joe Kralicky
56ba07e53e
Optimize policy iterators (#5184) 
* Optimize policy iterators (go1.23)

This modifies (*Options).GetAllPolicies() to use a go 1.23 iterator
instead of copying all policies on every call, which can be extremely
expensive. All existing usages of this function were updated as
necessary.

Additionally, a new (*Options).NumPolicies() method was added which
quickly computes the number of policies that would be given by
GetAllPolicies(), since there were several usages where only the
number of policies was needed.

* Fix race condition when assigning default envoy opts to a policy
 2024-08-20 12:35:10 -04:00
Caleb Doxsey
1a5b8b606f
core/lint: upgrade golangci-lint, replace interface{} with any (#5099) 
* core/lint: upgrade golangci-lint, replace interface{} with any

* regen proto
 2024-05-02 14:33:52 -06:00
Caleb Doxsey
55eb2fa3dc
core/authorize: result denied improvements (#4952) 
* core/authorize: result denied improvements

* add authenticate robots.txt

* fix tests
 2024-02-01 16:16:33 -07:00
Caleb Doxsey
f684910ab3
core/config: remove cookie secure option (#4907) 2024-01-12 13:28:14 -07:00
Caleb Doxsey
2dbcf32cc6
core/proxy: handle missing session for user info endpoint (#4769) 2024-01-08 07:03:49 -07:00
Kenneth Jenkins
5ccd7a520a
support both stateful and stateless authenticate (#4765) 
Update the initialization logic for the authenticate, authorize, and
proxy services to automatically select between the stateful
authentication flow and the stateless authentication flow, depending on
whether Pomerium is configured to use the hosted authenticate service.

Add a unit test case to verify that the sign_out handler does not 
trigger a sign in redirect.
 2023-12-07 14:24:13 -08:00
Kenneth Jenkins
b7896b3153
authenticateflow: move stateless flow logic (#4820) 
Consolidate all logic specific to the stateless authenticate flow into a
a new Stateless type in a new package internal/authenticateflow. This is
in preparation for adding a new Stateful type implementing the older
stateful authenticate flow (from Pomerium v0.20 and previous).

This change is intended as a pure refactoring of existing logic, with no
changes in functionality.
 2023-12-06 16:55:57 -08:00
Caleb Doxsey
be0104b842
config: add cookie_same_site option (#4148) 2023-05-03 14:36:42 -06:00
Caleb Doxsey
bbed421cd8
config: remove source, remove deadcode, fix linting issues (#4118) 
* remove source, remove deadcode, fix linting issues

* use github action for lint

* fix missing envoy
 2023-04-21 17:25:11 -06:00
Denis Mishin
ccf15f8f3d
move hpke public key handler out of internal (#4065) 2023-03-20 10:37:00 -04:00
Caleb Doxsey
0f295d4a63
hpke: move published public keys to a new endpoint (#4044) 2023-03-08 09:17:04 -07:00
Caleb Doxsey
2b8d51def5
urlutil: add version to query string (#4028) 2023-02-28 14:01:13 -07:00
Denis Mishin
62ca7ffaa2
authenticate: fix authenticate_internal_service_url for all in one (#4003) 2023-02-22 10:42:27 -05:00
Caleb Doxsey
da46b4a47d
config: use insecure skip verify if derived certificates are not used (#3861) 2023-01-11 13:50:51 -07:00
Denis Mishin
a49f86d023
use tlsClientConfig instead of custom dialer (#3830) 
* use tlsClientConfig instead of custom dialer

* rm debug log
 2022-12-27 09:55:36 -07:00
Caleb Doxsey
3e892a8533
options: support multiple signing keys (#3828) 
* options: support multiple signing keys

* fix controlplane method, errors
 2022-12-22 09:31:09 -07:00
Caleb Doxsey
753eeff12f
proxy: fix sign out redirect (#3827) 
* proxy: fix sign out redirect

* add test
 2022-12-20 09:32:49 -07:00
Caleb Doxsey
c86ca6f76f
webauthn: require session when accessing /.pomerium/webauthn (#3814) 
* webauthn: require session when accessing /.pomerium/webauthn

* remove dead code

* remove unusued PomeriumDomains field
 2022-12-16 10:59:21 -07:00
Caleb Doxsey
b375dc4896
jwt: require logged in user to return .pomerium/jwt (#3807) 
* jwt: require logged in user to return .pomerium/jwt

* fix test

* update test
 2022-12-13 13:49:36 -07:00
Caleb Doxsey
57217af7dd
authenticate: implement hpke-based login flow (#3779) 
* urlutil: add time validation functions

* authenticate: implement hpke-based login flow

* fix import cycle

* fix tests

* log error

* fix callback url

* add idp param

* fix test

* fix test
 2022-12-05 15:31:07 -07:00
Caleb Doxsey
fa26587f19
remove forward auth (#3628) 2022-11-23 15:59:28 -07:00
Caleb Doxsey
c1a522cd82
proxy: add userinfo and webauthn endpoints (#3755) 
* proxy: add userinfo and webauthn endpoints

* use TLD for RP id

* use EffectiveTLDPlusOne

* upgrade webauthn

* fix test

* Update internal/handlers/jwks.go

Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>

Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>
 2022-11-22 10:26:35 -07:00
Caleb Doxsey
9413123c0f
config: generate cookie secret if not set in all-in-one mode (#3742) 
* config: generate cookie secret if not set in all-in-one mode

* fix tests

* config: add warning about cookie_secret

* breakup lines
 2022-11-11 14:14:30 -07:00
Caleb Doxsey
30bdae3d9e
sessions: check idp id to detect provider changes to force session invalidation (#3707) 
* sessions: check idp id to detect provider changes to force session invalidation

* remove dead code

* fix test
 2022-10-25 16:20:32 -06:00
Caleb Doxsey
63b210e51d
httputil: remove error details (#3703) 2022-10-25 08:00:21 -06:00
Caleb Doxsey
0ac7e45a21
atomicutil: use atomicutil.Value wherever possible (#3517) 
* atomicutil: use atomicutil.Value wherever possible

* fix test

* fix mux router
 2022-07-28 15:38:38 -06:00
Caleb Doxsey
86625a4ddb
config: support files for shared_secret, client_secret, cookie_secret and signing_key (#3453) 2022-06-29 10:44:08 -06:00
bobby
ebbb6a7ff2
docs: update references, remove docs dir (#3420) 
* docs: update references, remove docs dir

Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>

* Update README.md

Co-authored-by: Alex Fornuto <afornuto@pomerium.com>

* Update Docs Paths

* precommit

Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>

* remove spellcheck

Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>

* spell the check

Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>

Co-authored-by: Alex Fornuto <afornuto@pomerium.com>
 2022-06-13 16:52:52 -07:00