pomerium

mirror of https://github.com/pomerium/pomerium.git synced 2025-05-02 20:06:03 +02:00

Author	SHA1	Message	Date
Caleb Doxsey	c6d1f17100	core/ui: fix page title (#4957 ) * core/ui: fix page title * cache template	2024-02-12 14:05:18 -07:00
Caleb Doxsey	4301da3648	core/telemetry: move requestid to pkg directory (#4911 )	2024-01-19 13:18:16 -07:00
Caleb Doxsey	3adbc65d37	core/authenticate: refactor identity authenticators to initiate redirect (#4858 ) * core/authenticate: refactor identity authenticators to initiate redirect, use cookie for redirect url for cognito * set secure and http only, update test	2023-12-19 12:04:23 -07:00
Caleb Doxsey	a2fd95aae6	core/ci: update linting (#4844 ) * core/ci: update linting * re-add exportloopref * re-add gocheckcompilerdirectives * re-add stylecheck * re-add usestdlibvars * upgrade lint --------- Co-authored-by: Denis Mishin <dmishin@pomerium.com>	2023-12-14 09:07:54 -08:00
Caleb Doxsey	638d9f3d6c	proxy: add support for logging http request headers (#4388 ) * config: add customization options for logging * config: validate log fields * proxy: add support for logging http request headers * log subset of headers * fix test name * dont use log.HTTPHeaders for access logs * canonicalize http/2 headers	2023-07-25 09:46:42 -06:00
Denis Mishin	0ab2057714	authenticate: add events (#4051 )	2023-05-01 15:11:30 -04:00
Caleb Doxsey	bbed421cd8	config: remove source, remove deadcode, fix linting issues (#4118 ) * remove source, remove deadcode, fix linting issues * use github action for lint * fix missing envoy	2023-04-21 17:25:11 -06:00
Caleb Doxsey	da46b4a47d	config: use insecure skip verify if derived certificates are not used (#3861 )	2023-01-11 13:50:51 -07:00
Caleb Doxsey	bfcd15435f	authenticate: add additional error details for hmac errors (#3878 )	2023-01-11 07:53:11 -07:00
Caleb Doxsey	a5082f60e7	httputil: ignore errors < 400 (#3781 )	2022-12-05 09:00:25 -07:00
Caleb Doxsey	457fca08dc	httputil: add cookie chunker (#3775 )	2022-12-02 09:41:09 -07:00
Caleb Doxsey	fa26587f19	remove forward auth (#3628 )	2022-11-23 15:59:28 -07:00
Caleb Doxsey	c1a522cd82	proxy: add userinfo and webauthn endpoints (#3755 ) * proxy: add userinfo and webauthn endpoints * use TLD for RP id * use EffectiveTLDPlusOne * upgrade webauthn * fix test * Update internal/handlers/jwks.go Co-authored-by: bobby <1544881+desimone@users.noreply.github.com> Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>	2022-11-22 10:26:35 -07:00
Caleb Doxsey	4d10d36509	controlplane: fix /.well-known/pomerium missing CORS headers (#3738 )	2022-11-09 12:08:28 -07:00
Caleb Doxsey	b68dc1ff4f	controlplane: move jwks.json endpoint to control plane (#3691 )	2022-10-25 08:01:33 -06:00
Caleb Doxsey	63b210e51d	httputil: remove error details (#3703 )	2022-10-25 08:00:21 -06:00
Alex	fc21579e4b	Fix typos (#3575 ) typos	2022-08-30 15:51:40 -07:00
Caleb Doxsey	46703b9419	config: add branding settings (#3558 )	2022-08-16 14:51:47 -06:00
Caleb Doxsey	3c63b6c028	authorize: add policy error details for custom error messages (#3542 ) * authorize: add policy error details for custom error messages * remove fmt.Println * fix tests * add docs	2022-08-09 14:46:31 -06:00
dependabot[bot]	60b9f3d92d	chore(deps): bump github.com/golangci/golangci-lint from 1.47.3 to 1.48.0 (#3541 ) * chore(deps): bump github.com/golangci/golangci-lint Bumps [github.com/golangci/golangci-lint](https://github.com/golangci/golangci-lint) from 1.47.3 to 1.48.0. - [Release notes](https://github.com/golangci/golangci-lint/releases) - [Changelog](https://github.com/golangci/golangci-lint/blob/master/CHANGELOG.md) - [Commits](https://github.com/golangci/golangci-lint/compare/v1.47.3...v1.48.0) --- updated-dependencies: - dependency-name: github.com/golangci/golangci-lint dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * fix linting issues Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Caleb Doxsey <cdoxsey@pomerium.com>	2022-08-09 08:25:57 -06:00
Caleb Doxsey	a938a23ea2	device enrollment: fix ip address (#3430 )	2022-06-16 11:30:38 -06:00
Caleb Doxsey	74310b3de3	authorize: pass idp id for webauthn url, allow unauthenticated access to static files (#3282 )	2022-04-20 11:07:09 -06:00
Caleb Doxsey	7d00ad9b7d	remove version (#3184 )	2022-03-23 11:51:24 -06:00
Caleb Doxsey	38c7089642	userinfo: fix logout button, add sign out confirm page (#3058 ) * userinfo: fix logout button, add sign out confirm page * fix test	2022-02-23 08:15:00 -07:00
Caleb Doxsey	f9b95a276b	authenticate: support for per-route client id and client secret (#3030 ) * implement dynamic provider support * authenticate: support per-route client id and secret	2022-02-16 12:31:55 -07:00
Caleb Doxsey	0898dd4f34	proxy: fix error page (#3020 ) * fix error page * proxy: fix error page * share dashboard code * fix test	2022-02-09 09:14:24 -07:00
Caleb Doxsey	2824faecbf	frontend: react+mui (#3004 ) * mui v5 wip * wip * wip * wip * use compressor for all controlplane endpoints * wip * wip * add deps * fix authenticate URL * fix test * fix test * fix build * maybe fix build * fix integration test * remove image asset test * add yarn.lock	2022-02-07 08:47:58 -07:00
cfanbo	84dad4c612	remove deprecated ioutil usages (#2877 ) * fix: Fixed return description error * config/options: Adjust the position of TracingJaegerAgentEndpoint option * DOCS: Remove duplicate configuration items Remove duplicate configuration items of route * remove deprecated ioutil usages	2021-12-30 10:02:12 -08:00
Travis Groth	e2e0646f70	Fix IdP client metrics (#2810 )	2021-12-08 13:22:53 -05:00
Caleb Doxsey	c97dcf7e0f	envoy: add hash policy and routing key for hash-based load balancers (#2791 ) * envoy: add hash policy and routing key for hash-based load balancers * fix integration test * fix nginx	2021-12-01 13:42:12 -07:00
Caleb Doxsey	a8b76bd623	authorize: support X-Pomerium-Authorization in addition to Authorization (#2780 ) * authorize: support X-Pomerium-Authorization in addition to Authorization * tangentental correction Co-authored-by: alexfornuto <alex@fornuto.com>	2021-11-29 12:19:14 -07:00
Caleb Doxsey	3497c39b9b	authorize: add support for webauthn device policy enforcement (#2700 ) * authorize: add support for webauthn device policy enforcement * update docs * group statuses	2021-10-25 09:41:03 -06:00
Caleb Doxsey	1162585471	authenticate: add support for webauthn (#2688 ) * authenticate: add support for webauthn * remove rfc4648 library due to missing LICENSE * fix test * put state function in separate function	2021-10-20 13:18:34 -06:00
Caleb Doxsey	9fa65e069c	github: support provider URL (#2490 )	2021-08-18 09:20:08 -06:00
Caleb Doxsey	0620cfdc50	config: add support for embedded PPL policy (#2401 )	2021-07-27 13:44:10 -06:00
Caleb Doxsey	ac8ae3ef5b	directory: add logging http client to help with debugging outbound http requests (#2385 )	2021-07-22 11:58:52 -06:00
wasaga	12c8bb2da4	authorize: preserve original context (#2247 )	2021-06-01 11:10:35 -04:00
bobby	9215833a0b	control plane: add request id to all error pages (#2149 ) * controlplane: add request id to all error pages - use a single http error handler for both envoy and go control plane - add http lib style status text for our custom statuses. Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>	2021-04-28 15:04:44 -07:00
Caleb Doxsey	b3216ae854	httputil: fix SPDY support with reverse proxy (#2134 )	2021-04-26 14:45:07 -06:00
Caleb Doxsey	b1d62bb541	config: remove validate side effects (#2109 ) * config: default shared key * handle additional errors * update grpc addr and grpc insecure * update google cloud service authentication service account * fix set response headers * fix qps * fix test	2021-04-22 15:10:50 -06:00
wasaga	e0c09a0998	log context (#2107 )	2021-04-22 10:58:13 -04:00
Caleb Doxsey	a51c7140ea	cryptutil: use bytes for hmac (#2067 )	2021-04-07 14:57:24 -06:00
Caleb Doxsey	d8f11dcb91	proxy: support re-proxying request through control plane for kubernetes (#2051 ) * proxy: support re-proxying request from envoy for kubernetes * encrypt policy id for reproxy, implement tls options * add comment, use hmac * use httputil handler and error * remove reproxy headers on all incoming request * only allow re-proxying for kubernetes, strip headers * fix tests	2021-04-06 12:08:09 -06:00
Caleb Doxsey	e2ebef44ef	telemetry: add installation id (#2017 ) * telemetry: add installation id * set installation id globally * remove unneeded changes	2021-03-24 07:22:54 -06:00
bobby	9c7958b66f	middleware: equalize lengths of input (#1934 ) Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>	2021-02-23 08:31:17 -08:00
Caleb Doxsey	8b42eb5ebd	config: add metrics_basic_auth option (#1917 ) * config: add metrics_basic_auth option * remove println * use constant time compare	2021-02-22 13:37:18 -07:00
Caleb Doxsey	cc85ea601d	policy: add new certificate-authority option for downstream mTLS client certificates (#1835 ) * policy: add new certificate-authority option for downstream mTLS client certificates * update proto, docs	2021-02-01 08:10:32 -07:00
bobby	6466efddd5	authenticate: update user info screens (#1774 ) - rename "dashboard" to userinfo to avoid confusion - don't leak version from error page. - fix typo in state.go - make statik determenistic on modtime Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>	2021-01-13 13:15:31 -08:00
bobby	f837c92741	dev: update linter (#1728 ) - gofumpt everything - fix TLS MinVersion to be at least 1.2 - add octal syntax - remove newlines - fix potential decompression bomb in ecjson - remove implicit memory aliasing in for loops. Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>	2020-12-30 09:02:57 -08:00
bobby	f719d885b7	authenticate: remove unused paths, generate cipher at startup, remove qp store (#1495 ) * authenticate: remove unused paths, generate cipher on boot - internal/httputil: add JSON renderer - internal/httputil: remove unused query param store and references Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>	2020-10-19 08:09:53 -07:00

1 2

97 commits