3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-05-02 03:46:29 +02:00
Code Issues Projects Releases Packages Wiki Activity
417 commits 158 branches 125 tags 103 MiB
Commit graph

161 commits

Author SHA1 Message Date
nitper
6a10112ebe docs: fix cookie_domain (#472) 2020-01-28 09:35:07 -08:00
Bobby DeSimone
dd54ce4481
v0.6.0 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-01-24 16:09:47 -08:00
Bobby DeSimone
8956bf4411
proxy: add preserve host header (#463) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-01-22 21:03:22 -08:00
Bobby DeSimone
f0d811f2bb
proxy: fix unauthorized redirect loop (fwdauth) (#448) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-01-11 10:23:50 -08:00
Bobby DeSimone
8b7f344e01
docs: s/fwdauth/forwardauth/ (#447) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-01-07 13:54:36 -08:00
Travis Groth
e20e1f08c5
Fix typo in forward auth nginx docs (#445) 2020-01-01 12:52:18 -05:00
Dave Anderson
86b48a2aaf Add documentation for cookie settings. (#429) 2019-12-21 14:40:31 -08:00
Travis Groth
1dfcd396fc
config: Validate that shared_key does not contain whitespace 2019-12-20 06:20:39 -05:00
Rio Kierkels
11843c5611 docs(background): improved sentence flow and other stuff (#422) 2019-12-12 08:51:54 -10:00
Bobby DeSimone
edba21e0c9
docs: update v0.3.0 regarding all service mode (#408) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2019-11-27 08:36:21 -08:00
Bobby DeSimone
c8e6277a30
Merge remote-tracking branch 'upstream/master' into bugs/fix-forward-auth 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2019-11-25 15:02:25 -08:00
Bobby DeSimone
0f6a9d7f1d
proxy: fix forward auth, request signing 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2019-11-25 14:29:52 -08:00
Travis Groth
e5b13a9bf6
add yaml tags to all pointers in config (#397) 2019-11-24 16:45:21 -05:00
Travis Groth
f20d913abe
proxy: Fix policy reload regression (#396) 
* Fix policy reload regression

* Update changelog
 2019-11-22 19:28:36 -05:00
Travis Groth
8164cfd85a
config: Update yaml tags (#394) 
* Add/update yaml tags for Options and Policy
 2019-11-20 22:37:44 -05:00
Bobby DeSimone
ec9607d1d5
v0.5.0 (#375) 2019-11-14 20:02:16 -08:00
Bobby DeSimone
b9ab49c32c
internal/sessions: fix cookie clear session (#376) 
CookieStore's ClearSession now properly clears the user session cookie by setting MaxAge to -1.

internal/sessions: move encoder interface to encoding package, and rename to MarshalUnmarshaler.
internal/encoding: move mock to own package
authenticate: use INFO log level for authZ error.

Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2019-11-09 10:49:24 -08:00
Bobby DeSimone
d3d60d1055 all: support route scoped sessions 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2019-11-06 17:54:15 -08:00
Bobby DeSimone
83342112bb
docs: add enterprise contact page (#371) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2019-10-20 10:48:08 -07:00
Bobby DeSimone
028434ff4f
v0.4.2 (#370) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2019-10-18 08:11:11 -07:00
Bobby DeSimone
64a10c67d8
v0.4.1 (#369) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>

Go 1.13.2

Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2019-10-17 17:24:39 -07:00
Bobby DeSimone
d4d8f06e21
docs: add k8s dashboard recipe (#365) 2019-10-17 09:03:11 -07:00
Bobby DeSimone
7d7e997e79
proxy: verify endpoint strip added callback params (#368) 
- proxy: use distinct host route for forward-auth handlers
- proxy: have auth middleware set pomerium headers for request and response
 2019-10-15 15:36:00 -07:00
Bobby DeSimone
0e85b2b1cb
bug: fix forward-auth redirect (#364) 2019-10-13 11:09:30 -07:00
Bobby DeSimone
303e4c34a3
docs: add faq / troubleshooting guide (#361) 2019-10-10 11:03:00 -07:00
Bobby DeSimone
a221a8b531
docs: make authorize service url more clear (#360) 
- don't use script include for vscode recipe

Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2019-10-09 18:23:35 -07:00
Bobby DeSimone
fc3b16d366
docs: add AdGuard recipe (#359) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2019-10-09 08:28:12 -07:00
Bobby DeSimone
acc85dbf42 docs: use master for docs again 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2019-10-08 17:28:06 -07:00
Bobby DeSimone
28eae36ce1
v0.4.0 
deployment: prepare v0.4.0 (#350
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2019-10-07 19:53:57 -07:00
Bobby DeSimone
a96aec57d5
proxy: add per-route request headers setting (#346) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2019-10-04 14:51:52 -07:00
Bobby DeSimone
eaa1e7a4fb
proxy: support external access control requests (#324) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2019-10-03 21:22:44 -07:00
Bobby DeSimone
df822a4bae
all: support insecure mode 
- pomerium/authenticate: add cookie secure setting
- internal/config: transport security validation moved to options
- internal/config: certificate struct hydrated
- internal/grpcutil: add grpc server mirroring http one
- internal/grpcutil: move grpc middleware
- cmd/pomerium: use run wrapper around main to pass back errors
- cmd/pomerium: add waitgroup (block on) all servers http/grpc

Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2019-10-02 18:44:19 -07:00
Bobby DeSimone
412782658b
docs: use dev for current master branch 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2019-10-02 17:16:56 -07:00
Bobby DeSimone
7cef246d53
docs: add version dropdown 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2019-10-02 15:31:02 -07:00
Bobby DeSimone
1e4496c2b9
Merge pull request #334 from desimone/docs/add-nist-zta 
docs: add nist publication to background
 2019-10-01 18:50:07 -07:00
Travis Groth
251ab0d527
internal/config: Switch to using struct scoped viper instance (#332) 
* Switch to using struct scoped viper instance

* Rename NewXXXOptions

* Handle unchecked errors from viper.BindEnv
 2019-10-01 18:16:36 -04:00
Bobby DeSimone
13baa22898
docs: add nist publication to background 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2019-10-01 10:24:08 -07:00
Bobby DeSimone
33d4e4843b
internal/log: return full X-Forwarded-For 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2019-09-28 12:15:13 -07:00
Bobby DeSimone
7c755d833f
authenticate: encrypt & mac oauth2 callback state 
- cryptutil: add hmac & tests
- cryptutil: rename cipher / encoders to be more clear
- cryptutil: simplify SecureEncoder interface
- cryptutil: renamed NewCipherFromBase64 to NewAEADCipherFromBase64
- cryptutil: move key & random generators to helpers

Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2019-09-23 19:15:52 -07:00
Bobby DeSimone
5842f3033a
middleware: health-check respond to all methods 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2019-09-19 16:05:07 -07:00
Stuart Howlette
490d131070 docs: add AWS Cognito identity provider instructions (#314) 
* Added AWS Cognito instructions for working with Pomerium
* pngcrushed the images, and added cognito to vuepress identity providers config
 2019-09-19 08:36:05 -07:00
Bobby DeSimone
cd6311773f
Merge pull request #311 from desimone/bug/308 
cmd/pomerium: add host to main logging handler
 2019-09-18 19:55:00 -07:00
Bobby DeSimone
cfeb5e1ef9
Merge pull request #310 from desimone/bug/262 
proxy: handle double slash in paths
 2019-09-18 19:54:38 -07:00
Bobby DeSimone
c315b62df4
Merge pull request #304 from desimone/bug/fix-group-impersonation 
proxy: fix group impersonation bug
 2019-09-18 19:54:17 -07:00
Travis Groth
d5ac4a676a
Add production configuration docs (#309) 2019-09-18 21:12:31 -04:00
Bobby DeSimone
4d05ca635e
docs: fix existing links 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2019-09-17 09:07:25 -07:00
Bobby DeSimone
21e215ccea
proxy: handle double slash in paths 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2019-09-16 20:34:04 -07:00
Bobby DeSimone
d9b18f77b7
update changelog 2019-09-16 20:24:30 -07:00
Bobby DeSimone
decf661eb0
proxy: fix group impersonation bug 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2019-09-16 19:23:55 -07:00
Bobby DeSimone
dc12947241
all: refactor handler logic 
- all: prefer `FormValues` to `ParseForm` with subsequent `Form.Get`s
- all: refactor authentication stack to be checked by middleware, and accessible via request context.
- all: replace http.ServeMux with gorilla/mux’s router
- all: replace custom CSRF checks with gorilla/csrf middleware
- authenticate: extract callback path as constant.
- internal/config: implement stringer interface for policy
- internal/cryptutil: add helper func `NewBase64Key`
- internal/cryptutil: rename `GenerateKey` to `NewKey`
- internal/cryptutil: rename `GenerateRandomString` to `NewRandomStringN`
- internal/middleware: removed alice in favor of gorilla/mux
- internal/sessions: remove unused `ValidateRedirectURI` and `ValidateClientSecret`
- internal/sessions: replace custom CSRF with gorilla/csrf fork that supports custom handler protection
- internal/urlutil: add `SignedRedirectURL` to create hmac'd URLs
- internal/urlutil: add `ValidateURL` helper to parse URL options
- internal/urlutil: add `GetAbsoluteURL` which takes a request and returns its absolute URL.
- proxy: remove holdover state verification checks; we no longer are setting sessions in any proxy routes so we don’t need them.
- proxy: replace un-named http.ServeMux with named domain routes.

Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2019-09-16 18:01:14 -07:00