3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-05-23 22:17:14 +02:00
Code Issues Projects Releases Packages Wiki Activity
2396 commits 162 branches 127 tags 104 MiB
Commit graph

2396 commits

This branch
This branch
All branches
Author SHA1 Message Date
Bobby DeSimone
c95a72e12a
proxy: fix dashboard path prefix (#347) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2019-10-04 08:36:36 -07:00
Bobby DeSimone
7016534d87
proxy: use custom 404 handler (#348) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2019-10-04 08:36:23 -07:00
Bobby DeSimone
eaa1e7a4fb
proxy: support external access control requests (#324) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2019-10-03 21:22:44 -07:00
Bobby DeSimone
7abcf650e5
Merge pull request #342 from desimone/bug/fix-on-config-change 
internal/config: fix on config change
 2019-10-03 09:08:41 -07:00
Bobby DeSimone
f73d3a09ac
internal/config: fix on config change 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2019-10-02 22:48:41 -07:00
Bobby DeSimone
83a30d80a5
Merge pull request #328 from desimone/feature/support-insecure-mode 
all: support insecure transport
 2019-10-02 19:18:44 -07:00
Bobby DeSimone
df822a4bae
all: support insecure mode 
- pomerium/authenticate: add cookie secure setting
- internal/config: transport security validation moved to options
- internal/config: certificate struct hydrated
- internal/grpcutil: add grpc server mirroring http one
- internal/grpcutil: move grpc middleware
- cmd/pomerium: use run wrapper around main to pass back errors
- cmd/pomerium: add waitgroup (block on) all servers http/grpc

Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2019-10-02 18:44:19 -07:00
Bobby DeSimone
40920b9092
Merge pull request #341 from desimone/docs/fix-master-branch 
docs: use dev for current master branch
 2019-10-02 18:02:49 -07:00
Bobby DeSimone
412782658b
docs: use dev for current master branch 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2019-10-02 17:16:56 -07:00
Bobby DeSimone
540364c566
Merge pull request #335 from desimone/330 
docs: add version dropdown
 2019-10-02 16:52:25 -07:00
Bobby DeSimone
0ff244c372
Merge pull request #340 from desimone/github/less-annoying-templates 
github: make issue templates less annoying
 2019-10-02 16:52:08 -07:00
Bobby DeSimone
7cef246d53
docs: add version dropdown 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2019-10-02 15:31:02 -07:00
Bobby DeSimone
9c4bd38624
github: make issue templates less annoying 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2019-10-02 15:25:07 -07:00
Bobby DeSimone
1e4496c2b9
Merge pull request #334 from desimone/docs/add-nist-zta 
docs: add nist publication to background
 2019-10-01 18:50:07 -07:00
Travis Groth
251ab0d527
internal/config: Switch to using struct scoped viper instance (#332) 
* Switch to using struct scoped viper instance

* Rename NewXXXOptions

* Handle unchecked errors from viper.BindEnv
 2019-10-01 18:16:36 -04:00
Bobby DeSimone
13baa22898
docs: add nist publication to background 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2019-10-01 10:24:08 -07:00
Bobby DeSimone
5df0ff500c
Merge pull request #327 from desimone/tests/logs-improve-coverage 
internal/log: add unit tests
 2019-09-30 22:52:05 -07:00
Bobby DeSimone
ed6e4d3e97
Merge pull request #329 from desimone/bug/fix-url-race 
bug: fix potential race condition in unit test
 2019-09-29 14:47:09 -07:00
Bobby DeSimone
8bd79903db
bug: fix potential race condition in unit test 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2019-09-29 14:15:13 -07:00
Bobby DeSimone
aa0182008f
internal/log: add unit tests 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2019-09-28 13:38:44 -07:00
Bobby DeSimone
1fa45c6ec2
Merge pull request #326 from desimone/feature/log-all-forwarded-for-addr 
internal/log: return full `X-Forwarded-For`
 2019-09-28 12:57:21 -07:00
Bobby DeSimone
33d4e4843b
internal/log: return full X-Forwarded-For 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2019-09-28 12:15:13 -07:00
Bobby DeSimone
218d157fce
Merge pull request #322 from desimone/bugs/fix-helm-script 
scripts: fix helm gke script
 2019-09-27 09:32:31 -07:00
Bobby DeSimone
b525c455a8
Merge pull request #321 from desimone/feature/282-cors-as-middleware 
proxy: use middleware to handle request flow
 2019-09-25 21:51:39 -07:00
Bobby DeSimone
782ffbeb3e
proxy: use middleware to manage request flow 
proxy: remove duplicate error handling in New
proxy: remove routeConfigs in favor of using gorilla/mux
proxy: add proxy specific middleware
proxy: no longer need to use middleware / handler to check if valid route. Can use build in 404 mux.
internal/middleware: add cors bypass middleware

Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2019-09-25 12:28:37 -07:00
Bobby DeSimone
65549124df
scripts: fix helm gke script 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2019-09-24 22:49:34 -07:00
Bobby DeSimone
70c5553d3c
Merge pull request #316 from desimone/bug/hmac-authn-redirect-uri 
authenticate: encrypt & mac oauth callback state
 2019-09-23 19:49:38 -07:00
Bobby DeSimone
7c755d833f
authenticate: encrypt & mac oauth2 callback state 
- cryptutil: add hmac & tests
- cryptutil: rename cipher / encoders to be more clear
- cryptutil: simplify SecureEncoder interface
- cryptutil: renamed NewCipherFromBase64 to NewAEADCipherFromBase64
- cryptutil: move key & random generators to helpers

Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2019-09-23 19:15:52 -07:00
Bobby DeSimone
3a806c6dfc
Merge pull request #320 from desimone/bugs/middleware-healthcheck-other-methods 
middleware: health-check return 405 for non-get
 2019-09-20 08:45:42 -07:00
Bobby DeSimone
5842f3033a
middleware: health-check respond to all methods 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2019-09-19 16:05:07 -07:00
Stuart Howlette
490d131070 docs: add AWS Cognito identity provider instructions (#314) 
* Added AWS Cognito instructions for working with Pomerium
* pngcrushed the images, and added cognito to vuepress identity providers config
 2019-09-19 08:36:05 -07:00
Bobby DeSimone
cd6311773f
Merge pull request #311 from desimone/bug/308 
cmd/pomerium: add host to main logging handler
 2019-09-18 19:55:00 -07:00
Bobby DeSimone
cfeb5e1ef9
Merge pull request #310 from desimone/bug/262 
proxy: handle double slash in paths
 2019-09-18 19:54:38 -07:00
Bobby DeSimone
c315b62df4
Merge pull request #304 from desimone/bug/fix-group-impersonation 
proxy: fix group impersonation bug
 2019-09-18 19:54:17 -07:00
Travis Groth
d5ac4a676a
Add production configuration docs (#309) 2019-09-18 21:12:31 -04:00
Bobby DeSimone
da66784e6a
Merge pull request #317 from desimone/bugs/remove-csrf-from-proxy-route 
proxy: remove accidental csrf checks from proxied routes
 2019-09-18 14:28:44 -07:00
Bobby DeSimone
664fb8b0ea
proxy: remove csrf checks from proxied routes 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2019-09-18 12:47:30 -07:00
Bobby DeSimone
923dca3fe1
Merge pull request #315 from desimone/bugs/add-redirects 
docs: fix existing links
 2019-09-17 09:16:04 -07:00
Bobby DeSimone
4d05ca635e
docs: fix existing links 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2019-09-17 09:07:25 -07:00
Bobby DeSimone
21e215ccea
proxy: handle double slash in paths 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2019-09-16 20:34:04 -07:00
Bobby DeSimone
d9b18f77b7
update changelog 2019-09-16 20:24:30 -07:00
Bobby DeSimone
78b98e2746
cmd/pomerium: add host to main logging handler 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2019-09-16 20:22:59 -07:00
Bobby DeSimone
decf661eb0
proxy: fix group impersonation bug 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2019-09-16 19:23:55 -07:00
Bobby DeSimone
b373634012
Merge pull request #300 from desimone/feature/refactor-serve-mux 
all: refactor handler logic
 2019-09-16 18:58:59 -07:00
Bobby DeSimone
dc12947241
all: refactor handler logic 
- all: prefer `FormValues` to `ParseForm` with subsequent `Form.Get`s
- all: refactor authentication stack to be checked by middleware, and accessible via request context.
- all: replace http.ServeMux with gorilla/mux’s router
- all: replace custom CSRF checks with gorilla/csrf middleware
- authenticate: extract callback path as constant.
- internal/config: implement stringer interface for policy
- internal/cryptutil: add helper func `NewBase64Key`
- internal/cryptutil: rename `GenerateKey` to `NewKey`
- internal/cryptutil: rename `GenerateRandomString` to `NewRandomStringN`
- internal/middleware: removed alice in favor of gorilla/mux
- internal/sessions: remove unused `ValidateRedirectURI` and `ValidateClientSecret`
- internal/sessions: replace custom CSRF with gorilla/csrf fork that supports custom handler protection
- internal/urlutil: add `SignedRedirectURL` to create hmac'd URLs
- internal/urlutil: add `ValidateURL` helper to parse URL options
- internal/urlutil: add `GetAbsoluteURL` which takes a request and returns its absolute URL.
- proxy: remove holdover state verification checks; we no longer are setting sessions in any proxy routes so we don’t need them.
- proxy: replace un-named http.ServeMux with named domain routes.

Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2019-09-16 18:01:14 -07:00
Bobby DeSimone
a793249386
Merge pull request #301 from desimone/docs/fix-example-url-references 
docs: fix example configuration urls
 2019-09-14 09:42:32 -07:00
Bobby DeSimone
014d1e6e2b
Merge pull request #302 from desimone/bugs/staple-golangci-version 
deployment: staple linter versions
 2019-09-12 16:16:57 -07:00
Bobby DeSimone
b3a1a9a8b8
deployment: staple linter version 2019-09-12 16:02:16 -07:00
Bobby DeSimone
37b0897274
docs: fix example configuration urls 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2019-09-12 13:58:09 -07:00
Bobby DeSimone
1a46cd73ef
Merge pull request #297 from yegle/tls_server_name 
Add `tls_server_name` option to policy file.
 2019-09-07 09:10:55 -07:00