3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-05-31 18:07:17 +02:00
Code Issues Projects Releases Packages Wiki Activity
2612 commits 165 branches 127 tags 104 MiB
Commit graph

249 commits

Author SHA1 Message Date
Caleb Doxsey
57217af7dd
authenticate: implement hpke-based login flow (#3779) 
* urlutil: add time validation functions

* authenticate: implement hpke-based login flow

* fix import cycle

* fix tests

* log error

* fix callback url

* add idp param

* fix test

* fix test
 2022-12-05 15:31:07 -07:00
Caleb Doxsey
1848a9737f
upgrade to golang-lru v2 (#3771) 2022-12-02 09:25:52 -07:00
Denis Mishin
fa0ba60aee
bump envoy to v1.24.0 (#3767) 2022-11-28 09:32:31 -07:00
Caleb Doxsey
fa26587f19
remove forward auth (#3628) 2022-11-23 15:59:28 -07:00
Caleb Doxsey
e1f881f82b
authorize: fix user caching (#3734) 2022-11-08 08:23:41 -07:00
Caleb Doxsey
02df20f10a
authorize: performance improvements (#3723) 2022-11-04 17:09:52 -06:00
Denis Mishin
a3cfe8fa42
keep trace span context (#3724) 2022-11-04 17:52:13 -04:00
Caleb Doxsey
c178819875
move directory providers (#3633) 
* remove directory providers and support for groups

* idp: remove directory providers

* better error messages

* fix errors

* restore postgres

* fix test
 2022-11-03 11:33:56 -06:00
Caleb Doxsey
30bdae3d9e
sessions: check idp id to detect provider changes to force session invalidation (#3707) 
* sessions: check idp id to detect provider changes to force session invalidation

* remove dead code

* fix test
 2022-10-25 16:20:32 -06:00
dependabot[bot]
ec495bb682
chore(deps): bump github.com/golangci/golangci-lint from 1.48.0 to 1.50.0 (#3667) 
* chore(deps): bump github.com/golangci/golangci-lint

Bumps [github.com/golangci/golangci-lint](https://github.com/golangci/golangci-lint) from 1.48.0 to 1.50.0.
- [Release notes](https://github.com/golangci/golangci-lint/releases)
- [Changelog](https://github.com/golangci/golangci-lint/blob/master/CHANGELOG.md)
- [Commits](https://github.com/golangci/golangci-lint/compare/v1.48.0...v1.50.0)

---
updated-dependencies:
- dependency-name: github.com/golangci/golangci-lint
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* lint

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Caleb Doxsey <cdoxsey@pomerium.com>
 2022-10-19 09:36:59 -06:00
Caleb Doxsey
47e3176ea4
authorize: enforce service account expiration (#3661) 2022-10-13 09:28:42 -06:00
Caleb Doxsey
c0ca1e1a98
authorize: handle user-unauthenticated response for deny blocks (#3559) 
* authorize: handle user-unauthenticated response for deny blocks

* fix test
 2022-08-22 17:09:26 -06:00
Caleb Doxsey
46703b9419
config: add branding settings (#3558) 2022-08-16 14:51:47 -06:00
Caleb Doxsey
3c63b6c028
authorize: add policy error details for custom error messages (#3542) 
* authorize: add policy error details for custom error messages

* remove fmt.Println

* fix tests

* add docs
 2022-08-09 14:46:31 -06:00
Caleb Doxsey
b5ac7dbc76
sets: convert set types to generics (#3519) 
* sets: convert set types to generics

* sets: use internal sets package
 2022-07-29 12:32:17 -06:00
Caleb Doxsey
0ac7e45a21
atomicutil: use atomicutil.Value wherever possible (#3517) 
* atomicutil: use atomicutil.Value wherever possible

* fix test

* fix mux router
 2022-07-28 15:38:38 -06:00
Caleb Doxsey
89a105c8e6
authorize: add request id to context (#3497) 
* authorize: add request id to context

* fix context keys
 2022-07-26 14:34:48 -06:00
Caleb Doxsey
fe61a74e1b
authorize: fix device synchronization (#3482) 2022-07-15 17:27:06 -06:00
Caleb Doxsey
bc078f8bd2
authorize: fix x-forwarded-uri (#3479) 
* authorize: fix x-forwarded-uri

* fix raw path
 2022-07-14 09:32:48 -06:00
Caleb Doxsey
ca8db7b619
authorize: show plain text error page for traefik and nginx (#3477) 2022-07-13 08:36:18 -06:00
Caleb Doxsey
86625a4ddb
config: support files for shared_secret, client_secret, cookie_secret and signing_key (#3453) 2022-06-29 10:44:08 -06:00
Caleb Doxsey
15e3b3a431
authorize: allow missing user for authorization (#3421) 2022-06-14 05:44:34 -06:00
Caleb Doxsey
493148b13f
authorize: fix not found check (#3410) 2022-06-08 09:15:57 -06:00
Caleb Doxsey
f61e7efe73
authorize: use query instead of sync for databroker data (#3377) 2022-06-01 15:40:07 -06:00
Seena Fallah
a2d2f34e24
fix: close the ticker after opened (#3318) 
This may cause a high cpu usage on each call

Signed-off-by: Seena Fallah <seenafallah@gmail.com>
 2022-05-04 09:55:25 -06:00
Caleb Doxsey
f73c5c615f
databroker: add support for putting multiple records (#3291) 
* databroker: add support for putting multiple records

* add OptimumPutRequestsFromRecords function

* replace GetAll with SyncLatest

* fix stream when there are no records
 2022-04-26 16:41:38 -06:00
Caleb Doxsey
74310b3de3
authorize: pass idp id for webauthn url, allow unauthenticated access to static files (#3282) 2022-04-20 11:07:09 -06:00
Caleb Doxsey
c19048649a
authorize: add support for cidr lookups (#3277) 2022-04-19 16:18:34 -06:00
Caleb Doxsey
761c17b8ac
grpc: wait for connect to be ready before making calls (#3253) 
* grpc: wait for connect to be ready before making calls

* make sure to stop the ticker
 2022-04-08 12:18:52 -06:00
Caleb Doxsey
d299b42509
authorize: add name claim (#3238) 2022-04-05 12:08:00 -06:00
Caleb Doxsey
36f73fa6c7
authorize: track session and service account access date (#3220) 
* session: add accessed at date

* authorize: track session and service account access times

* Revert "databroker: add support for field masks on Put (#3210)"

This reverts commit 2dc778035d.

* add test

* fix data race in test

* add deadline for update

* track dropped accesses
 2022-03-31 09:19:04 -06:00
Caleb Doxsey
a0e64b1cf9
authorize: add request IP to rego evaluation (#3107) 2022-03-07 15:07:58 -07:00
Caleb Doxsey
99b9a3ee12
authorize: add support for passing access or id token upstream (#3047) 
* authorize: add support for passing access or id token upstream

* use an enum
 2022-02-17 09:28:31 -07:00
Caleb Doxsey
f9b95a276b
authenticate: support for per-route client id and client secret (#3030) 
* implement dynamic provider support

* authenticate: support per-route client id and secret
 2022-02-16 12:31:55 -07:00
Caleb Doxsey
46c4d5fa7e
session: remove unused session state properties (#3022) 
* fix error page

* share dashboard code

* sessions: remove unused session state properties

* remove programmatic

* remove version
 2022-02-09 10:59:06 -07:00
Caleb Doxsey
0898dd4f34
proxy: fix error page (#3020) 
* fix error page

* proxy: fix error page

* share dashboard code

* fix test
 2022-02-09 09:14:24 -07:00
Caleb Doxsey
2824faecbf
frontend: react+mui (#3004) 
* mui v5 wip

* wip

* wip

* wip

* use compressor for all controlplane endpoints

* wip

* wip

* add deps

* fix authenticate URL

* fix test

* fix test

* fix build

* maybe fix build

* fix integration test

* remove image asset test

* add yarn.lock
 2022-02-07 08:47:58 -07:00
Caleb Doxsey
5b9a981191
handle device states in deny block, fix default device type (#2919) 
* handle device states in deny block, fix default device type

* fix tests
 2022-01-11 11:56:54 -07:00
cfanbo
84dad4c612
remove deprecated ioutil usages (#2877) 
* fix: Fixed return description error

* config/options: Adjust the position of TracingJaegerAgentEndpoint option

* DOCS: Remove duplicate configuration items

Remove duplicate configuration items of route

* remove deprecated ioutil usages
 2021-12-30 10:02:12 -08:00
Caleb Doxsey
a3be1b7cc5
devices: switch "default" device type to two built-in default device types (#2835) 2021-12-20 10:44:29 -07:00
Caleb Doxsey
5a858f5d48
config: add internal service URLs (#2801) 
* config: add internal service URLs

* maybe fix integration tests

* add docs

* fix integration tests

* for databroker connect to external name, but listen on internal name

* Update docs/reference/readme.md

Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com>

* Update docs/reference/readme.md

Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com>

* Update docs/reference/readme.md

Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com>

* Update docs/reference/settings.yaml

Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com>

* Update docs/reference/settings.yaml

Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com>

* Update docs/reference/settings.yaml

Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com>

Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com>
 2021-12-10 14:04:37 -05:00
Caleb Doxsey
2d04106e6d
ppl: add support for http_path and http_method (#2813) 
* ppl: add support for http_path and http_method

* fix import ordering
 2021-12-10 07:28:51 -07:00
Caleb Doxsey
c97dcf7e0f
envoy: add hash policy and routing key for hash-based load balancers (#2791) 
* envoy: add hash policy and routing key for hash-based load balancers

* fix integration test

* fix nginx
 2021-12-01 13:42:12 -07:00
Caleb Doxsey
a8b76bd623
authorize: support X-Pomerium-Authorization in addition to Authorization (#2780) 
* authorize: support X-Pomerium-Authorization in addition to Authorization

* tangentental correction

Co-authored-by: alexfornuto <alex@fornuto.com>
 2021-11-29 12:19:14 -07:00
Caleb Doxsey
d390e80b30
authenticate: add databroker versions to session cookie (#2709) 
* authenticate: add databroker versions to session cookie
authorize: wait for databroker synchronization on updated sessions

* fix test
 2021-10-26 14:45:53 -06:00
Caleb Doxsey
3497c39b9b
authorize: add support for webauthn device policy enforcement (#2700) 
* authorize: add support for webauthn device policy enforcement

* update docs

* group statuses
 2021-10-25 09:41:03 -06:00
Caleb Doxsey
6e48627b4d
ppl: add support for additional data (#2696) 
* ppl: add support for additional data

* remove unused NewCriterionDeviceRule
 2021-10-22 12:32:20 -06:00
Caleb Doxsey
efffe57bf0
ppl: pass contextual information through policy (#2612) 
* ppl: pass contextual information through policy

* maybe fix nginx

* fix nginx

* pr comments

* go mod tidy
 2021-09-20 16:02:26 -06:00
Caleb Doxsey
0786c7fc45
authorize: use session.user_id in headers (#2571) 2021-09-03 14:51:09 -06:00
Caleb Doxsey
33f5190572
config: remove signature_key_algorithm (#2557) 
* config: remove signature_key_algorithm

* typo

* add more tests
 2021-09-02 11:36:43 -06:00