3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-04-29 18:36:30 +02:00
Code Issues Projects Releases Packages Wiki Activity
pomerium/authenticate/middleware.go
Travis Groth 0635c838c9
authenticate: validate signature on /.pomerium, /.pomerium/sign_in and /.pomerium/sign_out (#2048) 
Co-authored-by: Caleb Doxsey <cdoxsey@pomerium.com>
2021-04-01 10:04:16 -04:00

34 lines
1.1 KiB
Go
Raw Blame History

package authenticate
import (
"net/http"
"github.com/pomerium/pomerium/internal/httputil"
"github.com/pomerium/pomerium/internal/middleware"
"github.com/pomerium/pomerium/internal/urlutil"
)
// requireValidSignatureOnRedirect validates the pomerium_signature if a redirect_uri or pomerium_signature
// is present on the query string.
func (a *Authenticate) requireValidSignatureOnRedirect(next httputil.HandlerFunc) http.Handler {
return httputil.HandlerFunc(func(w http.ResponseWriter, r *http.Request) error {
if r.FormValue(urlutil.QueryRedirectURI) != "" || r.FormValue(urlutil.QueryHmacSignature) != "" {
err := middleware.ValidateRequestURL(r, a.options.Load().SharedKey)
if err != nil {
return httputil.NewError(http.StatusBadRequest, err)
}
}
return next(w, r)
})
}
// requireValidSignature validates the pomerium_signature.
func (a *Authenticate) requireValidSignature(next httputil.HandlerFunc) http.Handler {
return httputil.HandlerFunc(func(w http.ResponseWriter, r *http.Request) error {
err := middleware.ValidateRequestURL(r, a.options.Load().SharedKey)
if err != nil {
return err
}
return next(w, r)
})
}
Reference in a new issue View git blame Copy permalink