3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-05-01 19:36:32 +02:00
Code Issues Projects Releases Packages Wiki Activity
pomerium/internal/urlutil/proxy.go
Joe Kralicky 396c35b6b4
New tracing system (#5388) 
* update tracing config definitions

* new tracing system

* performance improvements

* only configure tracing in envoy if it is enabled in pomerium

* [tracing] refactor to use custom extension for trace id editing (#5420)

refactor to use custom extension for trace id editing

* set default tracing sample rate to 1.0

* fix proxy service http middleware

* improve some existing auth related traces

* test fixes

* bump envoyproxy/go-control-plane

* code cleanup

* test fixes

* Fix missing spans for well-known endpoints

* import extension apis from pomerium/envoy-custom
2025-01-21 13:26:32 -05:00

64 lines
2 KiB
Go
Raw Blame History

package urlutil
import (
"errors"
"net/http"
"net/url"
)
// ErrMissingRedirectURI indicates the pomerium_redirect_uri was missing from the query string.
var ErrMissingRedirectURI = errors.New("missing " + QueryRedirectURI)
// GetCallbackURL gets the proxy's callback URL from a request and a base64url encoded + encrypted session state JWT.
func GetCallbackURL(r *http.Request, encodedSessionJWT string) (*url.URL, error) {
return GetCallbackURLForRedirectURI(r, encodedSessionJWT, r.FormValue(QueryRedirectURI))
}
// GetCallbackURLForRedirectURI gets the proxy's callback URL from a request and a base64url encoded + encrypted session
// state JWT.
func GetCallbackURLForRedirectURI(r *http.Request, encodedSessionJWT, rawRedirectURI string) (*url.URL, error) {
if rawRedirectURI == "" {
return nil, ErrMissingRedirectURI
}
redirectURI, err := ParseAndValidateURL(rawRedirectURI)
if err != nil {
return nil, err
}
var callbackURI *url.URL
if callbackStr := r.FormValue(QueryCallbackURI); callbackStr != "" {
callbackURI, err = ParseAndValidateURL(callbackStr)
if err != nil {
return nil, err
}
} else {
// otherwise, assume callback is the same host as redirect
callbackURI, err = DeepCopy(redirectURI)
if err != nil {
return nil, err
}
callbackURI.Path = "/.pomerium/callback/"
callbackURI.RawQuery = ""
}
callbackParams := callbackURI.Query()
if r.FormValue(QueryIsProgrammatic) == "true" {
callbackParams.Set(QueryIsProgrammatic, "true")
}
// propagate trace context
if tracecontext := r.FormValue(QueryTraceparent); tracecontext != "" {
callbackParams.Set(QueryTraceparent, tracecontext)
}
if tracestate := r.FormValue(QueryTracestate); tracestate != "" {
callbackParams.Set(QueryTracestate, tracestate)
}
// add our encoded and encrypted route-session JWT to a query param
callbackParams.Set(QuerySessionEncrypted, encodedSessionJWT)
callbackParams.Set(QueryRedirectURI, redirectURI.String())
callbackURI.RawQuery = callbackParams.Encode()
return callbackURI, nil
}
Reference in a new issue View git blame Copy permalink