mirror of
https://github.com/pomerium/pomerium.git
synced 2025-04-30 19:06:33 +02:00
b7896b3153
Consolidate all logic specific to the stateless authenticate flow into a a new Stateless type in a new package internal/authenticateflow. This is in preparation for adding a new Stateful type implementing the older stateful authenticate flow (from Pomerium v0.20 and previous). This change is intended as a pure refactoring of existing logic, with no changes in functionality.
36 lines
1 KiB
Go
36 lines
1 KiB
Go
package authenticateflow
|
|
|
|
import (
|
|
"net/http"
|
|
|
|
"github.com/pomerium/pomerium/config"
|
|
"github.com/pomerium/pomerium/internal/middleware"
|
|
"github.com/pomerium/pomerium/internal/urlutil"
|
|
)
|
|
|
|
type signatureVerifier struct {
|
|
options *config.Options
|
|
sharedKey []byte
|
|
}
|
|
|
|
// VerifyAuthenticateSignature checks that the provided request has a valid
|
|
// signature (for the authenticate service).
|
|
func (v signatureVerifier) VerifyAuthenticateSignature(r *http.Request) error {
|
|
return middleware.ValidateRequestURL(GetExternalAuthenticateRequest(r, v.options), v.sharedKey)
|
|
}
|
|
|
|
// GetExternalAuthenticateRequest canonicalizes an authenticate request URL
|
|
// based on the provided configuration options.
|
|
func GetExternalAuthenticateRequest(r *http.Request, options *config.Options) *http.Request {
|
|
externalURL, err := options.GetAuthenticateURL()
|
|
if err != nil {
|
|
return r
|
|
}
|
|
|
|
internalURL, err := options.GetInternalAuthenticateURL()
|
|
if err != nil {
|
|
return r
|
|
}
|
|
|
|
return urlutil.GetExternalRequest(internalURL, externalURL, r)
|
|
}
|