github/wonderwall
1
0
Fork 0
mirror of https://github.com/nais/wonderwall.git synced 2026-05-11 02:47:05 +00:00
Code Issues Packages Projects Releases Wiki Activity
1,053 Commits 2 Branches 0 Tags
0ad616a23189f6ead30a4cd7c410e395bb4d61ba
Commit Graph

110 Commits

Author SHA1 Message Date
Trong Huu Nguyen
f192d55971 fix(config): drop 'vcs.modified' when resolving version 
Co-authored-by: sindrerh2 <sindre.rodseth.hansen@nav.no>
 2025-01-30 15:17:36 +01:00
Trong Huu Nguyen
1268f7627c feat(config): use OTEL_SERVICE_NAME if set 
Co-authored-by: sindrerh2 <sindre.rodseth.hansen@nav.no>
 2025-01-30 14:03:41 +01:00
Trong Huu Nguyen
a157a13b9c refactor(o11y): separate logging and otel packages 
Co-authored-by: sindrerh2 <sindre.rodseth.hansen@nav.no>
 2025-01-30 14:03:34 +01:00
Trong Huu Nguyen
dc4c563b26 feat(otel): set more resource attributes 
Co-authored-by: sindrerh2 <sindre.rodseth.hansen@nav.no>
 2025-01-30 14:03:33 +01:00
Trong Huu Nguyen
1f730a3d68 refactor: move logging to observability package 
Co-authored-by: sindrerh2 <sindre.rodseth.hansen@nav.no>
 2025-01-30 14:03:27 +01:00
Sindre Rødseth Hansen
b882c31585 feat(config): automatically enable otel if OTEL_EXPORTER_OTLP_ENDPOINT env var is set 
Co-authored-by: tronghn <trong.huu.nguyen@nav.no>
 2025-01-30 14:03:23 +01:00
Trong Huu Nguyen
57f5bf951e fix(config): set correct defaults for resolving version 
Co-authored-by: sindrerh2 <sindre.rodseth.hansen@nav.no>
 2025-01-30 14:03:23 +01:00
Trong Huu Nguyen
b7524f516d refactor(otel): move to observability package 
Co-authored-by: sindrerh2 <sindre.rodseth.hansen@nav.no>
 2025-01-30 14:03:21 +01:00
Trong Huu Nguyen
b6bfb817a4 feat(handler/login): add rate limit to prevent redirect loops 
Co-authored-by: sindrerh2 <sindre.rodseth.hansen@nav.no>
 2025-01-22 09:46:45 +01:00
Sindre Rødseth Hansen
2feb6a3b77 feat: Add option for propagating id_token to upstream app 
Fixes #315

Co-authored-by: tronghn <trong.huu.nguyen@nav.no>
 2025-01-20 13:07:54 +01:00
Trong Huu Nguyen
3143940b08 feat: remove feature flags for session refresh 
These feature flags were enabled by default. We specifically disallowed
the use of automatic refresh with the SSO mode, though this poses some
complexity if using the forward-auth feature.

To simplify configuration and code, we remove the flags in their
entirety as session refresh behaviour is mostly already handled by the
implementation of GetSession() in the handlers. Specifically:

- the Standalone handler needs to refresh sessions when reverse-proxying
  to the upstream.
- the SSO server handler needs to refresh sessions only when using the
  forward-auth feature. It does not have an upstream to reverse proxy
  to.
- the SSO proxy handler is a read-only upstream proxy and does not
  possess the ability to refresh sessions itself, though it will
  delegate traffic for the session endpoints to the configured SSO server.

Automatic refreshing is thus only disabled when running in SSO mode
without the forward-auth feature.
 2025-01-16 10:14:15 +01:00
Trong Huu Nguyen
0258ce7cfd feat: add handler for forward-auth 2025-01-14 13:44:49 +01:00
Trong Huu Nguyen
724132e51c test: correct description for secure cookie test 2024-11-06 10:17:11 +01:00
Trong Huu Nguyen
d2e01b2ead refactor: consolidate cookie config, correct documentation 2024-11-05 21:24:25 +01:00
Trong Huu Nguyen
bfb4929dc7 feat: allow disabling secure cookies for localhost 
This is geerally only necessary when using Safari.
Most other browsers respect the Secure attribute when using localhost.
 2024-11-05 21:14:14 +01:00
Trong Huu Nguyen
e6297750d6 feat(openid): set expected default public JWK algorithm if the OP doesn't set them 
This allows us to verify signatures without relying on heuristics used
by jws.WithInferAlgorithmFromKey() that may introduce security and
performance implications.
 2024-11-05 21:08:46 +01:00
Trong Huu Nguyen
4c2d1f4813 docs(config): clarify description of openid.scopes flag 2024-11-05 11:44:45 +01:00
Trong Huu Nguyen
192b196d3f refactor(config): inline samesite options 2024-11-05 08:48:46 +01:00
Trong Huu Nguyen
df5c78b821 feat(openid/client): add support for the client_secret_post authentication method 2024-10-08 09:19:38 +02:00
Trong Huu Nguyen
3465d8aef3 refactor(config): clean up tests 2024-08-23 13:55:49 +02:00
Trong Huu Nguyen
f9761c3437 test(config): add some more cases, remove unneeded parameter 2024-07-02 21:58:14 +02:00
Trong Huu Nguyen
f94d81aed7 test(config): add missing tests 2024-06-27 09:54:29 +02:00
Trong Huu Nguyen
d7b0d93f11 refactor: split out config again 2024-06-26 15:32:38 +02:00
Trong Huu Nguyen
d69cf79664 refactor: reduce noisy config logs 
Fixes #262.
 2024-06-26 14:51:05 +02:00
Trong Huu Nguyen
16ccb3a6be feat(config): add explicit toggle for legacy cookies 2024-06-26 12:20:05 +02:00
Trong Huu Nguyen
fc1454fcbb feat(config) support samesite cookie attribute 2024-04-24 14:47:18 +02:00
Trong Huu Nguyen
e71e4a2fda feat(handler/reverseproxy): add toggle for access logs 2023-12-20 08:25:35 +01:00
Trong Huu Nguyen
3f7af9e232 chore(config): set new default value for idporten acr 2023-12-12 09:12:41 +01:00
Trong Huu Nguyen
6d32363d13 feat(config): drop dirty modifier from version string 2023-11-29 09:21:04 +01:00
Trong Huu Nguyen
b3a7dbf081 refactor(otel): move configuration 2023-11-24 16:52:05 +01:00
Trong Huu Nguyen
b910d3e65a feat(config): redis username and password flags overrides uri 2023-10-12 08:21:34 +02:00
Trong Huu Nguyen
f246fc7975 refactor(openid): move acr to own package 2023-10-11 14:25:12 +02:00
Trong Huu Nguyen
320176d48b refactor(config): consolidate, don't parse/bind/load flags twice 2023-10-11 14:24:19 +02:00
Trong Huu Nguyen
6dbc747aad feat(config): enable refresh tokens and automatic refreshing by default, increase default session lifetime 2023-10-11 14:16:53 +02:00
Trong Huu Nguyen
8bbd947d5b feat(config): add support for Redis URI 2023-10-10 14:48:50 +02:00
Trong Huu Nguyen
91cd58d18b docs: update sections on autologin and sessions 2023-10-03 14:21:09 +02:00
Trong Huu Nguyen
c4911b1344 feat(session): add feature toggle for automatic refreshing 2023-09-15 09:08:42 +02:00
Trong Huu Nguyen
4a72a01496 feat(server): support wait before triggering graceful shutdown 2023-09-06 15:23:11 +02:00
Trong Huu Nguyen
7987ad767e feat(config): allow specifying upstream ip and port separately 2023-08-17 08:41:53 +02:00
Trong Huu Nguyen
e7799204b2 feat(openid): harden id_token validation 2023-08-15 21:30:41 +02:00
Trong Huu Nguyen
46852be025 feat(openid): prepare acr mappings for migration to new idporten 2023-05-25 15:54:29 +02:00
Trong Huu Nguyen
350d7ff780 feat(cookie): allow configuration of name prefix 
This is to alleviate issues with deployments on different
subdomains using overlapping cookie names where browsers
behave unpredictably.
 2023-05-08 10:23:27 +02:00
Trong Huu Nguyen
2a0c376c4b feat(openid): validate acr in id_token if sent in auth request 2023-04-29 10:27:23 +02:00
Trong Huu Nguyen
9eeb6f5e96 feat(router): root path for sso server should redireect to login 2023-04-13 14:30:21 +02:00
Trong Huu Nguyen
ec4ac2b8e9 fix(redis): set ConnMaxIdleTime, not ConnMaxLifetime 2023-03-29 21:43:11 +02:00
Trong Huu Nguyen
e761810630 feat(redis): allow configuration of idle connection timeout 2023-03-29 09:55:17 +02:00
Trong Huu Nguyen
07cf8e12b3 feat(cookie): support overriding session cookie name 2023-03-01 11:27:26 +01:00
Trong Huu Nguyen
3e93423464 refactor(sso/server): redirect requests for wildcard routes to default URL 2023-02-22 10:19:26 +01:00
Trong Huu Nguyen
9074547163 docs: clarifications for refresh behaviour 2023-02-21 15:32:43 +01:00
Trong Huu Nguyen
925a1c70e7 fix(config): require redis when sso is enabled 2023-02-21 14:54:29 +01:00