github/wonderwall
1
0
Fork 0
mirror of https://github.com/nais/wonderwall.git synced 2026-05-11 10:56:53 +00:00
Code Issues Packages Projects Releases Wiki Activity
1,053 Commits 2 Branches 0 Tags
0ad616a23189f6ead30a4cd7c410e395bb4d61ba
Commit Graph

223 Commits

Author SHA1 Message Date
Trong Huu Nguyen
7698a6f9b8 fix(router): only apply cors for forward-auth 2025-02-05 11:31:24 +01:00
Trong Huu Nguyen
1efcf32cc0 fix(router): only disallow non-navigation requests for forward-auth 
Unfortunately, public pages may have older user-agents that does not support Sec-Fetch- headers.
This is mostly Safari <16.3. We only apply this limitation for forward-auth for now.
 2025-02-05 11:10:24 +01:00
Trong Huu Nguyen
9d926fff03 fix(router): correct cors setup part deux 2025-02-03 11:56:40 +01:00
Trong Huu Nguyen
1f6a23f73d fix(router): configure cors for login and logout endpoints 
Co-authored-by: sindrerh2 <sindre.rodseth.hansen@nav.no>
 2025-02-03 10:18:24 +01:00
Trong Huu Nguyen
ed02b782fe refactor(http): inline navigation check in middleware 2025-02-03 08:41:59 +01:00
Trong Huu Nguyen
4b1bdef5cd feat: disallow non-navigational requests to login and logout endpoints 2025-01-31 16:42:24 +01:00
Trong Huu Nguyen
a157a13b9c refactor(o11y): separate logging and otel packages 
Co-authored-by: sindrerh2 <sindre.rodseth.hansen@nav.no>
 2025-01-30 14:03:34 +01:00
Trong Huu Nguyen
e1ed2033cf refactor(middleware): extract tracing to separate handler 
Co-authored-by: sindrerh2 <sindre.rodseth.hansen@nav.no>
 2025-01-30 14:03:29 +01:00
Trong Huu Nguyen
10360958c0 feat(middleware): clean up logging middleware, add span attributes 
Co-authored-by: sindrerh2 <sindre.rodseth.hansen@nav.no>
 2025-01-30 14:03:29 +01:00
Trong Huu Nguyen
81058458e0 feat: add logrus hook for opentelemetry 
Co-authored-by: sindrerh2 <sindre.rodseth.hansen@nav.no>
 2025-01-30 14:03:27 +01:00
Trong Huu Nguyen
0258ce7cfd feat: add handler for forward-auth 2025-01-14 13:44:49 +01:00
Trong Huu Nguyen
423bb4f22f fix(router): skip middleware if otel is not enabled 2023-11-28 10:12:15 +01:00
J-K. Solbakken
3e00f8105a add request method to span name 2023-11-23 09:37:43 +01:00
J-K. Solbakken
38b9891caf use otelchi middleware for http tracing 2023-11-23 08:53:36 +01:00
Trong Huu Nguyen
191f3c3ca8 fix(router): enable cors on session endpoints for sso proxies 2023-11-15 08:42:42 +01:00
Trong Huu Nguyen
7029bd1210 fix(router): correct cors setup for session routes 2023-08-22 07:46:24 +02:00
Trong Huu Nguyen
568f9f7683 feat(handler): use 302 instead of 303 for redirects 2023-04-29 08:42:29 +02:00
Trong Huu Nguyen
b4baa96ee4 feat(router): don't handle preflight requests for login/logout routes 2023-04-29 08:30:45 +02:00
Trong Huu Nguyen
28abcb3cf8 feat(router): handle HEAD requests for some routes 2023-04-28 08:01:52 +02:00
Trong Huu Nguyen
6127417767 fix(router): handle preflight requests for sso server 2023-04-28 06:53:47 +02:00
Trong Huu Nguyen
bc651d9082 fix: use 303 instead of 307 for redirects 2023-04-28 01:30:17 +02:00
Trong Huu Nguyen
fba165552d feat(router): disable local logout endpoint for idporten 2023-04-21 15:34:33 +02:00
Trong Huu Nguyen
9eeb6f5e96 feat(router): root path for sso server should redireect to login 2023-04-13 14:30:21 +02:00
Trong Huu Nguyen
5ad603395c fix(handler/sso/proxy): override request path for reverseproxy to sso-server 2023-04-13 14:19:48 +02:00
Trong Huu Nguyen
a2d8d6f7c3 fix(router): register OPTIONS routes for CORS middleware 2023-04-13 09:03:04 +02:00
Trong Huu Nguyen
a375ac774d feat(router): add ping route for health probes 2023-03-01 09:27:06 +01:00
Trong Huu Nguyen
f346e9e91d refactor(router): use a more apt name for wildcard handler 2023-02-24 18:33:41 +01:00
Trong Huu Nguyen
d5b603c98f feat(router): add cors middleware for sso server 2023-02-23 14:30:55 +01:00
Trong Huu Nguyen
a4e4fc752e refactor(handler): remove provider name getter from handler 2023-02-10 14:57:57 +01:00
Trong Huu Nguyen
e7244df4d5 feat: add local logout endpoint 2022-11-24 11:36:49 +01:00
Trong Huu Nguyen
bdec8c662c refactor(router): correct HTTP verb for session refresh endpoint 
Since this changes the state for a user's session, a POST is more
appropriate than just a GET - even though the POST body is empty.

We keep the GET route temporarily to allow any consumers to migrate.
 2022-10-11 09:22:03 +02:00
Trong Huu Nguyen
9144056e28 refactor(handler): split up request handlers into separate modules 2022-09-02 14:53:11 +02:00
Trong Huu Nguyen
5d00d132dd refactor: decouple handler implementation from router and middleware 2022-09-01 19:39:47 +02:00
Trong Huu Nguyen
619ae52d45 refactor: separate refresh-specific fields from session info; enable endpoint without refresh feature 2022-09-01 19:35:48 +02:00
Trong Huu Nguyen
d5bbca9897 feat: rudimentary support for refresh tokens 2022-08-26 14:32:39 +02:00
Trong Huu Nguyen
dc0741f79f refactor(middleware): extract handlers for consistency 2022-08-26 08:34:07 +02:00
Trong Huu Nguyen
5a50ba7c3a feat: support multiple ingresses 
Replace hardcoded callback URLs with dynamic generation
of URLs based on incoming requests. These are validated against
a pre-registered list of ingresses for which Wonderwall is considered
authorative for.

We also preserve the cookie behaviour; the most specific ingress path
and domain is used for the cookies.

The `url` package has been moved to the `handler` package, and its
implementation refactored slightly for readability and DRY.
 2022-08-17 20:43:56 +02:00
Trong Huu Nguyen
5f6c0c01a8 feat: add ingress middleware 2022-08-17 11:39:41 +02:00
Trong Huu Nguyen
31ab8ad3b7 refactor(handler/default): redirect auto-login requests instead of inlining login handler 2022-07-21 08:21:28 +02:00
Trong Huu Nguyen
eac2d5789d refactor: passthrough for consistency in openid configuration 2022-07-20 09:58:49 +02:00
Trong Huu Nguyen
bece03c94e refactor(middleware/logentry): replace zerologger with logrus 2022-07-18 15:47:35 +02:00
Trong Huu Nguyen
e3b9d33296 refactor: split out packages from router 2022-07-15 07:44:54 +02:00
Trong Huu Nguyen
fd630e6dbd test(router): extract some reusable test methods 2022-07-14 13:52:47 +02:00
Trong Huu Nguyen
aab249d78a refactor(jwt): skip parsing access tokens 
Access Tokens are not necessarily JWTs. We also don't
have to validate them as we only pass it on as an opaque
string.

This also means that we don't log the JTI access tokens
anymore.

We also simplify handling of oidc callbacks.
 2022-07-14 12:14:25 +02:00
Trong Huu Nguyen
0398d17074 test(router): add some missing assertions 2022-07-14 10:06:08 +02:00
Trong Huu Nguyen
66cf08e602 refactor(openid/logout): simplify logout logic 
As we already clear any local sessions before redirecting to the
Identity Provider, and the callback always redirects to a pre-configured URL,
there isn't really any need to maintain and verify state in the logout
callback.

In other words, the logout callback handler is simply a redirect handler.
 2022-07-12 15:09:49 +02:00
Trong Huu Nguyen
b937c64dd6 refactor(openid/client): ensure callback cookies are not nil 2022-07-11 14:30:04 +02:00
Trong Huu Nguyen
48160e7986 fix(handler/callback): pass correct error to error handler 2022-07-11 13:39:48 +02:00
Trong Huu Nguyen
b770f22174 refactor(handler/logoutcallback): extract to openid client 2022-07-11 13:37:40 +02:00
Trong Huu Nguyen
ad3201fbfb refactor(handler/logout): extract to openid client 2022-07-11 13:09:10 +02:00