github/wonderwall
1
0
Fork 0
mirror of https://github.com/nais/wonderwall.git synced 2026-05-11 10:56:53 +00:00
Code Issues Packages Projects Releases Wiki Activity
1,038 Commits 2 Branches 0 Tags
63b40b2cea8a0404dbdec6ecf28b4c495b5ac3dd
Commit Graph

604 Commits

Author SHA1 Message Date
Trong Huu Nguyen
9d926fff03 fix(router): correct cors setup part deux 2025-02-03 11:56:40 +01:00
Trong Huu Nguyen
2e8c7075ff fix: set content-type header before status 2025-02-03 11:38:35 +01:00
Trong Huu Nguyen
c9de679951 feat(cors): reflect headers for allow-headers 
Co-authored-by: sindrerh2 <sindre.rodseth.hansen@nav.no>
 2025-02-03 10:52:32 +01:00
Trong Huu Nguyen
1f6a23f73d fix(router): configure cors for login and logout endpoints 
Co-authored-by: sindrerh2 <sindre.rodseth.hansen@nav.no>
 2025-02-03 10:18:24 +01:00
Trong Huu Nguyen
ed02b782fe refactor(http): inline navigation check in middleware 2025-02-03 08:41:59 +01:00
Trong Huu Nguyen
7c6f9d6f70 feat(session): record id attribute regardless of session validity 2025-01-31 18:52:19 +01:00
Trong Huu Nguyen
4b1bdef5cd feat: disallow non-navigational requests to login and logout endpoints 2025-01-31 16:42:24 +01:00
Trong Huu Nguyen
f192d55971 fix(config): drop 'vcs.modified' when resolving version 
Co-authored-by: sindrerh2 <sindre.rodseth.hansen@nav.no>
 2025-01-30 15:17:36 +01:00
Trong Huu Nguyen
1268f7627c feat(config): use OTEL_SERVICE_NAME if set 
Co-authored-by: sindrerh2 <sindre.rodseth.hansen@nav.no>
 2025-01-30 14:03:41 +01:00
Trong Huu Nguyen
79ac15d455 feat(otel): consistency passthrough for spans and attributes 
Co-authored-by: sindrerh2 <sindre.rodseth.hansen@nav.no>
 2025-01-30 14:03:39 +01:00
Sindre Rødseth Hansen
07b542a2f5 feat(openid/error): add spans and attributes 
Co-authored-by: tronghn <trong.huu.nguyen@nav.no>
 2025-01-30 14:03:39 +01:00
Sindre Rødseth Hansen
dd0373b72d feat(openid/client): add spans and attributes 
Co-authored-by: tronghn <trong.huu.nguyen@nav.no>
 2025-01-30 14:03:38 +01:00
Trong Huu Nguyen
44bb683531 feat(handler): add spans 
Co-authored-by: sindrerh2 <sindre.rodseth.hansen@nav.no>
 2025-01-30 14:03:38 +01:00
Trong Huu Nguyen
e6207fe3b4 feat(handler/reverseproxy): more spans 
Co-authored-by: sindrerh2 <sindre.rodseth.hansen@nav.no>
 2025-01-30 14:03:37 +01:00
Trong Huu Nguyen
475fe25100 feat(session): add even more tracing 
Co-authored-by: sindrerh2 <sindre.rodseth.hansen@nav.no>
 2025-01-30 14:03:36 +01:00
Trong Huu Nguyen
787b54beeb refactor(crypto): move to internal 
Co-authored-by: sindrerh2 <sindre.rodseth.hansen@nav.no>
 2025-01-30 14:03:36 +01:00
Trong Huu Nguyen
85230d5403 feat(session): add trace spans and attributes 
Co-authored-by: sindrerh2 <sindre.rodseth.hansen@nav.no>
 2025-01-30 14:03:35 +01:00
Trong Huu Nguyen
a157a13b9c refactor(o11y): separate logging and otel packages 
Co-authored-by: sindrerh2 <sindre.rodseth.hansen@nav.no>
 2025-01-30 14:03:34 +01:00
Trong Huu Nguyen
21b85c4b54 feat(handler/reverseproxy): add trace spans with attributes 
Co-authored-by: sindrerh2 <sindre.rodseth.hansen@nav.no>
 2025-01-30 14:03:34 +01:00
Trong Huu Nguyen
dc4c563b26 feat(otel): set more resource attributes 
Co-authored-by: sindrerh2 <sindre.rodseth.hansen@nav.no>
 2025-01-30 14:03:33 +01:00
Trong Huu Nguyen
05c5da6bf6 fix(middleware/tracing): check attribute types before setting them 
Co-authored-by: sindrerh2 <sindre.rodseth.hansen@nav.no>
 2025-01-30 14:03:33 +01:00
Trong Huu Nguyen
13b11790fe feat(handler): log additional fields for errors and reverseproxy 
Co-authored-by: sindrerh2 <sindre.rodseth.hansen@nav.no>
 2025-01-30 14:03:31 +01:00
Sindre Rødseth Hansen
ca77435d6a feat(http): propagate traceparent for httpclient 
Co-authored-by: tronghn <trong.huu.nguyen@nav.no>
 2025-01-30 14:03:30 +01:00
Trong Huu Nguyen
bf83a58795 wip: tracing for http transport 2025-01-30 14:03:30 +01:00
Trong Huu Nguyen
e1ed2033cf refactor(middleware): extract tracing to separate handler 
Co-authored-by: sindrerh2 <sindre.rodseth.hansen@nav.no>
 2025-01-30 14:03:29 +01:00
Trong Huu Nguyen
10360958c0 feat(middleware): clean up logging middleware, add span attributes 
Co-authored-by: sindrerh2 <sindre.rodseth.hansen@nav.no>
 2025-01-30 14:03:29 +01:00
Trong Huu Nguyen
98cc534806 feat(middleware): use trace_id as correlation id, if available 
Co-authored-by: sindrerh2 <sindre.rodseth.hansen@nav.no>
 2025-01-30 14:03:28 +01:00
Trong Huu Nguyen
1f730a3d68 refactor: move logging to observability package 
Co-authored-by: sindrerh2 <sindre.rodseth.hansen@nav.no>
 2025-01-30 14:03:27 +01:00
Trong Huu Nguyen
81058458e0 feat: add logrus hook for opentelemetry 
Co-authored-by: sindrerh2 <sindre.rodseth.hansen@nav.no>
 2025-01-30 14:03:27 +01:00
Sindre Rødseth Hansen
b882c31585 feat(config): automatically enable otel if OTEL_EXPORTER_OTLP_ENDPOINT env var is set 
Co-authored-by: tronghn <trong.huu.nguyen@nav.no>
 2025-01-30 14:03:23 +01:00
Trong Huu Nguyen
57f5bf951e fix(config): set correct defaults for resolving version 
Co-authored-by: sindrerh2 <sindre.rodseth.hansen@nav.no>
 2025-01-30 14:03:23 +01:00
Trong Huu Nguyen
b7524f516d refactor(otel): move to observability package 
Co-authored-by: sindrerh2 <sindre.rodseth.hansen@nav.no>
 2025-01-30 14:03:21 +01:00
Trong Huu Nguyen
9c8055bcd6 feat(openid/client): fall back to default value for invalid parameter values 
Instead of erroring when receiving non-empty, invalid parameters, we fall back to
the configured (if any) default value for the identity provider, which
is already validated with its metadata document on start-up.

This prevents end-users from being exposed to unnecessary errors.
 2025-01-27 08:44:07 +01:00
Sindre Rødseth Hansen
c07077a148 refactor: extract method for making authCodeURL 
Co-authored-by: tronghn <trong.huu.nguyen@nav.no>
 2025-01-24 10:02:15 +01:00
Trong Huu Nguyen
39207677b5 feat(middleware/logentry): add fields for sec-fetch headers 2025-01-24 09:13:59 +01:00
Trong Huu Nguyen
c147a5a19e refactor(openid): extract request params for remaining grants, minor cleanups 2025-01-24 08:07:54 +01:00
Trong Huu Nguyen
062e7b09ce fix(openid/client): prompt parameter is optional 2025-01-24 08:07:54 +01:00
Trong Huu Nguyen
0b32d8839c test(openid/client): add negative assertions for unwanted parameters 2025-01-24 08:07:52 +01:00
Trong Huu Nguyen
110dd64750 refactor(openid/client): extract authorization code parameters 
Co-authored-by: sindrerh2 <sindre.rodseth.hansen@nav.no>
 2025-01-23 12:03:42 +01:00
Trong Huu Nguyen
642457b950 refactor(openid/client): extract oauth request method 
Co-authored-by: sindrerh2 <sindre.rodseth.hansen@nav.no>
 2025-01-23 10:17:13 +01:00
Trong Huu Nguyen
ab418c456c fix(handler/reverseproxy): add nil check for session 
Co-authored-by: sindrerh2 <sindre.rodseth.hansen@nav.no>
 2025-01-23 10:16:13 +01:00
Trong Huu Nguyen
837323d728 refactor(mock): use oauth error response for all idp errors 2025-01-23 09:02:19 +01:00
Sindre Rødseth Hansen
ade44f0950 refactor: remove indirection layer for login client 
Co-authored-by: tronghn <trong.huu.nguyen@nav.no>
 2025-01-23 08:48:32 +01:00
Sindre Rødseth Hansen
c442000be4 feat: implement PAR for relying party 
Fixes #235

Co-authored-by: tronghn <trong.huu.nguyen@nav.no>
 2025-01-23 08:48:32 +01:00
Trong Huu Nguyen
6be5a1ebe5 wip: implement PAR for relying party 
Co-authored-by: sindrerh2 <sindre.rodseth.hansen@nav.no>
 2025-01-23 08:48:32 +01:00
Trong Huu Nguyen
909060d8fd feat(mock): implement PAR for identity provider 
Co-authored-by: sindrerh2 <sindre.rodseth.hansen@nav.no>
 2025-01-23 08:48:28 +01:00
Trong Huu Nguyen
f2def8d00d fix(session/data): next refresh time should account for inactivity timeouts 
The default auto-refresh behaviour occurs 5 minutes before tokens
expire, at the earliest. Without inactivity however, tokens are still
refreshed at any point after this, as long as the session has not ended.

This however, means that refreshes don't occur often enough when inactivity
timeouts are enabled. In practice, the session is only refreshed if a
request is received within the 5 minute leeway window between a token's expiry
and the inactivity timeout.

This commit will apply auto-refreshes at the half-life of the inactivity
timeout instead, so that users' sessions and timeouts are properly
extended on activity.
 2025-01-22 15:58:53 +01:00
Trong Huu Nguyen
c1dd4f1177 refactor(handler/login): improve logging when rate limiting 
Co-authored-by: sindrerh2 <sindre.rodseth.hansen@nav.no>
 2025-01-22 12:03:01 +01:00
Trong Huu Nguyen
b6bfb817a4 feat(handler/login): add rate limit to prevent redirect loops 
Co-authored-by: sindrerh2 <sindre.rodseth.hansen@nav.no>
 2025-01-22 09:46:45 +01:00
Trong Huu Nguyen
64e9167e05 refactor(openid/client): remove indirection layer for login callback 
Co-authored-by: sindrerh2 <sindre.rodseth.hansen@nav.no>
 2025-01-21 09:39:23 +01:00