Trong Huu Nguyen
7a72586ca8
refactor(autologin): return early if fetch metadata is set
2023-09-25 15:07:11 +02:00
Trong Huu Nguyen
0ce938c101
build, docs: simplify local run instructions
2023-09-25 14:16:25 +02:00
Trong Huu Nguyen
61a641c8d7
fix(url): only add redirect query parameter if non-empty
2023-09-25 14:14:28 +02:00
Trong Huu Nguyen
337723150b
fix(reverseproxy/autologin): skip cleaning redirect target
2023-09-25 14:13:15 +02:00
Trong Huu Nguyen
ff39783f78
chore(deps): bump dependencies
2023-09-22 22:29:11 +02:00
Trong Huu Nguyen
a1d7cc3587
ci: use dependabot groups
2023-09-22 22:22:05 +02:00
Trong Huu Nguyen
34d90d2c78
fix(autologin): do not return ambiguous 3xx redirect
...
If autologin is enabled, check for headers that indicate that the request is a navigation request
and respond appropriately.
A navigation request is assumed to match all of the following:
- uses the GET HTTP method
- either:
- a) sends the fetch metadata headers, specifically
`Sec-Fetch-Mode=navigate` and `Sec-Fetch-Dest=document`, or (if
unsupported by the browser)
- b) sends the `Accept` header with a value that contains
`text/html` (which most browsers do by default for navigation
requests, the exception being IE8 AFAIK)
Non-navigation requests (e.g. fetch / xhr / ajax requests) will receive a
401 Unauthorized, with the Location header set to the login endpoint.
The redirect parameter is also set to point back to the URL found in the
Referer header (though with the scheme and host removed to only allow
redirects relative to the origin host.)
With this fix, autologin will also intercept requests other than GET.
This is to improve the security posture of upstreams that assume that autologin
enforces authentication for all methods.
Fixes #156 .
2023-09-22 14:51:35 +02:00
dependabot[bot]
735a3b12b1
build(deps): bump golang.org/x/oauth2 from 0.11.0 to 0.12.0 ( #157 )
...
Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2 ) from 0.11.0 to 0.12.0.
- [Commits](https://github.com/golang/oauth2/compare/v0.11.0...v0.12.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/oauth2
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-09-18 19:39:55 +00:00
dependabot[bot]
abe8401fb8
build(deps): bump honnef.co/go/tools from 0.4.5 to 0.4.6 ( #159 )
...
Bumps [honnef.co/go/tools](https://github.com/dominikh/go-tools ) from 0.4.5 to 0.4.6.
- [Release notes](https://github.com/dominikh/go-tools/releases )
- [Commits](https://github.com/dominikh/go-tools/compare/v0.4.5...v0.4.6 )
---
updated-dependencies:
- dependency-name: honnef.co/go/tools
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-09-18 19:36:22 +00:00
dependabot[bot]
67b8d29d70
build(deps): bump golang.org/x/crypto from 0.12.0 to 0.13.0 ( #160 )
...
Bumps [golang.org/x/crypto](https://github.com/golang/crypto ) from 0.12.0 to 0.13.0.
- [Commits](https://github.com/golang/crypto/compare/v0.12.0...v0.13.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/crypto
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-09-18 19:33:21 +00:00
dependabot[bot]
e4eb932fba
build(deps): bump github.com/rs/cors from 1.9.0 to 1.10.0 ( #158 )
...
Bumps [github.com/rs/cors](https://github.com/rs/cors ) from 1.9.0 to 1.10.0.
- [Release notes](https://github.com/rs/cors/releases )
- [Commits](https://github.com/rs/cors/compare/v1.9.0...v1.10.0 )
---
updated-dependencies:
- dependency-name: github.com/rs/cors
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-09-18 19:29:55 +00:00
Trong Huu Nguyen
c4911b1344
feat(session): add feature toggle for automatic refreshing
2023-09-15 09:08:42 +02:00
dependabot[bot]
0b3cd4d9f6
build(deps): bump actions/checkout from 3 to 4
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3 to 4.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](https://github.com/actions/checkout/compare/v3...v4 )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
2023-09-07 06:43:34 +00:00
Trong Huu Nguyen
4a72a01496
feat(server): support wait before triggering graceful shutdown
2023-09-06 15:23:11 +02:00
Trong Huu Nguyen
c887cf711e
fix(handler/sso/server): wildcard redirects to default url
2023-09-06 12:15:30 +02:00
Trong Huu Nguyen
80d1415fbc
fix(logentry): reduce log level for response entries
2023-09-06 12:15:27 +02:00
dependabot[bot]
2d99cc1a60
build(deps): bump sigstore/cosign-installer from 3.1.1 to 3.1.2 ( #155 )
...
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer ) from 3.1.1 to 3.1.2.
- [Release notes](https://github.com/sigstore/cosign-installer/releases )
- [Commits](6e04d228eb...11086d2504support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-09-04 19:54:32 +00:00
Trong Huu Nguyen
7029bd1210
fix(router): correct cors setup for session routes
2023-08-22 07:46:24 +02:00
dependabot[bot]
7ffe291ebe
build(deps): bump github.com/redis/go-redis/v9 from 9.0.5 to 9.1.0 ( #152 )
...
Bumps [github.com/redis/go-redis/v9](https://github.com/redis/go-redis ) from 9.0.5 to 9.1.0.
- [Release notes](https://github.com/redis/go-redis/releases )
- [Changelog](https://github.com/redis/go-redis/blob/master/CHANGELOG.md )
- [Commits](https://github.com/redis/go-redis/compare/v9.0.5...v9.1.0 )
---
updated-dependencies:
- dependency-name: github.com/redis/go-redis/v9
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-08-21 20:15:34 +00:00
dependabot[bot]
df508c9526
build(deps): bump github.com/google/uuid from 1.3.0 to 1.3.1 ( #153 )
...
Bumps [github.com/google/uuid](https://github.com/google/uuid ) from 1.3.0 to 1.3.1.
- [Release notes](https://github.com/google/uuid/releases )
- [Changelog](https://github.com/google/uuid/blob/master/CHANGELOG.md )
- [Commits](https://github.com/google/uuid/compare/v1.3.0...v1.3.1 )
---
updated-dependencies:
- dependency-name: github.com/google/uuid
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-08-21 20:01:38 +00:00
dependabot[bot]
45df4830ff
build(deps): bump honnef.co/go/tools from 0.4.3 to 0.4.5 ( #151 )
...
Bumps [honnef.co/go/tools](https://github.com/dominikh/go-tools ) from 0.4.3 to 0.4.5.
- [Release notes](https://github.com/dominikh/go-tools/releases )
- [Commits](https://github.com/dominikh/go-tools/compare/v0.4.3...v0.4.5 )
---
updated-dependencies:
- dependency-name: honnef.co/go/tools
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-08-21 19:58:55 +00:00
dependabot[bot]
fc713acac1
build(deps): bump golang.org/x/vuln from 1.0.0 to 1.0.1 ( #150 )
...
Bumps [golang.org/x/vuln](https://github.com/golang/vuln ) from 1.0.0 to 1.0.1.
- [Commits](https://github.com/golang/vuln/compare/v1.0.0...v1.0.1 )
---
updated-dependencies:
- dependency-name: golang.org/x/vuln
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-08-21 19:55:54 +00:00
Trong Huu Nguyen
7987ad767e
feat(config): allow specifying upstream ip and port separately
2023-08-17 08:41:53 +02:00
Trong Huu Nguyen
185701d53b
refactor(openid): clean up tests
2023-08-16 12:18:58 +02:00
Trong Huu Nguyen
e7799204b2
feat(openid): harden id_token validation
2023-08-15 21:30:41 +02:00
dependabot[bot]
f8d6633abd
build(deps): bump actions/setup-go from 4.0.1 to 4.1.0 ( #149 )
...
Bumps [actions/setup-go](https://github.com/actions/setup-go ) from 4.0.1 to 4.1.0.
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](fac708d667...93397bea11support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-08-14 19:36:42 +00:00
dependabot[bot]
3f1f2e2233
build(deps): bump github.com/alicebob/miniredis/v2 from 2.30.4 to 2.30.5 ( #147 )
...
Bumps [github.com/alicebob/miniredis/v2](https://github.com/alicebob/miniredis ) from 2.30.4 to 2.30.5.
- [Release notes](https://github.com/alicebob/miniredis/releases )
- [Changelog](https://github.com/alicebob/miniredis/blob/master/CHANGELOG.md )
- [Commits](https://github.com/alicebob/miniredis/compare/v2.30.4...v2.30.5 )
---
updated-dependencies:
- dependency-name: github.com/alicebob/miniredis/v2
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-08-14 19:28:43 +00:00
dependabot[bot]
8ca4f22143
build(deps): bump github.com/lestrrat-go/jwx/v2 from 2.0.11 to 2.0.12 ( #148 )
...
Bumps [github.com/lestrrat-go/jwx/v2](https://github.com/lestrrat-go/jwx ) from 2.0.11 to 2.0.12.
- [Release notes](https://github.com/lestrrat-go/jwx/releases )
- [Changelog](https://github.com/lestrrat-go/jwx/blob/develop/v2/Changes )
- [Commits](https://github.com/lestrrat-go/jwx/compare/v2.0.11...v2.0.12 )
---
updated-dependencies:
- dependency-name: github.com/lestrrat-go/jwx/v2
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-08-14 19:24:48 +00:00
Trong Huu Nguyen
28256089f1
build: bump to go 1.21
2023-08-10 13:41:44 +02:00
dependabot[bot]
a9a8a5f3bd
build(deps): bump golang.org/x/oauth2 from 0.10.0 to 0.11.0 ( #146 )
...
Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2 ) from 0.10.0 to 0.11.0.
- [Commits](https://github.com/golang/oauth2/compare/v0.10.0...v0.11.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/oauth2
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-08-07 19:04:49 +00:00
dependabot[bot]
7f824323e2
build(deps): bump github.com/bsm/redislock from 0.9.3 to 0.9.4 ( #144 )
...
Bumps [github.com/bsm/redislock](https://github.com/bsm/redislock ) from 0.9.3 to 0.9.4.
- [Changelog](https://github.com/bsm/redislock/blob/main/CHANGELOG.md )
- [Commits](https://github.com/bsm/redislock/compare/v0.9.3...v0.9.4 )
---
updated-dependencies:
- dependency-name: github.com/bsm/redislock
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-07-31 19:31:46 +00:00
dependabot[bot]
42a4e8fc16
build(deps): bump go.uber.org/automaxprocs from 1.5.2 to 1.5.3 ( #143 )
...
Bumps [go.uber.org/automaxprocs](https://github.com/uber-go/automaxprocs ) from 1.5.2 to 1.5.3.
- [Release notes](https://github.com/uber-go/automaxprocs/releases )
- [Changelog](https://github.com/uber-go/automaxprocs/blob/master/CHANGELOG.md )
- [Commits](https://github.com/uber-go/automaxprocs/compare/v1.5.2...v1.5.3 )
---
updated-dependencies:
- dependency-name: go.uber.org/automaxprocs
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-07-24 19:06:12 +00:00
Trong Huu Nguyen
ba394dbaf3
docs: correct copy-pasta error [ci skip]
2023-07-21 10:32:17 +02:00
Trong Huu Nguyen
75567f3016
refactor(handler): split up logout and local logout handlers
2023-07-20 12:01:21 +02:00
Trong Huu Nguyen
1e485aa0f8
refactor(url): embed validator instead of using proxy struct
2023-07-20 11:54:05 +02:00
Trong Huu Nguyen
5729f46542
docs: move to separate directory, major cleanups
2023-07-20 10:52:48 +02:00
Trong Huu Nguyen
d0c5e91c45
refactor(url): remove unused field for relative validator
2023-07-20 10:52:47 +02:00
dependabot[bot]
352fa7187d
build(deps): bump golang.org/x/vuln from 0.2.0 to 1.0.0 ( #142 )
...
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-07-18 09:26:29 +02:00
dependabot[bot]
dc0edaeddd
build(deps): bump github.com/go-chi/chi/v5 from 5.0.8 to 5.0.10 ( #141 )
...
Bumps [github.com/go-chi/chi/v5](https://github.com/go-chi/chi ) from 5.0.8 to 5.0.10.
- [Release notes](https://github.com/go-chi/chi/releases )
- [Changelog](https://github.com/go-chi/chi/blob/master/CHANGELOG.md )
- [Commits](https://github.com/go-chi/chi/compare/v5.0.8...v5.0.10 )
---
updated-dependencies:
- dependency-name: github.com/go-chi/chi/v5
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-07-17 19:48:25 +00:00
Trong Huu Nguyen
cf3a445656
fix(url/redirect): fallback url must be absolute
2023-07-13 12:45:35 +02:00
Trong Huu Nguyen
c44fb9889b
fix(url/redirect): ensure fragments are preserved
2023-07-13 12:34:47 +02:00
Trong Huu Nguyen
1843594c31
ci: always use latest go version
2023-07-12 15:20:58 +02:00
Trong Huu Nguyen
e0dc035cef
build: move back to official golang image, ratchet update
2023-07-12 15:12:26 +02:00
Trong Huu Nguyen
ff1cd3995a
ci: bump nais/platform-build-push-sign
2023-07-11 09:24:22 +02:00
Trong Huu Nguyen
73ab6aab93
ci: bump actions/setup-go to v4
2023-07-11 09:24:20 +02:00
dependabot[bot]
a941c2eb04
build(deps): bump golang.org/x/oauth2 from 0.9.0 to 0.10.0 ( #139 )
...
Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2 ) from 0.9.0 to 0.10.0.
- [Commits](https://github.com/golang/oauth2/compare/v0.9.0...v0.10.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/oauth2
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-07-10 19:38:04 +00:00
dependabot[bot]
d431db61c9
build(deps): bump golang.org/x/crypto from 0.10.0 to 0.11.0 ( #140 )
...
Bumps [golang.org/x/crypto](https://github.com/golang/crypto ) from 0.10.0 to 0.11.0.
- [Commits](https://github.com/golang/crypto/compare/v0.10.0...v0.11.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/crypto
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-07-10 19:33:33 +00:00
Trong Huu Nguyen
566b9e1a2b
ci: enable multi-platform builds
2023-07-05 10:07:31 +02:00
Trong Huu Nguyen
39b8ea5d24
ci: use platform-build-push-sign
2023-07-05 09:57:31 +02:00
Trong Huu Nguyen
a6040b0dba
build(deps): bump golang.org/x/vuln from 0.1.0 to 0.2.0
2023-07-05 09:23:27 +02:00
