github/wonderwall
1
0
Fork 0
mirror of https://github.com/nais/wonderwall.git synced 2026-05-11 10:56:53 +00:00
Code Issues Packages Projects Releases Wiki Activity
1,008 Commits 2 Branches 0 Tags
bd2ec2dcf2c32c01c6bdf0c6f06eb912d9633f30
Commit Graph

1008 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Trong Huu Nguyen
bd2ec2dcf2 refactor(otel): move logrus hook to otel 
Co-authored-by: sindrerh2 <sindre.rodseth.hansen@nav.no>
 2025-01-30 14:03:31 +01:00
Sindre Rødseth Hansen
ca77435d6a feat(http): propagate traceparent for httpclient 
Co-authored-by: tronghn <trong.huu.nguyen@nav.no>
 2025-01-30 14:03:30 +01:00
Trong Huu Nguyen
bf83a58795 wip: tracing for http transport 2025-01-30 14:03:30 +01:00
Trong Huu Nguyen
e1ed2033cf refactor(middleware): extract tracing to separate handler 
Co-authored-by: sindrerh2 <sindre.rodseth.hansen@nav.no>
 2025-01-30 14:03:29 +01:00
Trong Huu Nguyen
10360958c0 feat(middleware): clean up logging middleware, add span attributes 
Co-authored-by: sindrerh2 <sindre.rodseth.hansen@nav.no>
 2025-01-30 14:03:29 +01:00
Trong Huu Nguyen
98cc534806 feat(middleware): use trace_id as correlation id, if available 
Co-authored-by: sindrerh2 <sindre.rodseth.hansen@nav.no>
 2025-01-30 14:03:28 +01:00
Trong Huu Nguyen
1f730a3d68 refactor: move logging to observability package 
Co-authored-by: sindrerh2 <sindre.rodseth.hansen@nav.no>
 2025-01-30 14:03:27 +01:00
Trong Huu Nguyen
81058458e0 feat: add logrus hook for opentelemetry 
Co-authored-by: sindrerh2 <sindre.rodseth.hansen@nav.no>
 2025-01-30 14:03:27 +01:00
Trong Huu Nguyen
3fd8e3f3f3 refactor(otel): clean up error handling 2025-01-30 14:03:24 +01:00
Sindre Rødseth Hansen
b882c31585 feat(config): automatically enable otel if OTEL_EXPORTER_OTLP_ENDPOINT env var is set 
Co-authored-by: tronghn <trong.huu.nguyen@nav.no>
 2025-01-30 14:03:23 +01:00
Trong Huu Nguyen
57f5bf951e fix(config): set correct defaults for resolving version 
Co-authored-by: sindrerh2 <sindre.rodseth.hansen@nav.no>
 2025-01-30 14:03:23 +01:00
Trong Huu Nguyen
9444525864 build: add lgtm stack for local development 
Co-authored-by: sindrerh2 <sindre.rodseth.hansen@nav.no>
 2025-01-30 14:03:23 +01:00
Trong Huu Nguyen
b7524f516d refactor(otel): move to observability package 
Co-authored-by: sindrerh2 <sindre.rodseth.hansen@nav.no>
 2025-01-30 14:03:21 +01:00
Hans Kristian Flaatten
b86aa24527 ci: specify dependabot day and time (#327) [ci skip] 2025-01-28 08:57:34 +01:00
dependabot[bot]
913edee533 build(deps): bump actions/setup-go in the gh-actions group (#326) 
Bumps the gh-actions group with 1 update: [actions/setup-go](https://github.com/actions/setup-go).


Updates `actions/setup-go` from 5.2.0 to 5.3.0
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](https://github.com/actions/setup-go/compare/v5.2.0...v5.3.0)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gh-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-01-27 19:59:25 +00:00
dependabot[bot]
1e98d8b2df build(deps): bump github.com/bmatcuk/doublestar/v4 from 4.8.0 to 4.8.1 (#325) 
Bumps [github.com/bmatcuk/doublestar/v4](https://github.com/bmatcuk/doublestar) from 4.8.0 to 4.8.1.
- [Release notes](https://github.com/bmatcuk/doublestar/releases)
- [Commits](https://github.com/bmatcuk/doublestar/compare/v4.8.0...v4.8.1)

---
updated-dependencies:
- dependency-name: github.com/bmatcuk/doublestar/v4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-01-27 19:10:19 +00:00
Trong Huu Nguyen
9c8055bcd6 feat(openid/client): fall back to default value for invalid parameter values 
Instead of erroring when receiving non-empty, invalid parameters, we fall back to
the configured (if any) default value for the identity provider, which
is already validated with its metadata document on start-up.

This prevents end-users from being exposed to unnecessary errors.
 2025-01-27 08:44:07 +01:00
Trong Huu Nguyen
26b844d727 chore(templates): upgrade to tailwind v4 2025-01-27 08:44:00 +01:00
Trong Huu Nguyen
8fa93adadc docs: clean up readme 2025-01-27 08:43:51 +01:00
Trong Huu Nguyen
c1d59e3bdc chart: enable generic openid provider by default 
Co-authored-by: sindrerh2 <sindre.rodseth.hansen@nav.no>
 2025-01-24 12:43:39 +01:00
Sindre Rødseth Hansen
c07077a148 refactor: extract method for making authCodeURL 
Co-authored-by: tronghn <trong.huu.nguyen@nav.no>
 2025-01-24 10:02:15 +01:00
Trong Huu Nguyen
39207677b5 feat(middleware/logentry): add fields for sec-fetch headers 2025-01-24 09:13:59 +01:00
Trong Huu Nguyen
c147a5a19e refactor(openid): extract request params for remaining grants, minor cleanups 2025-01-24 08:07:54 +01:00
Trong Huu Nguyen
062e7b09ce fix(openid/client): prompt parameter is optional 2025-01-24 08:07:54 +01:00
Trong Huu Nguyen
0b32d8839c test(openid/client): add negative assertions for unwanted parameters 2025-01-24 08:07:52 +01:00
Sindre Rødseth Hansen
fc715e703b Update configuration.md 
fix: update outdated well-known url
 2025-01-23 15:51:38 +01:00
Trong Huu Nguyen
110dd64750 refactor(openid/client): extract authorization code parameters 
Co-authored-by: sindrerh2 <sindre.rodseth.hansen@nav.no>
 2025-01-23 12:03:42 +01:00
Trong Huu Nguyen
642457b950 refactor(openid/client): extract oauth request method 
Co-authored-by: sindrerh2 <sindre.rodseth.hansen@nav.no>
 2025-01-23 10:17:13 +01:00
Trong Huu Nguyen
ab418c456c fix(handler/reverseproxy): add nil check for session 
Co-authored-by: sindrerh2 <sindre.rodseth.hansen@nav.no>
 2025-01-23 10:16:13 +01:00
Trong Huu Nguyen
837323d728 refactor(mock): use oauth error response for all idp errors 2025-01-23 09:02:19 +01:00
Sindre Rødseth Hansen
ade44f0950 refactor: remove indirection layer for login client 
Co-authored-by: tronghn <trong.huu.nguyen@nav.no>
 2025-01-23 08:48:32 +01:00
Sindre Rødseth Hansen
c442000be4 feat: implement PAR for relying party 
Fixes #235

Co-authored-by: tronghn <trong.huu.nguyen@nav.no>
 2025-01-23 08:48:32 +01:00
Trong Huu Nguyen
6be5a1ebe5 wip: implement PAR for relying party 
Co-authored-by: sindrerh2 <sindre.rodseth.hansen@nav.no>
 2025-01-23 08:48:32 +01:00
Trong Huu Nguyen
909060d8fd feat(mock): implement PAR for identity provider 
Co-authored-by: sindrerh2 <sindre.rodseth.hansen@nav.no>
 2025-01-23 08:48:28 +01:00
Trong Huu Nguyen
f2def8d00d fix(session/data): next refresh time should account for inactivity timeouts 
The default auto-refresh behaviour occurs 5 minutes before tokens
expire, at the earliest. Without inactivity however, tokens are still
refreshed at any point after this, as long as the session has not ended.

This however, means that refreshes don't occur often enough when inactivity
timeouts are enabled. In practice, the session is only refreshed if a
request is received within the 5 minute leeway window between a token's expiry
and the inactivity timeout.

This commit will apply auto-refreshes at the half-life of the inactivity
timeout instead, so that users' sessions and timeouts are properly
extended on activity.
 2025-01-22 15:58:53 +01:00
Trong Huu Nguyen
c1dd4f1177 refactor(handler/login): improve logging when rate limiting 
Co-authored-by: sindrerh2 <sindre.rodseth.hansen@nav.no>
 2025-01-22 12:03:01 +01:00
Trong Huu Nguyen
aa798d4eed docs: add notes on image availability on registries [ci skip] 
Co-authored-by: sindrerh2 <sindre.rodseth.hansen@nav.no>
 2025-01-22 10:04:32 +01:00
Trong Huu Nguyen
b6bfb817a4 feat(handler/login): add rate limit to prevent redirect loops 
Co-authored-by: sindrerh2 <sindre.rodseth.hansen@nav.no>
 2025-01-22 09:46:45 +01:00
Trong Huu Nguyen
64e9167e05 refactor(openid/client): remove indirection layer for login callback 
Co-authored-by: sindrerh2 <sindre.rodseth.hansen@nav.no>
 2025-01-21 09:39:23 +01:00
Trong Huu Nguyen
75f98debc5 feat(openid/client): validate iss parameter if provider declares authorization_response_iss_parameter_supported 
Fixes #306.

Co-authored-by: sindrerh2 <sindre.rodseth.hansen@nav.no>
 2025-01-21 09:39:21 +01:00
dependabot[bot]
f38f18f09c build(deps): bump github.com/bmatcuk/doublestar/v4 from 4.7.1 to 4.8.0 (#323) 
Bumps [github.com/bmatcuk/doublestar/v4](https://github.com/bmatcuk/doublestar) from 4.7.1 to 4.8.0.
- [Release notes](https://github.com/bmatcuk/doublestar/releases)
- [Commits](https://github.com/bmatcuk/doublestar/compare/v4.7.1...v4.8.0)

---
updated-dependencies:
- dependency-name: github.com/bmatcuk/doublestar/v4
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-01-20 19:23:26 +00:00
dependabot[bot]
6bad1cfeb8 build(deps): bump github.com/riandyrn/otelchi from 0.11.0 to 0.12.0 (#322) 
Bumps [github.com/riandyrn/otelchi](https://github.com/riandyrn/otelchi) from 0.11.0 to 0.12.0.
- [Release notes](https://github.com/riandyrn/otelchi/releases)
- [Changelog](https://github.com/riandyrn/otelchi/blob/master/CHANGELOG.md)
- [Commits](https://github.com/riandyrn/otelchi/compare/v0.11.0...v0.12.0)

---
updated-dependencies:
- dependency-name: github.com/riandyrn/otelchi
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-01-20 19:20:17 +00:00
dependabot[bot]
b12ce1dbe6 build(deps): bump the otel group with 3 updates (#321) 
Bumps the otel group with 3 updates: [go.opentelemetry.io/otel](https://github.com/open-telemetry/opentelemetry-go), [go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc](https://github.com/open-telemetry/opentelemetry-go) and [go.opentelemetry.io/otel/sdk](https://github.com/open-telemetry/opentelemetry-go).


Updates `go.opentelemetry.io/otel` from 1.33.0 to 1.34.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.33.0...v1.34.0)

Updates `go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc` from 1.33.0 to 1.34.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.33.0...v1.34.0)

Updates `go.opentelemetry.io/otel/sdk` from 1.33.0 to 1.34.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.33.0...v1.34.0)

---
updated-dependencies:
- dependency-name: go.opentelemetry.io/otel
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: otel
- dependency-name: go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: otel
- dependency-name: go.opentelemetry.io/otel/sdk
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: otel
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-01-20 19:17:21 +00:00
Sindre Rødseth Hansen
2feb6a3b77 feat: Add option for propagating id_token to upstream app 
Fixes #315

Co-authored-by: tronghn <trong.huu.nguyen@nav.no>
 2025-01-20 13:07:54 +01:00
Sindre Rødseth Hansen
bc307916be build: bump go to 1.23.5 
Co-authored-by: tronghn <trong.huu.nguyen@nav.no>
 2025-01-20 10:47:06 +01:00
Trong Huu Nguyen
3a4f656f33 style: make fmt [ci skip] 2025-01-17 14:22:48 +01:00
Trong Huu Nguyen
3e42d001f0 feat(handler/forwardauth): reduce log severity for not-existent sessions 2025-01-17 14:19:00 +01:00
Trong Huu Nguyen
a29cc3046d chart: enable forward-auth endpoint with inactivity timeout 2025-01-17 10:26:54 +01:00
Trong Huu Nguyen
e3fb0cc888 chart: remove obsolete session refresh flags 2025-01-17 10:26:20 +01:00
Trong Huu Nguyen
3143940b08 feat: remove feature flags for session refresh 
These feature flags were enabled by default. We specifically disallowed
the use of automatic refresh with the SSO mode, though this poses some
complexity if using the forward-auth feature.

To simplify configuration and code, we remove the flags in their
entirety as session refresh behaviour is mostly already handled by the
implementation of GetSession() in the handlers. Specifically:

- the Standalone handler needs to refresh sessions when reverse-proxying
  to the upstream.
- the SSO server handler needs to refresh sessions only when using the
  forward-auth feature. It does not have an upstream to reverse proxy
  to.
- the SSO proxy handler is a read-only upstream proxy and does not
  possess the ability to refresh sessions itself, though it will
  delegate traffic for the session endpoints to the configured SSO server.

Automatic refreshing is thus only disabled when running in SSO mode
without the forward-auth feature.
 2025-01-16 10:14:15 +01:00