github/wonderwall
1
0
Fork 0
mirror of https://github.com/nais/wonderwall.git synced 2026-05-07 17:06:57 +00:00
Code Issues Packages Projects Releases Wiki Activity
423 Commits 2 Branches 0 Tags
bd748b9cef040c19399fdedb8a8739d5e626c310
Commit Graph

57 Commits

Author SHA1 Message Date
Trong Huu Nguyen
bd748b9cef refactor(openid/provider): use name from config instead of indirection layer 2023-02-10 14:57:56 +01:00
Trong Huu Nguyen
e76bb5c369 perf: use automaxprocs to prevent cpu throttling under cgroup quotas 2022-11-24 11:36:54 +01:00
Trong Huu Nguyen
08eefbf1d5 refactor(openid): clean up client and provider 2022-09-02 18:08:36 +02:00
Trong Huu Nguyen
92ee6313c5 refactor: remove unnecessary interfaces 2022-09-02 17:39:27 +02:00
Trong Huu Nguyen
9144056e28 refactor(handler): split up request handlers into separate modules 2022-09-02 14:53:11 +02:00
Trong Huu Nguyen
d5bbca9897 feat: rudimentary support for refresh tokens 2022-08-26 14:32:39 +02:00
Trong Huu Nguyen
5990e4bb71 refactor(session): extract session handler 2022-08-19 11:44:13 +02:00
Trong Huu Nguyen
ae8028cc96 refactor: remove cookie session fallback store 
The implementation is error-prone and difficult to maintain.
We instead just assume that the backing session store is highly
available.
 2022-08-17 20:44:07 +02:00
Trong Huu Nguyen
b4e6e97448 refactor(metrics): use const label for hpa, ensure provider label is set 2022-07-20 14:50:13 +02:00
Trong Huu Nguyen
13f1713fc2 refactor(config): move loading and setup into init 2022-07-20 11:21:54 +02:00
Trong Huu Nguyen
eac2d5789d refactor: passthrough for consistency in openid configuration 2022-07-20 09:58:49 +02:00
Trong Huu Nguyen
bece03c94e refactor(middleware/logentry): replace zerologger with logrus 2022-07-18 15:47:35 +02:00
Trong Huu Nguyen
f504bb0030 refactor: add logger field to config logger 2022-07-18 09:35:05 +02:00
Trong Huu Nguyen
ef649e7aaa feat: add allowlisting of paths for autologin 2022-07-17 20:11:55 +02:00
Trong Huu Nguyen
e3b9d33296 refactor: split out packages from router 2022-07-15 07:44:54 +02:00
Trong Huu Nguyen
42938ee8b3 refactor(handler): deduplicate configuration 2022-07-05 14:43:40 +02:00
Trong Huu Nguyen
a4c3e72fc9 fix(router/handler): use long-lived context for refreshing jwks 2022-07-05 13:18:38 +02:00
Trong Huu Nguyen
1f5635239a refactor: split out openid client, config and provider 
There's a bunch of changes here, but in essence:

- split out openid configuration
- separate openid configuration between client/rp and provider
- consolidate client and provider related code in separate packages

These changes allow for simplification of the Handler, as well as a
bunch of test/mock code as the configuration is now instantiated
seperately from the client/provider code.
 2022-07-05 13:09:00 +02:00
Trong Huu Nguyen
d1559f5479 style(main): rename variable for clarity 2022-07-04 15:18:40 +02:00
Trong Huu Nguyen
f0318b269e fix: ensure jwk set is refreshed regularly 2022-03-01 07:49:51 +01:00
Trong Huu Nguyen
c70037bd4c refactor: clean up main 2021-11-01 11:04:54 +01:00
Trong Huu Nguyen
3a35584a21 refactor: restructure and group related packages into subpackages 2021-10-20 09:03:14 +02:00
Trong Huu Nguyen
c1482d09e1 refactor: generalize config to allow more providers; add azure 2021-10-16 12:44:59 +02:00
Trong Huu Nguyen
c702f8ff6c refactor: introduce generic provider for openid configs 2021-10-16 10:42:49 +02:00
Trong Huu Nguyen
f7f476db87 refactor: add toggle for redis tls negotiation 2021-10-13 08:47:58 +02:00
Morten Lied Johansen
6152b94aba Configure HA redis 
Co-authored-by: Trong Huu Nguyen <trong.huu.nguyen@nav.no>
Co-authored-by: Sindre Rødseth Hansen <sindre.rodseth.hansen@nav.no>
 2021-10-12 15:56:30 +02:00
Trong Huu Nguyen
657d7df988 refactor: remove startup redis ping 2021-10-12 09:33:16 +02:00
Trong Huu Nguyen
3bdbfd0030 refactor: only handle single ingress 
As OIDC is very specific on using complete redirect URIs
for the authorization-step, it does not really make sense
to handle multiple ingresses in Wonderwall.

We could dynamically figure out which ingress was used
by looking at the scheme and host for the request and
decide which redirect URI we would use, but such an
implementation is both time-consuming and prone to
errors and vulnerabilities without the proper precautions.
 2021-10-07 08:16:49 +02:00
sindrerh2
1f939d603d feat: add configurable redirect to custom error page 
Co-authored-by: Trong Huu Nguyen <trong.huu.nguyen@nav.no>
 2021-10-06 14:49:04 +02:00
Trong Huu Nguyen
77d0438411 feat: use latest go-chi v5, add middlewares for panic recovery and logging 
Co-Authored-By: Sindre Rødseth Hansen <sindre.rodseth.hansen@nav.no>
 2021-10-05 11:45:42 +02:00
Trong Huu Nguyen
cc8ba980ca refactor: deduplicate crypto operations for sessions 2021-09-30 18:27:53 +02:00
Trong Huu Nguyen
2ec1b7ace9 feat: encrypt session data 
Co-Authored-By: Sindre Rødseth Hansen <sindre.rodseth.hansen@nav.no>
 2021-09-30 13:47:29 +02:00
Morten Lied Johansen
214b14323c Do graceful shutdown on signals 2021-09-28 21:29:33 +02:00
Kim Tore Jensen
081921d0fa add http request metrics 2021-09-02 11:16:45 +02:00
Trong Huu Nguyen
723f25326c ping redis on startup; fail on error 2021-08-26 08:33:33 +02:00
Kent Daleng
8ee87a8a84 get ingresses from naiserator to build router correctly 
Co-Authored-By: Trong Huu Nguyen <trong.huu.nguyen@nav.no>
Co-Authored-By: Kim Tore Jensen <kim.tore.jensen@nav.no>
 2021-08-25 13:15:26 +02:00
Trong Huu Nguyen
6e45fa804c refactor: use keygen from liberator 2021-08-25 10:15:45 +02:00
Trong Huu Nguyen
de619c6e89 refactor: add constructor for routing handler to deduplicate config 2021-08-25 09:21:40 +02:00
Trong Huu Nguyen
0f160f7f99 fix: generate encryption key if not set 2021-08-25 08:23:19 +02:00
Trong Huu Nguyen
03a14eb2bd refactor: clean up id_token validation 2021-08-25 08:22:34 +02:00
Kim Tore Jensen
f414470910 support entering encryption key as environment variable 2021-08-24 15:46:55 +02:00
Kim Tore Jensen
097f4fd5b2 make redis support configurable 2021-08-24 13:07:57 +02:00
Kim Tore Jensen
55f26fb54c incorporate new session storage code 2021-08-24 12:58:16 +02:00
Kim Tore Jensen
764adc3d77 wip: tests for authorize 2021-08-23 14:39:48 +02:00
Kent Daleng
d2a3db75c2 refactor cookie handling 2021-08-23 13:11:50 +02:00
Kim Tore Jensen
1d36b8e6a3 code restructuring 2021-08-23 11:17:30 +02:00
Trong Huu Nguyen
f36848babe feat: validate id_token in auth code flow 
Co-authored-by: Kent Daleng <kent.daleng@nav.no>
 2021-08-23 09:59:15 +02:00
Kim Tore Jensen
9722c17eb5 route requests to upstream host 2021-08-20 12:22:17 +02:00
Kim Tore Jensen
c9668986a6 encrypt cookies and store access tokens in-memory with browser session 2021-08-19 15:25:39 +02:00
Kim Tore Jensen
8baa18281d remove caos/oidc as dependency 2021-08-19 14:25:55 +02:00