github/wonderwall
1
0
Fork 0
mirror of https://github.com/nais/wonderwall.git synced 2026-05-08 17:37:01 +00:00
Code Issues Packages Projects Releases Wiki Activity
423 Commits 2 Branches 0 Tags
bd748b9cef040c19399fdedb8a8739d5e626c310
Commit Graph

55 Commits

Author SHA1 Message Date
Trong Huu Nguyen
185485a6fe feat(handler/autologin): use doublestar library for nested path matching 
Fixes #54.
 2022-11-24 11:36:54 +01:00
Trong Huu Nguyen
aaaaaaa38d feat(session): add session inactivity timeout feature 
Fixes #52.
 2022-09-22 10:03:17 +02:00
Trong Huu Nguyen
55a5f357d5 chore: remove metadata rollout toggle 2022-09-21 09:41:28 +02:00
Trong Huu Nguyen
843bf5dfcd refactor(handler/error): rename config variable to match intention 2022-09-21 09:39:57 +02:00
Trong Huu Nguyen
b4eecfc663 fix(handler/autologin): only trigger for GET requests 2022-09-12 12:33:42 +02:00
Trong Huu Nguyen
af48778bf7 fix(session/handler): lock metadata operations behind feature gate until rollout 2022-08-29 10:00:43 +02:00
Trong Huu Nguyen
d5bbca9897 feat: rudimentary support for refresh tokens 2022-08-26 14:32:39 +02:00
Trong Huu Nguyen
5a50ba7c3a feat: support multiple ingresses 
Replace hardcoded callback URLs with dynamic generation
of URLs based on incoming requests. These are validated against
a pre-registered list of ingresses for which Wonderwall is considered
authorative for.

We also preserve the cookie behaviour; the most specific ingress path
and domain is used for the cookies.

The `url` package has been moved to the `handler` package, and its
implementation refactored slightly for readability and DRY.
 2022-08-17 20:43:56 +02:00
Trong Huu Nguyen
4646c36b74 refactor(autologin): skip -> ignore 2022-07-21 12:50:55 +02:00
Trong Huu Nguyen
d79f31c18d refactor(autologin): use glob-style matching instead of regex 
Regexes are powerful, but completely overkill and error-prone for this
use-case. So instead, we'll use path.Match with its simpler glob-style
patterns.
 2022-07-21 12:01:30 +02:00
Trong Huu Nguyen
13f1713fc2 refactor(config): move loading and setup into init 2022-07-20 11:21:54 +02:00
Trong Huu Nguyen
eac2d5789d refactor: passthrough for consistency in openid configuration 2022-07-20 09:58:49 +02:00
Trong Huu Nguyen
3e62683cad refactor: use pointer receivers when possible 2022-07-19 19:24:28 +02:00
Trong Huu Nguyen
4ab07e9dc2 refactor: clean up logging 2022-07-19 08:39:02 +02:00
Trong Huu Nguyen
ef649e7aaa feat: add allowlisting of paths for autologin 2022-07-17 20:11:55 +02:00
Trong Huu Nguyen
184102d365 perf(session/redis): set minIdleConns to alleviate cold start performance 2022-06-14 14:26:42 +02:00
Trong Huu Nguyen
b3dfa54768 refactor: change default post-logout redirect uri for idporten 2022-05-09 11:49:44 +02:00
Trong Huu Nguyen
3d45cfb998 refactor(config): remove features stanza 2022-02-03 13:52:48 +01:00
Trong Huu Nguyen
fcba6815b9 feat: add feature toggled support for loginstatus 
Co-Authored-By: Youssef Bel Mekki <youssef.bel.mekki@nav.no>
Co-Authored-By: Tommy Trøen <tommy.troen@nav.no>
 2022-02-03 11:41:40 +01:00
Trong Huu Nguyen
c70037bd4c refactor: clean up main 2021-11-01 11:04:54 +01:00
Trong Huu Nguyen
3a35584a21 refactor: restructure and group related packages into subpackages 2021-10-20 09:03:14 +02:00
Trong Huu Nguyen
1b4ce5cab7 Revert "Revert "refactor: infer redirect URI from configured ingress"" 
This reverts commit 8cf9d22324.
 2021-10-18 14:12:41 +02:00
Trong Huu Nguyen
8cf9d22324 Revert "refactor: infer redirect URI from configured ingress" 
This reverts commit 5f0b0df7cf.
 2021-10-18 14:06:10 +02:00
Trong Huu Nguyen
5f0b0df7cf refactor: infer redirect URI from configured ingress 2021-10-18 11:26:55 +02:00
Trong Huu Nguyen
be585f9902 refactor: simplify config for acr_values and ui_locales; validate on startup 2021-10-17 20:24:34 +02:00
Trong Huu Nguyen
c1482d09e1 refactor: generalize config to allow more providers; add azure 2021-10-16 12:44:59 +02:00
Trong Huu Nguyen
2f0243b69a refactor: move openid related structs to own pkg 2021-10-16 10:39:00 +02:00
Trong Huu Nguyen
d0482b3490 refactor: log session store unavailability, ensure fallback cookies are deleted when no longer needed 2021-10-13 08:49:53 +02:00
Trong Huu Nguyen
f7f476db87 refactor: add toggle for redis tls negotiation 2021-10-13 08:47:58 +02:00
Morten Lied Johansen
6152b94aba Configure HA redis 
Co-authored-by: Trong Huu Nguyen <trong.huu.nguyen@nav.no>
Co-authored-by: Sindre Rødseth Hansen <sindre.rodseth.hansen@nav.no>
 2021-10-12 15:56:30 +02:00
Trong Huu Nguyen
e209516d32 feat: add toggle for auto redirect to login handler for default route 
Co-Authored-By: Sindre Rødseth Hansen <sindre.rodseth.hansen@nav.no>
 2021-10-11 12:50:11 +02:00
Trong Huu Nguyen
2e10801d0e refactor: move client assertion generation, replace go-jose with jwx 
Co-Authored-By: Sindre Rødseth Hansen <sindre.rodseth.hansen@nav.no>
 2021-10-11 11:46:11 +02:00
Trong Huu Nguyen
3bdbfd0030 refactor: only handle single ingress 
As OIDC is very specific on using complete redirect URIs
for the authorization-step, it does not really make sense
to handle multiple ingresses in Wonderwall.

We could dynamically figure out which ingress was used
by looking at the scheme and host for the request and
decide which redirect URI we would use, but such an
implementation is both time-consuming and prone to
errors and vulnerabilities without the proper precautions.
 2021-10-07 08:16:49 +02:00
sindrerh2
1f939d603d feat: add configurable redirect to custom error page 
Co-authored-by: Trong Huu Nguyen <trong.huu.nguyen@nav.no>
 2021-10-06 14:49:04 +02:00
Trong Huu Nguyen
77d0438411 feat: use latest go-chi v5, add middlewares for panic recovery and logging 
Co-Authored-By: Sindre Rødseth Hansen <sindre.rodseth.hansen@nav.no>
 2021-10-05 11:45:42 +02:00
Trong Huu Nguyen
8f9cb671c6 fix: set jwt ID for client assertion to prevent token replay 2021-09-30 15:38:23 +02:00
Trong Huu Nguyen
5160987978 feat: allow user-defined post_logout_redirect_uri 2021-09-10 14:46:28 +02:00
Trong Huu Nguyen
c7040b0284 feat: add feature toggle for authorization locale; allow user-supplied parameter 2021-09-08 09:17:08 +02:00
Trong Huu Nguyen
4237e84de3 feat: add feature toggle for security level; allow user-defined levels 2021-09-06 11:05:19 +02:00
Trong Huu Nguyen
e819cc0de1 use host-agnostic path for default zero-config ingress 2021-09-02 12:23:32 +02:00
Kim Tore Jensen
081921d0fa add http request metrics 2021-09-02 11:16:45 +02:00
Kim Tore Jensen
e0662efa66 default zero-config ingress for testing 2021-08-30 11:50:15 +02:00
Kent Daleng
8ee87a8a84 get ingresses from naiserator to build router correctly 
Co-Authored-By: Trong Huu Nguyen <trong.huu.nguyen@nav.no>
Co-Authored-By: Kim Tore Jensen <kim.tore.jensen@nav.no>
 2021-08-25 13:15:26 +02:00
Trong Huu Nguyen
cb514c2294 refactor: make SessionMaxLifetime configurable 2021-08-25 10:55:53 +02:00
Trong Huu Nguyen
de619c6e89 refactor: add constructor for routing handler to deduplicate config 2021-08-25 09:21:40 +02:00
Kim Tore Jensen
f414470910 support entering encryption key as environment variable 2021-08-24 15:46:55 +02:00
Kim Tore Jensen
097f4fd5b2 make redis support configurable 2021-08-24 13:07:57 +02:00
Kim Tore Jensen
1d36b8e6a3 code restructuring 2021-08-23 11:17:30 +02:00
Trong Huu Nguyen
1fcc97819b feat: implement self-initiated logout 
Co-authored-by: Kent Daleng <kent.daleng@nav.no>
 2021-08-23 10:26:47 +02:00
Kim Tore Jensen
9722c17eb5 route requests to upstream host 2021-08-20 12:22:17 +02:00