github/wonderwall
1
0
Fork 0
mirror of https://github.com/nais/wonderwall.git synced 2026-05-23 00:32:55 +00:00
Code Issues Packages Projects Releases Wiki Activity
447 Commits 3 Branches 0 Tags
c3532d2e6098e1ae07bc050aafa7781d4ca03616
Commit Graph

447 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Trong Huu Nguyen
c3532d2e60 build: bump to go version 1.20.1 2023-02-14 21:50:34 +01:00
Trong Huu Nguyen
411201b3de refactor(redirect): clean up logging 2023-02-14 21:50:33 +01:00
Trong Huu Nguyen
0537c8172f feat(session): use tickets for per-session data encryption 
Replace the usage of a single application-wide session crypter
with per-session crypters.

The application is no longer able to decrypt any session
encrypted with its symmetric key alone. Instead, a session ticket
with its associated data encryption key (DEK) is also required in order
to decrypt the associated session data. The ticket itself is
encrypted with the application's crypter; the latter of which is
effectively a key-encryption key (KEK).

Fixes #49.
 2023-02-14 21:50:19 +01:00
Trong Huu Nguyen
d17feacc34 refactor(handler/autologin): use sync.Map for cache 2023-02-14 14:20:46 +01:00
Trong Huu Nguyen
5a56c24bcc refactor(crypto): replace aes-256-gcm with xchacha20-poly1305 2023-02-13 21:48:23 +01:00
Trong Huu Nguyen
ce2698f2bb refactor(cookie): use rawurlencoding for base64 2023-02-13 20:15:12 +01:00
Trong Huu Nguyen
1b2234f875 refactor(session/data): skip unnecessary base64 (un)marshalling 2023-02-13 20:14:38 +01:00
Trong Huu Nguyen
66dec32de0 feat(sso/proxy): implement handlers for session routes 2023-02-10 14:58:19 +01:00
Trong Huu Nguyen
ea0756784d refactor(handler/reverseproxy): use ReverseProxy.Rewrite instead of Director 2023-02-10 14:58:17 +01:00
Trong Huu Nguyen
473e4a95a7 refactor: remove loginstatus 
Loginstatus is no longer needed with the SSO setup.
Fixes #50.
 2023-02-10 14:58:17 +01:00
Trong Huu Nguyen
99e3e7d699 refactor(mock/openid): use redis as session store for integration tests 2023-02-10 14:58:16 +01:00
Trong Huu Nguyen
c81297c401 build(deps): various bumps, use go-redis v9 2023-02-10 14:58:15 +01:00
Trong Huu Nguyen
9881bf5b44 build: bump to go version 1.20 2023-02-10 14:58:15 +01:00
Trong Huu Nguyen
c8f148d892 refactor(handler/error): remove custom redirect 
Reduce the risk of exposing oauth query parameters in "dirty dancing" attacks.
 2023-02-10 14:58:14 +01:00
Trong Huu Nguyen
42dcba8367 refactor: replace relative canonical redirect with handler 
This also ensure that we clean any urls that may stem from user input (e.g.
url parameter or login cookie) before performing redirects.
 2023-02-10 14:58:14 +01:00
Trong Huu Nguyen
54a43d832a feat(redirect): extract package for creating and validating canonical redirects 2023-02-10 14:58:13 +01:00
Trong Huu Nguyen
1f60d750f2 fix(mock): correct middleware for request generator 2023-02-10 14:58:13 +01:00
Trong Huu Nguyen
5f74ee08bc refactor(url): extract utility functions 2023-02-10 14:58:12 +01:00
Trong Huu Nguyen
d13525f8a2 fix(handler/error): correct retry url for local logout 2023-02-10 14:58:12 +01:00
Trong Huu Nguyen
0e73c9b4d8 refactor(mock): configure relying party ingress before server start 2023-02-10 14:58:11 +01:00
Trong Huu Nguyen
1fdbe75c9e feat(sso/proxy): implement login handler 2023-02-10 14:58:11 +01:00
Trong Huu Nguyen
c3c0c01926 feat(sso): partially implement handlers 2023-02-10 14:58:09 +01:00
Trong Huu Nguyen
a4e4fc752e refactor(handler): remove provider name getter from handler 2023-02-10 14:57:57 +01:00
Trong Huu Nguyen
3d08d0b4b0 feat: initial skeleton setup for SSO mode 2023-02-10 14:57:56 +01:00
Trong Huu Nguyen
bd748b9cef refactor(openid/provider): use name from config instead of indirection layer 2023-02-10 14:57:56 +01:00
Trong Huu Nguyen
2f6a3682d9 fix(all): use url.ParseRequestURI instead of just url.Parse where necessary 2023-02-10 14:57:55 +01:00
Trong Huu Nguyen
f4bba075a6 refactor(handler/error): reduce log severity for context canceled errors 2023-02-10 14:57:55 +01:00
Trong Huu Nguyen
61a7a8f161 refactor: clean up errors and reverseproxy logging 2023-02-10 14:57:53 +01:00
Trong Huu Nguyen
ce177fb4a5 refactor(handler/url): remove unneeded redirect parameter encoding 2023-02-10 14:57:52 +01:00
Trong Huu Nguyen
07fc0e24dd perf(handler/autologin): cache NeedsLogin results 2023-02-10 14:57:51 +01:00
Trong Huu Nguyen
bd53417f8b refactor(handler): move handler tests to separate files 2023-02-10 14:57:48 +01:00
Trong Huu Nguyen
f51fe97b23 refactor(handler): flatten handler modules 2023-02-10 14:57:48 +01:00
Trong Huu Nguyen
6a142cf5a5 refactor(handler): use session cookie for frontchannel logout if available, clean up logout handlers 2023-02-10 14:57:48 +01:00
Trong Huu Nguyen
67d3977cc1 refactor(handler/sessionrefresh): use found session key instead of looking up key again 2023-02-10 14:57:47 +01:00
Trong Huu Nguyen
ae31267fd1 refactor: simplify returning boolean expressions 2023-02-10 14:57:47 +01:00
Trong Huu Nguyen
a682f08715 ci: add staticcheck and govulncheck 2023-02-10 14:57:46 +01:00
Trong Huu Nguyen
c3a5033968 test(handler): add test for authorization headers, ensure upstream validates token 2023-02-10 14:57:45 +01:00
Michal J. Sladek
d1b810a317 Add support for Apple Silicon (linux/arm64) platform. (#69)Fixes https://github.com/nais/wonderwall/issues/67 2023-02-10 13:05:25 +01:00
dependabot[bot]
da54f4fcc5 build(deps): bump github.com/spf13/viper from 1.14.0 to 1.15.0 (#65) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-01-31 09:16:41 +01:00
dependabot[bot]
d8493e1e7b build(deps): bump github.com/alicebob/miniredis/v2 from 2.23.1 to 2.30.0 (#62) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-01-10 08:42:51 +00:00
dependabot[bot]
fb8a4edb71 build(deps): bump golang.org/x/oauth2 from 0.3.0 to 0.4.0 (#63) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-01-10 09:40:57 +01:00
dependabot[bot]
a925a3f112 build(deps): bump github.com/bmatcuk/doublestar/v4 from 4.4.0 to 4.6.0 (#64) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-01-10 09:36:21 +01:00
Trong Huu Nguyen
4291de3afc ci: re-run workflow for 0cb51a3 2022-12-19 15:36:19 +01:00
dependabot[bot]
0cb51a32ba build(deps): bump github.com/alicebob/miniredis/v2 from 2.23.0 to 2.23.1 (#60) 2022-12-19 14:29:25 +00:00
Trong Huu Nguyen
af78c91c09 ci: prefix sha-tags with date 2022-12-19 15:13:06 +01:00
Trong Huu Nguyen
9cf982fd6a ci: add write permission to allow publishing to ghcr 2022-12-19 15:02:54 +01:00
Trong Huu Nguyen
b3c50acb76 docs: use mermaid for diagrams 2022-12-19 13:04:12 +01:00
Trong Huu Nguyen
4896f9aa41 deps: more bumps 2022-12-19 09:45:16 +01:00
Trong Huu Nguyen
55c615f095 ci: set up jobs for publishing to GAR 2022-12-16 15:07:01 +01:00
Trong Huu Nguyen
f65f7a695b build: use latest go version, 1.19.4 2022-12-16 14:55:08 +01:00