github/wonderwall
1
0
Fork 0
mirror of https://github.com/nais/wonderwall.git synced 2026-05-10 02:16:59 +00:00
Code Issues Packages Projects Releases Wiki Activity
1,128 Commits 2 Branches 0 Tags
c4fd135c50fe598afbe2e31265e3876faa694c21
Commit Graph

623 Commits

Author SHA1 Message Date
Trong Huu Nguyen
9bb5ac9210 fix(openid/client): also accept acr and locale params when no defaults are configured 2025-05-23 09:00:45 +02:00
Trong Huu Nguyen
b9963b19f9 refactor(openid): clean up id_token validation tests 2025-05-23 08:59:42 +02:00
Trong Huu Nguyen
c5ec362e60 feat(session): update id_token in session if returned from refresh grant 
Co-authored-by: Thomas Krampl <thomas.siegfried.krampl@nav.no>
 2025-05-22 15:52:15 +02:00
Trong Huu Nguyen
192cd86022 feat: use id_token instead of access_token for forward-auth headers 
Co-authored-by: Thomas Krampl <thomas.siegfried.krampl@nav.no>
 2025-05-22 11:09:59 +02:00
Trong Huu Nguyen
b21068f522 feat: set response headers for forward-auth behind feature flag 2025-05-22 09:04:58 +02:00
Trong Huu Nguyen
abf235dac6 feat(handler): attach token in forward-auth response 
Co-authored-by: Thomas Krampl <thomas.siegfried.krampl@nav.no>
 2025-05-21 15:16:27 +02:00
Trong Huu Nguyen
259bf635d1 chore(deps): bump github.com/lestrrat-go/jwx from v2 to v3 2025-05-21 10:38:26 +02:00
Trong Huu Nguyen
2ca79b595a test: move upstream struct to reverseproxy file 2025-05-21 10:38:25 +02:00
Trong Huu Nguyen
762b64eff5 fix(reverseproxy): strip incoming id-token header for unauthenticated requests 2025-04-28 10:50:12 +02:00
Trong Huu Nguyen
6bd858407b chore(deps): bump dependencies, replace deprecated mapstructure 2025-04-08 12:53:00 +02:00
Trong Huu Nguyen
ca8c09ae10 fix(openid/client): flatten audience for client assertion 
In accordance with OpenID Connect 1.0 Core, draft 36 incorporating
errata set 3:

> aud
>    REQUIRED. Audience. The aud (audience) Claim. [...] The Audience value MUST be the OP's Issuer Identifier passed as a string, and not a single-element array.
 2025-04-02 13:44:37 +02:00
Trong Huu Nguyen
01241f91ac perf: replace bytes.Buffer with strings.Builder 2025-04-02 11:53:30 +02:00
Trong Huu Nguyen
126db31d25 feat: restrict non-navigational requests to oauth2-routes for all modes 2025-04-02 11:53:29 +02:00
Trong Huu Nguyen
39d695e104 fix(openid/client): retry server errors for PAR 2025-03-06 10:05:58 +01:00
Trong Huu Nguyen
9c26a5591d feat(retry): increase max retry duration 2025-03-06 10:05:58 +01:00
Trong Huu Nguyen
12f6ce57aa feat(redis): register prometheus metrics 2025-03-06 10:05:57 +01:00
Trong Huu Nguyen
1982d010f9 fix(handler/session): ignore request context cancellations 
We ignore these as they are very likely due to the http request itself
being cancelled by the browser due to navigation and so on.
 2025-03-03 08:48:21 +01:00
Trong Huu Nguyen
7698a6f9b8 fix(router): only apply cors for forward-auth 2025-02-05 11:31:24 +01:00
Trong Huu Nguyen
1efcf32cc0 fix(router): only disallow non-navigation requests for forward-auth 
Unfortunately, public pages may have older user-agents that does not support Sec-Fetch- headers.
This is mostly Safari <16.3. We only apply this limitation for forward-auth for now.
 2025-02-05 11:10:24 +01:00
Trong Huu Nguyen
9d926fff03 fix(router): correct cors setup part deux 2025-02-03 11:56:40 +01:00
Trong Huu Nguyen
2e8c7075ff fix: set content-type header before status 2025-02-03 11:38:35 +01:00
Trong Huu Nguyen
c9de679951 feat(cors): reflect headers for allow-headers 
Co-authored-by: sindrerh2 <sindre.rodseth.hansen@nav.no>
 2025-02-03 10:52:32 +01:00
Trong Huu Nguyen
1f6a23f73d fix(router): configure cors for login and logout endpoints 
Co-authored-by: sindrerh2 <sindre.rodseth.hansen@nav.no>
 2025-02-03 10:18:24 +01:00
Trong Huu Nguyen
ed02b782fe refactor(http): inline navigation check in middleware 2025-02-03 08:41:59 +01:00
Trong Huu Nguyen
7c6f9d6f70 feat(session): record id attribute regardless of session validity 2025-01-31 18:52:19 +01:00
Trong Huu Nguyen
4b1bdef5cd feat: disallow non-navigational requests to login and logout endpoints 2025-01-31 16:42:24 +01:00
Trong Huu Nguyen
f192d55971 fix(config): drop 'vcs.modified' when resolving version 
Co-authored-by: sindrerh2 <sindre.rodseth.hansen@nav.no>
 2025-01-30 15:17:36 +01:00
Trong Huu Nguyen
1268f7627c feat(config): use OTEL_SERVICE_NAME if set 
Co-authored-by: sindrerh2 <sindre.rodseth.hansen@nav.no>
 2025-01-30 14:03:41 +01:00
Trong Huu Nguyen
79ac15d455 feat(otel): consistency passthrough for spans and attributes 
Co-authored-by: sindrerh2 <sindre.rodseth.hansen@nav.no>
 2025-01-30 14:03:39 +01:00
Sindre Rødseth Hansen
07b542a2f5 feat(openid/error): add spans and attributes 
Co-authored-by: tronghn <trong.huu.nguyen@nav.no>
 2025-01-30 14:03:39 +01:00
Sindre Rødseth Hansen
dd0373b72d feat(openid/client): add spans and attributes 
Co-authored-by: tronghn <trong.huu.nguyen@nav.no>
 2025-01-30 14:03:38 +01:00
Trong Huu Nguyen
44bb683531 feat(handler): add spans 
Co-authored-by: sindrerh2 <sindre.rodseth.hansen@nav.no>
 2025-01-30 14:03:38 +01:00
Trong Huu Nguyen
e6207fe3b4 feat(handler/reverseproxy): more spans 
Co-authored-by: sindrerh2 <sindre.rodseth.hansen@nav.no>
 2025-01-30 14:03:37 +01:00
Trong Huu Nguyen
475fe25100 feat(session): add even more tracing 
Co-authored-by: sindrerh2 <sindre.rodseth.hansen@nav.no>
 2025-01-30 14:03:36 +01:00
Trong Huu Nguyen
787b54beeb refactor(crypto): move to internal 
Co-authored-by: sindrerh2 <sindre.rodseth.hansen@nav.no>
 2025-01-30 14:03:36 +01:00
Trong Huu Nguyen
85230d5403 feat(session): add trace spans and attributes 
Co-authored-by: sindrerh2 <sindre.rodseth.hansen@nav.no>
 2025-01-30 14:03:35 +01:00
Trong Huu Nguyen
a157a13b9c refactor(o11y): separate logging and otel packages 
Co-authored-by: sindrerh2 <sindre.rodseth.hansen@nav.no>
 2025-01-30 14:03:34 +01:00
Trong Huu Nguyen
21b85c4b54 feat(handler/reverseproxy): add trace spans with attributes 
Co-authored-by: sindrerh2 <sindre.rodseth.hansen@nav.no>
 2025-01-30 14:03:34 +01:00
Trong Huu Nguyen
dc4c563b26 feat(otel): set more resource attributes 
Co-authored-by: sindrerh2 <sindre.rodseth.hansen@nav.no>
 2025-01-30 14:03:33 +01:00
Trong Huu Nguyen
05c5da6bf6 fix(middleware/tracing): check attribute types before setting them 
Co-authored-by: sindrerh2 <sindre.rodseth.hansen@nav.no>
 2025-01-30 14:03:33 +01:00
Trong Huu Nguyen
13b11790fe feat(handler): log additional fields for errors and reverseproxy 
Co-authored-by: sindrerh2 <sindre.rodseth.hansen@nav.no>
 2025-01-30 14:03:31 +01:00
Sindre Rødseth Hansen
ca77435d6a feat(http): propagate traceparent for httpclient 
Co-authored-by: tronghn <trong.huu.nguyen@nav.no>
 2025-01-30 14:03:30 +01:00
Trong Huu Nguyen
bf83a58795 wip: tracing for http transport 2025-01-30 14:03:30 +01:00
Trong Huu Nguyen
e1ed2033cf refactor(middleware): extract tracing to separate handler 
Co-authored-by: sindrerh2 <sindre.rodseth.hansen@nav.no>
 2025-01-30 14:03:29 +01:00
Trong Huu Nguyen
10360958c0 feat(middleware): clean up logging middleware, add span attributes 
Co-authored-by: sindrerh2 <sindre.rodseth.hansen@nav.no>
 2025-01-30 14:03:29 +01:00
Trong Huu Nguyen
98cc534806 feat(middleware): use trace_id as correlation id, if available 
Co-authored-by: sindrerh2 <sindre.rodseth.hansen@nav.no>
 2025-01-30 14:03:28 +01:00
Trong Huu Nguyen
1f730a3d68 refactor: move logging to observability package 
Co-authored-by: sindrerh2 <sindre.rodseth.hansen@nav.no>
 2025-01-30 14:03:27 +01:00
Trong Huu Nguyen
81058458e0 feat: add logrus hook for opentelemetry 
Co-authored-by: sindrerh2 <sindre.rodseth.hansen@nav.no>
 2025-01-30 14:03:27 +01:00
Sindre Rødseth Hansen
b882c31585 feat(config): automatically enable otel if OTEL_EXPORTER_OTLP_ENDPOINT env var is set 
Co-authored-by: tronghn <trong.huu.nguyen@nav.no>
 2025-01-30 14:03:23 +01:00
Trong Huu Nguyen
57f5bf951e fix(config): set correct defaults for resolving version 
Co-authored-by: sindrerh2 <sindre.rodseth.hansen@nav.no>
 2025-01-30 14:03:23 +01:00