github/wonderwall
1
0
Fork 0
mirror of https://github.com/nais/wonderwall.git synced 2026-05-08 09:27:12 +00:00
Code Issues Packages Projects Releases Wiki Activity
338 Commits 2 Branches 0 Tags
cdba90bc5bf9828f9fcdfe6830c62088c3f96a5e
Commit Graph

279 Commits

Author SHA1 Message Date
Trong Huu Nguyen
cdba90bc5b test(session/data): add missing tests 2022-08-29 14:48:39 +02:00
Trong Huu Nguyen
af48778bf7 fix(session/handler): lock metadata operations behind feature gate until rollout 2022-08-29 10:00:43 +02:00
Trong Huu Nguyen
cdd07838f4 refactor(session/data): separate into object groups 2022-08-29 08:35:03 +02:00
Trong Huu Nguyen
1d9339e139 refactor(session/handler): extract predicates for readability 2022-08-26 18:09:40 +02:00
Trong Huu Nguyen
5ec969981d fix(session/handler): ensure access token is not expired before proxying 2022-08-26 17:58:39 +02:00
Trong Huu Nguyen
d5bbca9897 feat: rudimentary support for refresh tokens 2022-08-26 14:32:39 +02:00
Trong Huu Nguyen
dc0741f79f refactor(middleware): extract handlers for consistency 2022-08-26 08:34:07 +02:00
Trong Huu Nguyen
4d7502a4be refactor(middleware/logentry): strip query and fragment from referer logs 2022-08-25 22:31:01 +02:00
Trong Huu Nguyen
cafebabea5 fix(openid/client): set redirect_uri param when redeeming auth code 2022-08-23 08:27:34 +02:00
Trong Huu Nguyen
c29501d964 refactor(handler): add utility method for path-aware cookie options 2022-08-19 12:09:21 +02:00
Trong Huu Nguyen
08f570363a refactor(openid): extract magic strings 2022-08-19 11:44:38 +02:00
Trong Huu Nguyen
5990e4bb71 refactor(session): extract session handler 2022-08-19 11:44:13 +02:00
Trong Huu Nguyen
c15e00469b refactor: clean up session error handling 2022-08-18 21:35:15 +02:00
Trong Huu Nguyen
ae8028cc96 refactor: remove cookie session fallback store 
The implementation is error-prone and difficult to maintain.
We instead just assume that the backing session store is highly
available.
 2022-08-17 20:44:07 +02:00
Trong Huu Nguyen
5a50ba7c3a feat: support multiple ingresses 
Replace hardcoded callback URLs with dynamic generation
of URLs based on incoming requests. These are validated against
a pre-registered list of ingresses for which Wonderwall is considered
authorative for.

We also preserve the cookie behaviour; the most specific ingress path
and domain is used for the cookies.

The `url` package has been moved to the `handler` package, and its
implementation refactored slightly for readability and DRY.
 2022-08-17 20:43:56 +02:00
Trong Huu Nguyen
41a10d8fe7 refactor: replace deprecated ioutil method and magic string 2022-08-17 11:39:43 +02:00
Trong Huu Nguyen
5f6c0c01a8 feat: add ingress middleware 2022-08-17 11:39:41 +02:00
Trong Huu Nguyen
a9e9644764 refactor: move context utils to middleware 2022-08-17 11:39:40 +02:00
Trong Huu Nguyen
a088ddd2d0 feat: add ingress package 2022-08-17 11:39:38 +02:00
Trong Huu Nguyen
e460a5eab2 fix(handler/reverseproxy): do not overwrite host header 2022-08-17 11:39:17 +02:00
Trong Huu Nguyen
51075ad9ed refactor(middleware/logentry): remove httplog dependency 2022-08-11 09:54:23 +02:00
Trong Huu Nguyen
cbc49de826 refactor(handler/default): clean up access token getter 2022-08-11 09:31:27 +02:00
Trong Huu Nguyen
13fd194318 refactor(handler/default): extract reverseproxy to avoid unnecessary instantiation 2022-08-11 09:31:10 +02:00
Trong Huu Nguyen
ac45aec044 fix(autologin): filter out empty and duplicate patterns 2022-07-21 17:44:13 +02:00
Trong Huu Nguyen
4646c36b74 refactor(autologin): skip -> ignore 2022-07-21 12:50:55 +02:00
Trong Huu Nguyen
d79f31c18d refactor(autologin): use glob-style matching instead of regex 
Regexes are powerful, but completely overkill and error-prone for this
use-case. So instead, we'll use path.Match with its simpler glob-style
patterns.
 2022-07-21 12:01:30 +02:00
Trong Huu Nguyen
31ab8ad3b7 refactor(handler/default): redirect auto-login requests instead of inlining login handler 2022-07-21 08:21:28 +02:00
Trong Huu Nguyen
27ea0793ba refactor(handler): reduce logging severity for spammy statements 2022-07-21 07:49:58 +02:00
Trong Huu Nguyen
595d902dcd fix(handler/default): only assert loginstatus if we already have an active session 2022-07-20 15:56:23 +02:00
Trong Huu Nguyen
242dc12be9 refactor(openid/config): remove unused field 2022-07-20 15:25:28 +02:00
Trong Huu Nguyen
b4e6e97448 refactor(metrics): use const label for hpa, ensure provider label is set 2022-07-20 14:50:13 +02:00
Trong Huu Nguyen
13f1713fc2 refactor(config): move loading and setup into init 2022-07-20 11:21:54 +02:00
Trong Huu Nguyen
eac2d5789d refactor: passthrough for consistency in openid configuration 2022-07-20 09:58:49 +02:00
Trong Huu Nguyen
09ab8b9e3b refactor(handler): minor cleanups 2022-07-19 20:11:52 +02:00
Trong Huu Nguyen
3e62683cad refactor: use pointer receivers when possible 2022-07-19 19:24:28 +02:00
Trong Huu Nguyen
cbb6be135a feat(metrics): add metrics for successful logins and logouts 2022-07-19 09:25:43 +02:00
Trong Huu Nguyen
0d0f75d21e style(handler/callback): accidentally a letter 2022-07-19 08:39:03 +02:00
Trong Huu Nguyen
b674a0ffa7 refactor(session): wrap own error type instead of using store-specific errors 2022-07-19 08:39:02 +02:00
Trong Huu Nguyen
4ab07e9dc2 refactor: clean up logging 2022-07-19 08:39:02 +02:00
Trong Huu Nguyen
a639ff2903 refactor(retry): extract retry package, add retry for session operations 2022-07-19 08:39:00 +02:00
Trong Huu Nguyen
81fa96ccb8 refactor(handler/default): minor cleanups for loginstatus 2022-07-19 08:38:52 +02:00
Trong Huu Nguyen
bece03c94e refactor(middleware/logentry): replace zerologger with logrus 2022-07-18 15:47:35 +02:00
Trong Huu Nguyen
445a20f1c1 refactor(middleware/prometheus): add host label 2022-07-18 09:40:18 +02:00
Trong Huu Nguyen
284fa2a76f fix(openid/client): ensure assertion time claims are rounded down instead of up 
Hopefully fixes intermittent 'invalid_grant' errors from IdP.
 2022-07-18 09:24:26 +02:00
Trong Huu Nguyen
4a3f1d3d7e refactor(handler/test): extract upstream and httpclient for readability 2022-07-17 20:20:45 +02:00
Trong Huu Nguyen
ef649e7aaa feat: add allowlisting of paths for autologin 2022-07-17 20:11:55 +02:00
Trong Huu Nguyen
9d32d100f0 refactor(handler/test): consistency passthrough, replace unneeded location parsing with stdlib function 2022-07-15 10:24:24 +02:00
Trong Huu Nguyen
f6afc3cb6b test(handler): add tests for default reverse proxy handler 2022-07-15 10:07:42 +02:00
Trong Huu Nguyen
ee28484829 test(handler): use correct session ID for front-channel logout 2022-07-15 09:07:29 +02:00
Trong Huu Nguyen
24da9ee4f7 refactor(handler/frontchannellogout): ignored request should just return accepted status 2022-07-15 09:06:04 +02:00