Trong Huu Nguyen
10e71a7bb5
feat(handler/reverseproxy): remove x-wonderwall headers
...
The use of these headers in upstreams may be risky, espeically
if Wonderwall is accidentally misconfigured or disabled, or requests
are performed directly to the upstream circumventing Wonderwall.
We should prefer using a signed token or similar that can be verified by
the upstreams.
2024-01-16 08:57:07 +01:00
Trong Huu Nguyen
40497da1b9
feat(handler/reverseproxy): filter relevant access requests
2023-12-20 15:41:29 +01:00
Trong Huu Nguyen
41f4354ce4
revert: "feat(handler/error): remove automatic retry"
...
This reverts commit 083cb54df7
2023-12-20 11:17:51 +01:00
Trong Huu Nguyen
e71e4a2fda
feat(handler/reverseproxy): add toggle for access logs
2023-12-20 08:25:35 +01:00
Trong Huu Nguyen
55839d72f0
feat(handler/login): log existing sid on prompt
2023-12-19 12:19:39 +01:00
Trong Huu Nguyen
50e53330b9
feat(handler/reverseproxy): remove unnecessary log fields
2023-12-19 12:05:01 +01:00
Trong Huu Nguyen
f82c8a7078
feat(handler/login): drop logging sub claim
2023-12-19 11:04:03 +01:00
Trong Huu Nguyen
9c2d1cb520
feat(cookie): remove expiry options
...
Always create session cookies instead of
persistent cookies with expiry.
2023-12-19 08:46:08 +01:00
Trong Huu Nguyen
e00832016b
feat(handler/login): remove legacy cookie
...
We don't really need to set an additional cookie without SameSite
as we now use SameSite=Lax for the login cookie.
2023-12-19 08:46:08 +01:00
Trong Huu Nguyen
083cb54df7
feat(handler/error): remove automatic retry
2023-12-19 08:46:06 +01:00
Trong Huu Nguyen
273eb3604a
feat(cookie): use samesite lax instead of none for callback
2023-12-19 08:46:03 +01:00
Trong Huu Nguyen
c3904433f2
feat: log and propagate session metadata
...
- stop using jti, use sid instead
- store amr and auth_time from id_token in session
- log more metadata on login callback
- log session id where possible
- propagate acr, amr, auth_time, sid to upstreams in headers
- log authenticated reverseproxy requests
2023-12-19 08:46:02 +01:00
Trong Huu Nguyen
a10da5d0d7
feat(handler/login): add support for prompt param in login
2023-12-19 08:46:01 +01:00
Trong Huu Nguyen
8f3c5cde88
fix(handler/error): redirect callbacks to initial handlers, retry others as-is
2023-12-19 08:45:57 +01:00
Trong Huu Nguyen
3f7af9e232
chore(config): set new default value for idporten acr
2023-12-12 09:12:41 +01:00
Trong Huu Nguyen
6d32363d13
feat(config): drop dirty modifier from version string
2023-11-29 09:21:04 +01:00
Trong Huu Nguyen
70a45e1522
style: formatting
2023-11-28 10:15:32 +01:00
Trong Huu Nguyen
423bb4f22f
fix(router): skip middleware if otel is not enabled
2023-11-28 10:12:15 +01:00
Trong Huu Nguyen
35e4953557
fix(session/redis): skip setup if otel is not enabled
2023-11-28 10:08:31 +01:00
Trong Huu Nguyen
de78193361
chore(handler): remove temporary amr-based redirect
2023-11-24 16:52:15 +01:00
Trong Huu Nguyen
b3a7dbf081
refactor(otel): move configuration
2023-11-24 16:52:05 +01:00
Trong Huu Nguyen
14735484c3
refactor(otel): remove unneeded meter provider
2023-11-24 16:39:49 +01:00
J-K. Solbakken
894cc35e47
telemetry for redis
2023-11-23 13:16:43 +01:00
J-K. Solbakken
3e00f8105a
add request method to span name
2023-11-23 09:37:43 +01:00
J-K. Solbakken
d28579028e
removed unused variable
2023-11-23 08:56:52 +01:00
J-K. Solbakken
38b9891caf
use otelchi middleware for http tracing
2023-11-23 08:53:36 +01:00
J-K. Solbakken
5f11c2a5d7
use recommended otel reporting intervals
2023-11-23 08:20:56 +01:00
J-K. Solbakken
795c91950d
change otel exporter from stdout to grpc
2023-11-22 10:03:22 +01:00
Jan-Kåre Solbakken
757b9c987c
Merge branch 'master' into otel
2023-11-21 09:21:53 +01:00
J-K. Solbakken
23268c6762
starting simple
2023-11-21 08:47:42 +01:00
Trong Huu Nguyen
1b3ba8a7ad
refactor(session): skip logging for client context cancellations
...
We use the context from the inbound http.Request, which means that this
error generally occurs due to the user agent disconnecting mid-request.
Skip logging these errors as they're not really actionable.
2023-11-16 14:52:10 +01:00
Trong Huu Nguyen
191f3c3ca8
fix(router): enable cors on session endpoints for sso proxies
2023-11-15 08:42:42 +01:00
Trong Huu Nguyen
2f351a1388
feat(handler/callback): redirect minid passport users to separate landing page
2023-11-06 11:45:15 +01:00
Trong Huu Nguyen
e3022c7923
feat(handler/session): reduce logging level for not found errors
2023-11-02 08:33:09 +01:00
Trong Huu Nguyen
d2d281f38c
fix(server): correcter error equality check
2023-10-25 10:37:56 +02:00
Trong Huu Nguyen
305ab1786d
fix(reverseproxy/autologin): handle multiple accept headers
2023-10-16 12:01:15 +02:00
Trong Huu Nguyen
3da0ed1019
fix(middleware/prometheus): filter out irrelevant paths
2023-10-16 11:41:57 +02:00
Trong Huu Nguyen
c363bea556
test(reverseproxy): extract common assertions
2023-10-12 09:18:51 +02:00
Trong Huu Nguyen
b910d3e65a
feat(config): redis username and password flags overrides uri
2023-10-12 08:21:34 +02:00
Trong Huu Nguyen
f246fc7975
refactor(openid): move acr to own package
2023-10-11 14:25:12 +02:00
Trong Huu Nguyen
320176d48b
refactor(config): consolidate, don't parse/bind/load flags twice
2023-10-11 14:24:19 +02:00
Trong Huu Nguyen
6dbc747aad
feat(config): enable refresh tokens and automatic refreshing by default, increase default session lifetime
2023-10-11 14:16:53 +02:00
Trong Huu Nguyen
7e97fd7a93
revert: "style: go fmt"
...
This wasn't actually formatting.
This reverts commit d71ff7ddc3
2023-10-10 14:51:12 +02:00
Trong Huu Nguyen
8bbd947d5b
feat(config): add support for Redis URI
2023-10-10 14:48:50 +02:00
Trong Huu Nguyen
d71ff7ddc3
style: go fmt
2023-10-10 13:41:28 +02:00
Trong Huu Nguyen
af6642fe90
refactor(openid): use pkce implementation from golang.org/x/oauth2
2023-10-10 10:18:01 +02:00
Trong Huu Nguyen
a2e939f716
fix(handler/sessionrefresh): handle not found error
2023-10-04 10:06:03 +02:00
Trong Huu Nguyen
c1bdb90566
feat(handler/reverseproxy): don't return json response after all
...
Expose fewer interfaces; less maintenance and documentation needed.
2023-10-04 10:01:03 +02:00
Trong Huu Nguyen
91cd58d18b
docs: update sections on autologin and sessions
2023-10-03 14:21:09 +02:00
Trong Huu Nguyen
2e21dae33a
feat(handler/reverseproxy): return json response for non-navigational autologin requests
2023-10-03 14:21:09 +02:00
