discourse
/
discourse-auth-proxy
mirror of https://github.com/discourse/discourse-auth-proxy.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add support for separate listen & proxy URIs

This commit is contained in:
Kane York 2015-08-22 13:37:21 -07:00
parent 253f4b5f89
commit 1535c15f98
1 changed files with 13 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
main.go
View File

@ -22,8 +22,9 @@ var nonceCache = lru.New(20)
func main() { func main() {
proxyUriPtr := flag.String("proxy-url", "", "uri to listen on eg: http://proxy.com") listenUriPtr := flag.String("listen-url", "", "uri to listen on eg: localhost:2001. leave blank to set equal to proxy-url")
originUriPtr := flag.String("origin-url", "", "origin to proxy eg: http://origin.com") proxyUriPtr := flag.String("proxy-url", "", "outer url of this host eg: http://secrets.example.com")
originUriPtr := flag.String("origin-url", "", "origin to proxy eg: http://localhost:2002")
ssoSecretPtr := flag.String("sso-secret", "", "SSO secret for origin") ssoSecretPtr := flag.String("sso-secret", "", "SSO secret for origin")
ssoUriPtr := flag.String("sso-url", "", "SSO endpoint eg: http://discourse.forum.com") ssoUriPtr := flag.String("sso-url", "", "SSO endpoint eg: http://discourse.forum.com")
@ -50,7 +51,12 @@ func main() {
log.Fatal("invalid proxy uri") log.Fatal("invalid proxy uri")
} }
if *proxyUriPtr == "" || *originUriPtr == "" || *ssoSecretPtr == "" || *ssoUriPtr == "" { if *listenUriPtr == "" {
log.Info("Defaulting to listening on the proxy url")
*listenUriPtr = proxyUrl.Host
}
if *proxyUriPtr == "" || *originUriPtr == "" || *ssoSecretPtr == "" || *ssoUriPtr == "" || *listenUriPtr == "" {
flag.Usage() flag.Usage()
os.Exit(1) os.Exit(1)
return return
@ -60,10 +66,10 @@ func main() {
proxy := httputil.NewSingleHostReverseProxy(originUrl) proxy := httputil.NewSingleHostReverseProxy(originUrl)
handler := redirectIfCookieMissing(proxy, *ssoSecretPtr, cookieSecret, *ssoUriPtr) handler := redirectIfCookieMissing(proxy, *ssoSecretPtr, cookieSecret, *ssoUriPtr, *proxyUriPtr)
server := &http.Server{ server := &http.Server{
Addr: proxyUrl.Host, Addr: *listenUriPtr,
Handler: handler, Handler: handler,
ReadTimeout: 10 * time.Second, ReadTimeout: 10 * time.Second,
WriteTimeout: 10 * time.Second, WriteTimeout: 10 * time.Second,
@ -79,7 +85,7 @@ func envOrFlag(name, help string) string {
return "" return ""
} }
func redirectIfCookieMissing(handler http.Handler, ssoSecret, cookieSecret, ssoUri string) http.Handler { func redirectIfCookieMissing(handler http.Handler, ssoSecret, cookieSecret, ssoUri, proxyHost string) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
cookie, err := r.Cookie("__discourse_proxy") cookie, err := r.Cookie("__discourse_proxy")
@ -100,7 +106,7 @@ func redirectIfCookieMissing(handler http.Handler, ssoSecret, cookieSecret, ssoU
sig := query.Get("sig") sig := query.Get("sig")
if len(sso) == 0 { if len(sso) == 0 {
url := ssoUri + "/session/sso_provider?" + sso_payload(ssoSecret, "http://"+r.Host, r.URL.String()) url := ssoUri + "/session/sso_provider?" + sso_payload(ssoSecret, proxyHost, r.URL.String())
http.Redirect(w, r, url, 302) http.Redirect(w, r, url, 302)
} else { } else {
decoded, _ := base64.StdEncoding.DecodeString(sso) decoded, _ := base64.StdEncoding.DecodeString(sso)