pangolin_mirror/badger
1
0
Fork 0
mirror of https://github.com/fosrl/badger.git synced 2026-03-26 12:36:49 +00:00
Code Issues Packages Projects Releases Wiki Activity

use access token params from config

Browse Source
This commit is contained in:
miloschwartz
2026-03-17 16:59:32 -07:00
parent d81af67db3
commit f220c75a52
2 changed files with 17 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
README.md
View File

@@ -70,20 +70,6 @@ trustip:
customIPHeader: "X-Forwarded-For" customIPHeader: "X-Forwarded-For"
``` ```
### Configuration Options Reference
| Option | Type | Required\* | Default | Description |
| ----------------------------- | -------- | ---------- | ------- | ----------------------------------------------------------------------------------- |
| `disableForwardAuth` | bool | No | `false` | Disable forward auth; only IP handling is performed |
| `apiBaseUrl` | string | Yes\* | - | Base URL of the Pangolin API |
| `userSessionCookieName` | string | Yes\* | - | Cookie name for user sessions |
| `resourceSessionRequestParam` | string | Yes\* | - | Query parameter name for resource session requests |
| `trustip` | []string | No | `[]` | Array of trusted IP ranges in CIDR format |
| `disableDefaultCFIPs` | bool | No | `false` | Disable default Cloudflare IP ranges |
| `customIPHeader` | string | No | `""` | Custom header name to extract IP from (only used if request is from trusted source) |
\* Required only when `disableForwardAuth` is `false` (default)
## Updating Cloudflare IPs ## Updating Cloudflare IPs
To update the Cloudflare IP ranges, run: To update the Cloudflare IP ranges, run:

20
main.go
View File

@@ -17,7 +17,9 @@ type Config struct {
APIBaseUrl string `json:"apiBaseUrl,omitempty"` APIBaseUrl string `json:"apiBaseUrl,omitempty"`
UserSessionCookieName string `json:"userSessionCookieName,omitempty"` UserSessionCookieName string `json:"userSessionCookieName,omitempty"`
ResourceSessionRequestParam string `json:"resourceSessionRequestParam,omitempty"` ResourceSessionRequestParam string `json:"resourceSessionRequestParam,omitempty"`
AccessTokenQueryParam string `json:"accessTokenQueryParam,omitempty"` // Deprecated: use ResourceSessionRequestParam AccessTokenQueryParam string `json:"accessTokenQueryParam,omitempty"`
AccessTokenIDHeader string `json:"accessTokenIdHeader,omitempty"`
AccessTokenHeader string `json:"accessTokenHeader,omitempty"`
DisableForwardAuth bool `json:"disableForwardAuth,omitempty"` DisableForwardAuth bool `json:"disableForwardAuth,omitempty"`
TrustIP []string `json:"trustip,omitempty"` TrustIP []string `json:"trustip,omitempty"`
DisableDefaultCFIPs bool `json:"disableDefaultCFIPs,omitempty"` DisableDefaultCFIPs bool `json:"disableDefaultCFIPs,omitempty"`
@@ -39,6 +41,8 @@ type Badger struct {
userSessionCookieName string userSessionCookieName string
resourceSessionRequestParam string resourceSessionRequestParam string
accessTokenQueryParam string accessTokenQueryParam string
accessTokenIDHeader string
accessTokenHeader string
disableForwardAuth bool disableForwardAuth bool
trustIP []*net.IPNet trustIP []*net.IPNet
customIPHeader string customIPHeader string
@@ -98,6 +102,8 @@ func New(ctx context.Context, next http.Handler, config *Config, name string) (h
userSessionCookieName: config.UserSessionCookieName, userSessionCookieName: config.UserSessionCookieName,
resourceSessionRequestParam: config.ResourceSessionRequestParam, resourceSessionRequestParam: config.ResourceSessionRequestParam,
accessTokenQueryParam: config.AccessTokenQueryParam, accessTokenQueryParam: config.AccessTokenQueryParam,
accessTokenIDHeader: config.AccessTokenIDHeader,
accessTokenHeader: config.AccessTokenHeader,
disableForwardAuth: config.DisableForwardAuth, disableForwardAuth: config.DisableForwardAuth,
customIPHeader: config.CustomIPHeader, customIPHeader: config.CustomIPHeader,
} }
@@ -317,8 +323,7 @@ func (p *Badger) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
p.stripSessionCookies(req) p.stripSessionCookies(req)
p.stripSessionParam(req) p.stripSessionParam(req)
req.Header.Del("P-Access-Token-Id") p.stripAccessTokenHeaders(req)
req.Header.Del("P-Access-Token")
fmt.Println("Badger: Valid session") fmt.Println("Badger: Valid session")
p.next.ServeHTTP(rw, req) p.next.ServeHTTP(rw, req)
@@ -439,6 +444,15 @@ func (p *Badger) stripSessionParam(req *http.Request) {
} }
} }
func (p *Badger) stripAccessTokenHeaders(req *http.Request) {
if p.accessTokenIDHeader != "" {
req.Header.Del(p.accessTokenIDHeader)
}
if p.accessTokenHeader != "" {
req.Header.Del(p.accessTokenHeader)
}
}
// stripSessionCookies removes session cookies from the request before forwarding to the backend. // stripSessionCookies removes session cookies from the request before forwarding to the backend.
// It processes raw Cookie header pairs so non-target cookies are preserved as-is. // It processes raw Cookie header pairs so non-target cookies are preserved as-is.
func (p *Badger) stripSessionCookies(req *http.Request) { func (p *Badger) stripSessionCookies(req *http.Request) {