mirror of
https://github.com/fosrl/badger.git
synced 2026-02-08 05:56:46 +00:00
Compare commits
7 Commits
v1.0.0-bet
...
v1.2.1
| Author | SHA1 | Date | |
|---|---|---|---|
|
cc45f414de | ||
|
|
14df42f0ab | ||
|
|
cab2424e6e | ||
|
|
d553b6ca77 | ||
|
|
0baba997d7 | ||
|
|
e951e42b4d | ||
|
|
3a180988be |
BIN
.assets/icon.png
Normal file
BIN
.assets/icon.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 24 KiB |
47
.github/DISCUSSION_TEMPLATE/feature-requests.yml
vendored
Normal file
47
.github/DISCUSSION_TEMPLATE/feature-requests.yml
vendored
Normal file
@@ -0,0 +1,47 @@
|
||||
body:
|
||||
- type: textarea
|
||||
attributes:
|
||||
label: Summary
|
||||
description: A clear and concise summary of the requested feature.
|
||||
validations:
|
||||
required: true
|
||||
|
||||
- type: textarea
|
||||
attributes:
|
||||
label: Motivation
|
||||
description: |
|
||||
Why is this feature important?
|
||||
Explain the problem this feature would solve or what use case it would enable.
|
||||
validations:
|
||||
required: true
|
||||
|
||||
- type: textarea
|
||||
attributes:
|
||||
label: Proposed Solution
|
||||
description: |
|
||||
How would you like to see this feature implemented?
|
||||
Provide as much detail as possible about the desired behavior, configuration, or changes.
|
||||
validations:
|
||||
required: true
|
||||
|
||||
- type: textarea
|
||||
attributes:
|
||||
label: Alternatives Considered
|
||||
description: Describe any alternative solutions or workarounds you've thought about.
|
||||
validations:
|
||||
required: false
|
||||
|
||||
- type: textarea
|
||||
attributes:
|
||||
label: Additional Context
|
||||
description: Add any other context, mockups, or screenshots about the feature request here.
|
||||
validations:
|
||||
required: false
|
||||
|
||||
- type: markdown
|
||||
attributes:
|
||||
value: |
|
||||
Before submitting, please:
|
||||
- Check if there is an existing issue for this feature.
|
||||
- Clearly explain the benefit and use case.
|
||||
- Be as specific as possible to help contributors evaluate and implement.
|
||||
51
.github/ISSUE_TEMPLATE/1.bug_report.yml
vendored
Normal file
51
.github/ISSUE_TEMPLATE/1.bug_report.yml
vendored
Normal file
@@ -0,0 +1,51 @@
|
||||
name: Bug Report
|
||||
description: Create a bug report
|
||||
labels: []
|
||||
body:
|
||||
- type: textarea
|
||||
attributes:
|
||||
label: Describe the Bug
|
||||
description: A clear and concise description of what the bug is.
|
||||
validations:
|
||||
required: true
|
||||
|
||||
- type: textarea
|
||||
attributes:
|
||||
label: Environment
|
||||
description: Please fill out the relevant details below for your environment.
|
||||
value: |
|
||||
- OS Type & Version: (e.g., Ubuntu 22.04)
|
||||
- Pangolin Version:
|
||||
- Gerbil Version:
|
||||
- Traefik Version:
|
||||
- Newt Version:
|
||||
- Olm Version: (if applicable)
|
||||
validations:
|
||||
required: true
|
||||
|
||||
- type: textarea
|
||||
attributes:
|
||||
label: To Reproduce
|
||||
description: |
|
||||
Steps to reproduce the behavior, please provide a clear description of how to reproduce the issue, based on the linked minimal reproduction. Screenshots can be provided in the issue body below.
|
||||
|
||||
If using code blocks, make sure syntax highlighting is correct and double-check that the rendered preview is not broken.
|
||||
validations:
|
||||
required: true
|
||||
|
||||
- type: textarea
|
||||
attributes:
|
||||
label: Expected Behavior
|
||||
description: A clear and concise description of what you expected to happen.
|
||||
validations:
|
||||
required: true
|
||||
|
||||
- type: markdown
|
||||
attributes:
|
||||
value: |
|
||||
Before posting the issue go through the steps you've written down to make sure the steps provided are detailed and clear.
|
||||
|
||||
- type: markdown
|
||||
attributes:
|
||||
value: |
|
||||
Contributors should be able to follow the steps provided in order to reproduce the bug.
|
||||
8
.github/ISSUE_TEMPLATE/config.yml
vendored
Normal file
8
.github/ISSUE_TEMPLATE/config.yml
vendored
Normal file
@@ -0,0 +1,8 @@
|
||||
blank_issues_enabled: false
|
||||
contact_links:
|
||||
- name: Need help or have questions?
|
||||
url: https://github.com/orgs/fosrl/discussions
|
||||
about: Ask questions, get help, and discuss with other community members
|
||||
- name: Request a Feature
|
||||
url: https://github.com/orgs/fosrl/discussions/new?category=feature-requests
|
||||
about: Feature requests should be opened as discussions so others can upvote and comment
|
||||
1
.gitignore
vendored
1
.gitignore
vendored
@@ -1 +1,2 @@
|
||||
go.sum
|
||||
.DS_Store
|
||||
|
||||
1
.go-version
Normal file
1
.go-version
Normal file
@@ -0,0 +1 @@
|
||||
1.23.2
|
||||
@@ -1,5 +1,6 @@
|
||||
displayName: Fossorial Badger
|
||||
displayName: Pangolin (Badger)
|
||||
type: middleware
|
||||
iconPath: .assets/icon.png
|
||||
|
||||
import: github.com/fosrl/badger
|
||||
|
||||
@@ -8,5 +9,4 @@ summary: Middleware auth bouncer for Pangolin
|
||||
testData:
|
||||
apiBaseUrl: "http://localhost:3001/api/v1"
|
||||
userSessionCookieName: "p_session_token"
|
||||
accessTokenQueryParam: "p_token"
|
||||
resourceSessionRequestParam: "p_session_request"
|
||||
|
||||
2
LICENSE
2
LICENSE
@@ -1,6 +1,6 @@
|
||||
MIT License
|
||||
|
||||
Copyright (c) 2024 Fossorial LLC
|
||||
Copyright (c) 2025 Fossorial Inc
|
||||
|
||||
Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
of this software and associated documentation files (the "Software"), to deal
|
||||
|
||||
@@ -17,7 +17,6 @@ Badger requires the following configuration parameters to be specified in your [
|
||||
```yaml
|
||||
apiBaseUrl: "http://localhost:3001/api/v1"
|
||||
userSessionCookieName: "p_session_token"
|
||||
accessTokenQueryParam: "p_token"
|
||||
resourceSessionRequestParam: "p_session_request"
|
||||
```
|
||||
|
||||
|
||||
71
main.go
71
main.go
@@ -12,7 +12,6 @@ import (
|
||||
type Config struct {
|
||||
APIBaseUrl string `json:"apiBaseUrl"`
|
||||
UserSessionCookieName string `json:"userSessionCookieName"`
|
||||
AccessTokenQueryParam string `json:"accessTokenQueryParam"`
|
||||
ResourceSessionRequestParam string `json:"resourceSessionRequestParam"`
|
||||
}
|
||||
|
||||
@@ -21,7 +20,6 @@ type Badger struct {
|
||||
name string
|
||||
apiBaseUrl string
|
||||
userSessionCookieName string
|
||||
accessTokenQueryParam string
|
||||
resourceSessionRequestParam string
|
||||
}
|
||||
|
||||
@@ -32,15 +30,20 @@ type VerifyBody struct {
|
||||
RequestHost *string `json:"host"`
|
||||
RequestPath *string `json:"path"`
|
||||
RequestMethod *string `json:"method"`
|
||||
AccessToken *string `json:"accessToken,omitempty"`
|
||||
TLS bool `json:"tls"`
|
||||
RequestIP *string `json:"requestIp,omitempty"`
|
||||
Headers map[string]string `json:"headers,omitempty"`
|
||||
Query map[string]string `json:"query,omitempty"`
|
||||
}
|
||||
|
||||
type VerifyResponse struct {
|
||||
Data struct {
|
||||
Valid bool `json:"valid"`
|
||||
RedirectURL *string `json:"redirectUrl"`
|
||||
Valid bool `json:"valid"`
|
||||
RedirectURL *string `json:"redirectUrl"`
|
||||
Username *string `json:"username,omitempty"`
|
||||
Email *string `json:"email,omitempty"`
|
||||
Name *string `json:"name,omitempty"`
|
||||
ResponseHeaders map[string]string `json:"responseHeaders,omitempty"`
|
||||
} `json:"data"`
|
||||
}
|
||||
|
||||
@@ -52,8 +55,9 @@ type ExchangeSessionBody struct {
|
||||
|
||||
type ExchangeSessionResponse struct {
|
||||
Data struct {
|
||||
Valid bool `json:"valid"`
|
||||
Cookie *string `json:"cookie"`
|
||||
Valid bool `json:"valid"`
|
||||
Cookie *string `json:"cookie"`
|
||||
ResponseHeaders map[string]string `json:"responseHeaders,omitempty"`
|
||||
} `json:"data"`
|
||||
}
|
||||
|
||||
@@ -67,7 +71,6 @@ func New(ctx context.Context, next http.Handler, config *Config, name string) (h
|
||||
name: name,
|
||||
apiBaseUrl: config.APIBaseUrl,
|
||||
userSessionCookieName: config.UserSessionCookieName,
|
||||
accessTokenQueryParam: config.AccessTokenQueryParam,
|
||||
resourceSessionRequestParam: config.ResourceSessionRequestParam,
|
||||
}, nil
|
||||
}
|
||||
@@ -75,7 +78,6 @@ func New(ctx context.Context, next http.Handler, config *Config, name string) (h
|
||||
func (p *Badger) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
|
||||
cookies := p.extractCookies(req)
|
||||
|
||||
var accessToken *string
|
||||
queryValues := req.URL.Query()
|
||||
|
||||
if sessionRequestValue := queryValues.Get(p.resourceSessionRequestParam); sessionRequestValue != "" {
|
||||
@@ -116,17 +118,18 @@ func (p *Badger) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
|
||||
originalRequestURL = fmt.Sprintf("%s?%s", originalRequestURL, cleanedQuery)
|
||||
}
|
||||
|
||||
if result.Data.ResponseHeaders != nil {
|
||||
for key, value := range result.Data.ResponseHeaders {
|
||||
rw.Header().Add(key, value)
|
||||
}
|
||||
}
|
||||
|
||||
fmt.Println("Got exchange token, redirecting to", originalRequestURL)
|
||||
http.Redirect(rw, req, originalRequestURL, http.StatusFound)
|
||||
return
|
||||
}
|
||||
}
|
||||
|
||||
if token := queryValues.Get(p.accessTokenQueryParam); token != "" {
|
||||
accessToken = &token
|
||||
queryValues.Del(p.accessTokenQueryParam)
|
||||
}
|
||||
|
||||
cleanedQuery := queryValues.Encode()
|
||||
originalRequestURL := fmt.Sprintf("%s://%s%s", p.getScheme(req), req.Host, req.URL.Path)
|
||||
if cleanedQuery != "" {
|
||||
@@ -135,6 +138,20 @@ func (p *Badger) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
|
||||
|
||||
verifyURL := fmt.Sprintf("%s/badger/verify-session", p.apiBaseUrl)
|
||||
|
||||
headers := make(map[string]string)
|
||||
for name, values := range req.Header {
|
||||
if len(values) > 0 {
|
||||
headers[name] = values[0] // Send only the first value for simplicity
|
||||
}
|
||||
}
|
||||
|
||||
queryParams := make(map[string]string)
|
||||
for key, values := range queryValues {
|
||||
if len(values) > 0 {
|
||||
queryParams[key] = values[0]
|
||||
}
|
||||
}
|
||||
|
||||
cookieData := VerifyBody{
|
||||
Sessions: cookies,
|
||||
OriginalRequestURL: originalRequestURL,
|
||||
@@ -142,9 +159,10 @@ func (p *Badger) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
|
||||
RequestHost: &req.Host,
|
||||
RequestPath: &req.URL.Path,
|
||||
RequestMethod: &req.Method,
|
||||
AccessToken: accessToken,
|
||||
TLS: req.TLS != nil,
|
||||
RequestIP: &req.RemoteAddr,
|
||||
Headers: headers,
|
||||
Query: queryParams,
|
||||
}
|
||||
|
||||
jsonData, err := json.Marshal(cookieData)
|
||||
@@ -176,6 +194,16 @@ func (p *Badger) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
|
||||
return
|
||||
}
|
||||
|
||||
req.Header.Del("Remote-User")
|
||||
req.Header.Del("Remote-Email")
|
||||
req.Header.Del("Remote-Name")
|
||||
|
||||
if result.Data.ResponseHeaders != nil {
|
||||
for key, value := range result.Data.ResponseHeaders {
|
||||
rw.Header().Add(key, value)
|
||||
}
|
||||
}
|
||||
|
||||
if result.Data.RedirectURL != nil && *result.Data.RedirectURL != "" {
|
||||
fmt.Println("Badger: Redirecting to", *result.Data.RedirectURL)
|
||||
http.Redirect(rw, req, *result.Data.RedirectURL, http.StatusFound)
|
||||
@@ -183,6 +211,19 @@ func (p *Badger) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
|
||||
}
|
||||
|
||||
if result.Data.Valid {
|
||||
|
||||
if result.Data.Username != nil {
|
||||
req.Header.Add("Remote-User", *result.Data.Username)
|
||||
}
|
||||
|
||||
if result.Data.Email != nil {
|
||||
req.Header.Add("Remote-Email", *result.Data.Email)
|
||||
}
|
||||
|
||||
if result.Data.Name != nil {
|
||||
req.Header.Add("Remote-Name", *result.Data.Name)
|
||||
}
|
||||
|
||||
fmt.Println("Badger: Valid session")
|
||||
p.next.ServeHTTP(rw, req)
|
||||
return
|
||||
|
||||
Reference in New Issue
Block a user