Documentation ¶
Index ¶
- Constants
- func AuthCallbackHandler(domains domains.Domains, whitelist whitelist.Whitelist, ...) http.Handler
- func ForwardAuthHandler(domains domains.Domains, oauthHandlers map[domains.Domain]oauth.Handler, ...) http.Handler
- func GetSession(r *http.Request) (sessions.Session, bool)
- func HealthHandler(sessions sessions.Sessions, states state.States[string]) http.Handler
- func LogoutHandler(domains domains.Domains, sessionStore sessions.Sessions, logger *slog.Logger) http.Handler
- func New(ctx context.Context, sessions sessions.Sessions, states state.States[string], ...) http.Handler
- func SessionExtractor(sessions sessions.Sessions, logger *slog.Logger) func(next http.Handler) http.Handler
- type Configuration
- type Metrics
Constants ¶
const OAUTHPath = "/_oauth"
Variables ¶
This section is empty.
Functions ¶
func AuthCallbackHandler ¶ added in v0.6.0
func AuthCallbackHandler( domains domains.Domains, whitelist whitelist.Whitelist, oauthHandlers map[domains.Domain]oauth.Handler, states state.States[string], sessions sessions.Sessions, logger *slog.Logger, ) http.Handler
The AuthCallbackHandler implements the oauth callback, initiated by ForwardAuthHandler's redirectToAuth method. It validates that the request came from us (by checking the state parameter), determines the user's email address, checks that that user is on the whitelist, creates a session Cookie for the user and redirects the user to the target that originally initiated the oauth flow.
func ForwardAuthHandler ¶ added in v0.6.0
func ForwardAuthHandler(domains domains.Domains, oauthHandlers map[domains.Domain]oauth.Handler, states state.States[string], logger *slog.Logger) http.Handler
The ForwardAuthHandler implements the authentication flow for traefik's forwardAuth middleware. It checks that the request has a valid session (stored in a http.Cookie). If so, it returns http.StatusOK. If not, it redirects the requesr to the configured oauth provider to log in. After login, the request is routed to the AuthCallbackHandler, which forwards the request to the originally requested destination.
func GetSession ¶ added in v0.6.0
GetSession returns the session from the request's context, if it exists.
func HealthHandler ¶ added in v0.6.0
func LogoutHandler ¶ added in v0.6.0
func LogoutHandler(domains domains.Domains, sessionStore sessions.Sessions, logger *slog.Logger) http.Handler
LogoutHandler logs out the user: it removes the session from the session store and sends an empty Cookie to the user. This means that the user's next request has an invalid cookie, triggering a new oauth flow.
func New ¶
func New(ctx context.Context, sessions sessions.Sessions, states state.States[string], config Configuration, metrics *Metrics, logger *slog.Logger) http.Handler
New returns a new http.Handler that handles traefik's forward-auth requests, and the associated oauth flow. It panics if config.Provider is invalid.
Types ¶
type Configuration ¶ added in v0.6.0
type Configuration struct { Debug bool Addr string PromAddr string SessionCookieName string Expiration time.Duration Secret []byte Provider string OIDCIssuerURL string Domains domains.Domains Whitelist whitelist.Whitelist ClientID string ClientSecret string AuthPrefix string }
func GetConfiguration ¶ added in v0.6.0
func GetConfiguration() (Configuration, error)
type Metrics ¶ added in v0.4.0
type Metrics struct {
// contains filtered or unexported fields
}
func NewMetrics ¶ added in v0.4.0
func (Metrics) Collect ¶ added in v0.4.0
func (m Metrics) Collect(ch chan<- prometheus.Metric)
func (Metrics) Describe ¶ added in v0.4.0
func (m Metrics) Describe(ch chan<- *prometheus.Desc)