traefik_github_oauth_plugin

package module

v0.3.1 Latest Latest Go to latest Published: Nov 15, 2023 License: MIT Imports: 13 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/MuXiu1997/traefik-github-oauth-plugin

Links

Open Source Insights

README ¶

Traefik GitHub OAuth Plugin

This is a Traefik middleware plugin that allows users to authenticate using GitHub OAuth.

The plugin is intended to be used as a replacement for the BasicAuth middleware,

providing a more secure way for users to access protected routes.

process

Quick Start (Docker)

Create a GitHub OAuth App
- See: https://docs.github.com/en/developers/apps/building-oauth-apps/creating-an-oauth-app
- Set the Authorization callback URL to http://<traefik-github-oauth-server-host>/oauth/redirect

Run the Traefik GitHub OAuth server

docker run -d --name traefik-github-oauth-server \
  --network <traefik-proxy-network> \
  -e 'GITHUB_OAUTH_CLIENT_ID=<client-id>' \
  -e 'GITHUB_OAUTH_CLIENT_SECRET=<client-secret>' \
  -e 'API_BASE_URL=http://<traefik-github-oauth-server-host>' \
  -l 'traefik.http.services.traefik-github-oauth-server.loadbalancer.server.port=80' \
  -l 'traefik.http.routers.traefik-github-oauth-server.rule=Host(`<traefik-github-oauth-server-host>`)' \
  muxiu1997/traefik-github-oauth-server

Install the Traefik GitHub OAuth plugin

Add this snippet in the Traefik Static configuration

experimental:
  plugins:
    github-oauth:
      moduleName: "github.com/MuXiu1997/traefik-github-oauth-plugin"
      version: <version>

Run your App

docker run -d --whoami test \
  --network <traefik-proxy-network> \
  --label 'traefik.http.middlewares.whoami-github-oauth.plugin.github-oauth.apiBaseUrl=http://traefik-github-oauth-server' \
  --label 'traefik.http.middlewares.whoami-github-oauth.plugin.github-oauth.whitelist.logins[0]=MuXiu1997' \
  --label 'traefik.http.routers.whoami.rule=Host(`whoami.example.com`)' \
  --label 'traefik.http.routers.whoami.middlewares=whoami-github-oauth' \
 traefik/whoami

Configuration

Server configuration

Environment Variable	Description	Default	Required
`GITHUB_OAUTH_CLIENT_ID`	The GitHub OAuth App client id		Yes
`GITHUB_OAUTH_CLIENT_SECRET`	The GitHub OAuth App client secret		Yes
`API_BASE_URL`	The base URL of the Traefik GitHub OAuth server		Yes
`API_SECRET_KEY`	The api secret key. You can ignore this if you are using the internal network		No
`SERVER_ADDRESS`	The server address	`:80`	No
`DEBUG_MODE`	Enable debug mode and set log level to debug	`false`	No
`LOG_LEVEL`	The log level, Available values: debug, info, warn, error	`info`	No

Middleware Configuration

# The base URL of the Traefik GitHub OAuth server
apiBaseUrl: http://<traefik-github-oauth-server-host>
# The api secret key. You can ignore this if you are using the internal network
apiSecretKey: optional_secret_key_if_not_on_the_internal_network
# The path to redirect to after the user has authenticated, defaults to /_auth
# Note: This path is not GitHub OAuth App's Authorization callback URL
authPath: /_auth
# optional jwt secret key, if not set, the plugin will generate a random key
jwtSecretKey: optional_secret_key
# The log level, defaults to info
# Available values: debug, info, warn, error
logLevel: info
# whitelist
whitelist:
  # The list of GitHub user ids that in the whitelist
  ids:
    - 996
  # The list of GitHub user logins that in the whitelist
  logins:
    - MuXiu1997

License

MIT

Documentation ¶

Index ¶

Constants
func New(ctx context.Context, next http.Handler, config *Config, name string) (http.Handler, error)
type Config
- func CreateConfig() *Config
type ConfigWhitelist
type TraefikGithubOauthMiddleware
- func (p *TraefikGithubOauthMiddleware) ServeHTTP(rw http.ResponseWriter, req *http.Request)

Constants ¶

View Source

const (
	DefaultConfigAuthPath = "/_auth"
)

Variables ¶

This section is empty.

Functions ¶

func New ¶

func New(ctx context.Context, next http.Handler, config *Config, name string) (http.Handler, error)

New creates a new TraefikGithubOauthMiddleware.

Types ¶

type Config ¶

type Config struct {
	ApiBaseUrl   string          `json:"api_base_url,omitempty"`
	ApiSecretKey string          `json:"api_secret_key,omitempty"`
	AuthPath     string          `json:"auth_path,omitempty"`
	JwtSecretKey string          `json:"jwt_secret_key,omitempty"`
	LogLevel     string          `json:"log_level,omitempty"`
	Whitelist    ConfigWhitelist `json:"whitelist,omitempty"`
}

Config the middleware configuration.

func CreateConfig ¶

func CreateConfig() *Config

CreateConfig creates the default middleware configuration.

type ConfigWhitelist ¶

type ConfigWhitelist struct {
	// Ids the GitHub user id list.
	Ids []string `json:"ids,omitempty"`
	// Logins the GitHub user login list.
	Logins []string `json:"logins,omitempty"`
}

ConfigWhitelist the middleware configuration whitelist.

type TraefikGithubOauthMiddleware ¶

type TraefikGithubOauthMiddleware struct {
	// contains filtered or unexported fields
}

TraefikGithubOauthMiddleware the middleware.

func (*TraefikGithubOauthMiddleware) ServeHTTP ¶

func (p *TraefikGithubOauthMiddleware) ServeHTTP(rw http.ResponseWriter, req *http.Request)

ServeHTTP implements http.Handler.

Source Files ¶

View all Source files

middleware_plugin.go

Directories ¶

Path	Synopsis
cmd
traefik-github-oauth-server
internal
app/traefik-github-oauth-server
app/traefik-github-oauth-server/model
app/traefik-github-oauth-server/router
pkg/constant
pkg/jwt

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL