From d792d62e8ec6610c75372fb5058a79b00927dba7 Mon Sep 17 00:00:00 2001 From: Alex Hornbake Date: Mon, 5 Mar 2018 13:32:54 -0500 Subject: [PATCH] accept ENV Vars for oauth config, and change config for: scheme, host, and port for use behind proxy --- auth/google/google_test.go | 2 +- auth/okta/okta_test.go | 2 +- config/config.go | 25 ++++++++++++++++++++++++- config/context.go | 6 +----- 4 files changed, 27 insertions(+), 8 deletions(-) diff --git a/auth/google/google_test.go b/auth/google/google_test.go index 7084696..af9d498 100644 --- a/auth/google/google_test.go +++ b/auth/google/google_test.go @@ -17,7 +17,7 @@ func TestAuthURLWithoutDomain(t *testing.T) { ClientID: "client_id", ClientSecret: "client_secret", }, - Host: "foo.com", + Host: "foo.com:9090", }, Port: 9090, } diff --git a/auth/okta/okta_test.go b/auth/okta/okta_test.go index 9db9379..08f18a8 100644 --- a/auth/okta/okta_test.go +++ b/auth/okta/okta_test.go @@ -18,7 +18,7 @@ func TestAuthURL(t *testing.T) { ClientSecret: "client_secret", BaseURL: "https://oktapreview.com", }, - Host: "foo.com", + Host: "foo.com:9090", }, Port: 9090, } diff --git a/config/config.go b/config/config.go index 03b3f95..079598c 100644 --- a/config/config.go +++ b/config/config.go @@ -52,7 +52,7 @@ func (r *RouteInfo) ToURL() *url.URL { // Info is a configuration object that is loaded directly from the json config file. type Info struct { - // The host (without the port specification) that will be acting as the hub + // The host (with the port specification) that will be acting as the hub. Host string // OAuth related settings @@ -78,6 +78,11 @@ type Info struct { Key string } + // Specify the Scheme of public internet facing traffic. While this will generally be 1:1 with + // the presences of Certs, using underpants behind another proxy that does SSL termination + // such as an AWS Elastic Load Balancer, would mean no certs, but use https scheme. + UseHttps bool `json:"use-https"` + // A mapping of group names to lists of user email addresses that are members // of that group. If this section is present, then the default behaviour for // a route is to deny all users not in a group on its allowed-groups list. @@ -102,6 +107,9 @@ func (i *Info) HasGroups() bool { // Scheme is a convience method for getting the relevant scheme based on whether certificates were // included in the configuration. func (i *Info) Scheme() string { + if i.UseHttps { + return "https" + } if len(i.Certs) > 0 { return "https" } @@ -119,7 +127,22 @@ func initRoute(r *RouteInfo) error { return nil } +// If ENV var is set, overwrite the target passed in +func initFromEnvVar(varName string, target *string) { + envVal := os.Getenv(varName) + if envVal != "" { + *target = envVal + } +} + func initInfo(n *Info) error { + // Allow overwriting oauth config from env vars + initFromEnvVar("OAUTH_PROVIDER", &n.Oauth.Provider) + initFromEnvVar("OAUTH_DOMAIN", &n.Oauth.Domain) + initFromEnvVar("OAUTH_BASE_URL", &n.Oauth.BaseURL) + initFromEnvVar("OAUTH_CLIENT_ID", &n.Oauth.ClientID) + initFromEnvVar("OAUTH_CLIENT_SECRET", &n.Oauth.ClientSecret) + if n.Oauth.BaseURL != "" { n.Oauth.BaseURL = strings.TrimRight(n.Oauth.BaseURL, "/") } diff --git a/config/context.go b/config/context.go index b847185..488dea4 100644 --- a/config/context.go +++ b/config/context.go @@ -24,11 +24,7 @@ type membership struct { // Host is the normalized host URLs to the hub. func (c *Context) Host() string { - switch c.Port { - case 80, 443: - return c.Info.Host - } - return fmt.Sprintf("%s:%d", c.Info.Host, c.Port) + return c.Info.Host } // ListenAddr is the address that should be passed to net.Listen.