Config changes for running behind a proxy

auth/google/google_test.go

@@ -17,7 +17,7 @@ func TestAuthURLWithoutDomain(t *testing.T) {
 				ClientID:     "client_id",
 				ClientSecret: "client_secret",
 			},
-			Host: "foo.com",
+			Host: "foo.com:9090",
 		},
 		Port: 9090,
 	}

auth/okta/okta_test.go

@@ -18,7 +18,7 @@ func TestAuthURL(t *testing.T) {
 				ClientSecret: "client_secret",
 				BaseURL:      "https://oktapreview.com",
 			},
-			Host: "foo.com",
+			Host: "foo.com:9090",
 		},
 		Port: 9090,
 	}

config/config.go

@@ -52,7 +52,7 @@ func (r *RouteInfo) ToURL() *url.URL {
 
 // Info is a configuration object that is loaded directly from the json config file.
 type Info struct {
-	// The host (without the port specification) that will be acting as the hub
+	// The host (with the port specification) that will be acting as the hub.
 	Host string
 
 	// OAuth related settings
@@ -78,6 +78,11 @@ type Info struct {
 		Key string
 	}
 
+	// Specify the Scheme of public internet facing traffic. While this will generally be 1:1 with
+	// the presences of Certs, using underpants behind another proxy that does SSL termination
+	// such as an AWS Elastic Load Balancer, would mean no certs, but use https scheme.
+	UseHttps bool `json:"use-https"`
+
 	// A mapping of group names to lists of user email addresses that are members
 	// of that group.  If this section is present, then the default behaviour for
 	// a route is to deny all users not in a group on its allowed-groups list.
@@ -102,6 +107,9 @@ func (i *Info) HasGroups() bool {
 // Scheme is a convience method for getting the relevant scheme based on whether certificates were
 // included in the configuration.
 func (i *Info) Scheme() string {
+	if i.UseHttps {
+		return "https"
+	}
 	if len(i.Certs) > 0 {
 		return "https"
 	}
@@ -119,7 +127,22 @@ func initRoute(r *RouteInfo) error {
 	return nil
 }
 
+// If ENV var is set, overwrite the target passed in
+func initFromEnvVar(varName string, target *string) {
+	envVal := os.Getenv(varName)
+	if envVal != "" {
+		*target = envVal
+	}
+}
+
 func initInfo(n *Info) error {
+	// Allow overwriting oauth config from env vars
+	initFromEnvVar("OAUTH_PROVIDER", &n.Oauth.Provider)
+	initFromEnvVar("OAUTH_DOMAIN", &n.Oauth.Domain)
+	initFromEnvVar("OAUTH_BASE_URL", &n.Oauth.BaseURL)
+	initFromEnvVar("OAUTH_CLIENT_ID", &n.Oauth.ClientID)
+	initFromEnvVar("OAUTH_CLIENT_SECRET", &n.Oauth.ClientSecret)
+
 	if n.Oauth.BaseURL != "" {
 		n.Oauth.BaseURL = strings.TrimRight(n.Oauth.BaseURL, "/")
 	}

config/context.go

@@ -24,11 +24,7 @@ type membership struct {
 
 // Host is the normalized host URLs to the hub.
 func (c *Context) Host() string {
-	switch c.Port {
-	case 80, 443:
-		return c.Info.Host
-	}
-	return fmt.Sprintf("%s:%d", c.Info.Host, c.Port)
+	return c.Info.Host
 }
 
 // ListenAddr is the address that should be passed to net.Listen.