local
/
rproxy3
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

authelia attempt failed

master v0.8.3
Bel LaPointe 2021-04-18 12:20:19 -05:00
parent af240639cb
commit ef3abbbf07
2 changed files with 12 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
server/proxy.go
View File

@ -69,6 +69,8 @@ func (rp *redirPurge) RoundTrip(r *http.Request) (*http.Response, error) {
if loc := resp.Header.Get("Location"); loc != "" {
resp.Header.Set("Location", strings.Replace(loc, rp.targetHost, rp.proxyHost, 1))
}
// google floc https://paramdeo.com/blog/opting-your-website-out-of-googles-floc-network
resp.Header.Set("Permissions-Policy", "interest-cohort=()")
return resp, err
}

13
server/server.go
View File

@ -115,6 +115,7 @@ func (s *Server) doAuthelia(foo http.HandlerFunc) http.HandlerFunc {
panic(fmt.Sprintf("bad config for authelia url: %v", err))
}
url.Path = "/api/verify"
logb.Verbosef("authelia @ %s", url.String())
req, err := http.NewRequest(http.MethodGet, url.String(), nil)
if err != nil {
panic(err.Error())
@ -134,11 +135,13 @@ func (s *Server) doAuthelia(foo http.HandlerFunc) http.HandlerFunc {
"X-Forwarded-Uri": r2.URL.String(),
} {
if _, ok := httpreq.Header[k]; !ok {
logb.Verbosef("authelia header setting %s:%s", k, v)
httpreq.Header.Set(k, v)
}
}
}
if cookie, err := r.Cookie("authelia_session"); err == nil {
logb.Verbosef("authelia session found in cookies; %+v", cookie)
req.AddCookie(cookie)
}
c := &http.Client{
@ -149,6 +152,7 @@ func (s *Server) doAuthelia(foo http.HandlerFunc) http.HandlerFunc {
}
autheliaKey := mapKey(req.Host)
logb.Verbosef("request to %s is authelia %s? %v", r.Host, autheliaKey, strings.HasPrefix(r.Host, autheliaKey))
if strings.HasPrefix(r.Host, autheliaKey) {
logb.Debugf("no authelia for %s because it has prefix %s", r.Host, autheliaKey)
foo(w, r)
@ -176,13 +180,13 @@ func (s *Server) doAuthelia(foo http.HandlerFunc) http.HandlerFunc {
Name: k,
Value: resp.Header.Get(k),
Path: "/",
Domain: r2.Host,
SameSite: http.SameSiteLaxMode,
Secure: true,
HttpOnly: true,
Expires: time.Now().Add(24 * time.Hour * 30),
}
logb.Verbosef("setting authelia cookie in response: %+v", cookie)
http.SetCookie(w, cookie)
logb.Verbosef("setting authelia cookie in request: %+v", cookie)
r.AddCookie(cookie)
}
}
foo(w, r)
@ -192,6 +196,7 @@ func (s *Server) doAuthelia(foo http.HandlerFunc) http.HandlerFunc {
q := url.Query()
q.Set("rd", r2.URL.String())
url.RawQuery = q.Encode()
logb.Verbosef("authelia status %d, rd'ing %s", resp.StatusCode, url.String())
http.Redirect(w, r, url.String(), http.StatusFound)
}
}
@ -268,8 +273,10 @@ func (s *Server) Pre(foo http.HandlerFunc) http.HandlerFunc {
return
}
if s.auth.BOAuthZ {
logb.Verbosef("doing boauthz for request to %s", r.URL.String())
s.doBOAuthZ(foo)(w, r)
} else if s.auth.Authelia {
logb.Verbosef("doing authelia for request to %s", r.URL.String())
s.doAuthelia(foo)(w, r)
} else {
foo(w, r)