local
/
rproxy3
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

authelia attempt failed

master v0.8.3
Bel LaPointe 2021-04-18 12:20:19 -05:00
parent af240639cb
commit ef3abbbf07
2 changed files with 12 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
server/proxy.go
View File

@ -69,6 +69,8 @@ func (rp *redirPurge) RoundTrip(r *http.Request) (*http.Response, error) {
if loc := resp.Header.Get("Location"); loc != "" { if loc := resp.Header.Get("Location"); loc != "" {
resp.Header.Set("Location", strings.Replace(loc, rp.targetHost, rp.proxyHost, 1)) resp.Header.Set("Location", strings.Replace(loc, rp.targetHost, rp.proxyHost, 1))
} }
// google floc https://paramdeo.com/blog/opting-your-website-out-of-googles-floc-network
resp.Header.Set("Permissions-Policy", "interest-cohort=()")
return resp, err return resp, err
} }

13
server/server.go
View File

@ -115,6 +115,7 @@ func (s *Server) doAuthelia(foo http.HandlerFunc) http.HandlerFunc {
panic(fmt.Sprintf("bad config for authelia url: %v", err)) panic(fmt.Sprintf("bad config for authelia url: %v", err))
} }
url.Path = "/api/verify" url.Path = "/api/verify"
logb.Verbosef("authelia @ %s", url.String())
req, err := http.NewRequest(http.MethodGet, url.String(), nil) req, err := http.NewRequest(http.MethodGet, url.String(), nil)
if err != nil { if err != nil {
panic(err.Error()) panic(err.Error())
@ -134,11 +135,13 @@ func (s *Server) doAuthelia(foo http.HandlerFunc) http.HandlerFunc {
"X-Forwarded-Uri": r2.URL.String(), "X-Forwarded-Uri": r2.URL.String(),
} { } {
if _, ok := httpreq.Header[k]; !ok { if _, ok := httpreq.Header[k]; !ok {
logb.Verbosef("authelia header setting %s:%s", k, v)
httpreq.Header.Set(k, v) httpreq.Header.Set(k, v)
} }
} }
} }
if cookie, err := r.Cookie("authelia_session"); err == nil { if cookie, err := r.Cookie("authelia_session"); err == nil {
logb.Verbosef("authelia session found in cookies; %+v", cookie)
req.AddCookie(cookie) req.AddCookie(cookie)
} }
c := &http.Client{ c := &http.Client{
@ -149,6 +152,7 @@ func (s *Server) doAuthelia(foo http.HandlerFunc) http.HandlerFunc {
} }
autheliaKey := mapKey(req.Host) autheliaKey := mapKey(req.Host)
logb.Verbosef("request to %s is authelia %s? %v", r.Host, autheliaKey, strings.HasPrefix(r.Host, autheliaKey))
if strings.HasPrefix(r.Host, autheliaKey) { if strings.HasPrefix(r.Host, autheliaKey) {
logb.Debugf("no authelia for %s because it has prefix %s", r.Host, autheliaKey) logb.Debugf("no authelia for %s because it has prefix %s", r.Host, autheliaKey)
foo(w, r) foo(w, r)
@ -176,13 +180,13 @@ func (s *Server) doAuthelia(foo http.HandlerFunc) http.HandlerFunc {
Name: k, Name: k,
Value: resp.Header.Get(k), Value: resp.Header.Get(k),
Path: "/", Path: "/",
Domain: r2.Host,
SameSite: http.SameSiteLaxMode, SameSite: http.SameSiteLaxMode,
Secure: true,
HttpOnly: true,
Expires: time.Now().Add(24 * time.Hour * 30), Expires: time.Now().Add(24 * time.Hour * 30),
} }
logb.Verbosef("setting authelia cookie in response: %+v", cookie)
http.SetCookie(w, cookie) http.SetCookie(w, cookie)
logb.Verbosef("setting authelia cookie in request: %+v", cookie)
r.AddCookie(cookie)
} }
} }
foo(w, r) foo(w, r)
@ -192,6 +196,7 @@ func (s *Server) doAuthelia(foo http.HandlerFunc) http.HandlerFunc {
q := url.Query() q := url.Query()
q.Set("rd", r2.URL.String()) q.Set("rd", r2.URL.String())
url.RawQuery = q.Encode() url.RawQuery = q.Encode()
logb.Verbosef("authelia status %d, rd'ing %s", resp.StatusCode, url.String())
http.Redirect(w, r, url.String(), http.StatusFound) http.Redirect(w, r, url.String(), http.StatusFound)
} }
} }
@ -268,8 +273,10 @@ func (s *Server) Pre(foo http.HandlerFunc) http.HandlerFunc {
return return
} }
if s.auth.BOAuthZ { if s.auth.BOAuthZ {
logb.Verbosef("doing boauthz for request to %s", r.URL.String())
s.doBOAuthZ(foo)(w, r) s.doBOAuthZ(foo)(w, r)
} else if s.auth.Authelia { } else if s.auth.Authelia {
logb.Verbosef("doing authelia for request to %s", r.URL.String())
s.doAuthelia(foo)(w, r) s.doAuthelia(foo)(w, r)
} else { } else {
foo(w, r) foo(w, r)