local/rproxy3
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: local:v0.8.1
Branches Tags
local:master
local:v0.10.2 local:v0.10.1 local:v0.10.0 local:v0.9.1 local:v0.9.0 local:v0.8.5 local:v0.8.4 local:v0.8.3 local:v0.8.1 local:v0.8 local:v0.7 local:v0.6 local:v0.5 local:v0.4 local:v0.3 local:v0.2.1 local:v0.2 local:v0.1
..
compare: local:v0.8.3
Branches Tags
local:master
local:v0.10.2 local:v0.10.1 local:v0.10.0 local:v0.9.1 local:v0.9.0 local:v0.8.5 local:v0.8.4 local:v0.8.3 local:v0.8.1 local:v0.8 local:v0.7 local:v0.6 local:v0.5 local:v0.4 local:v0.3 local:v0.2.1 local:v0.2 local:v0.1

1 Commits
v0.8.1 ... v0.8.3

Author SHA1 Message Date
Bel LaPointe
ef3abbbf07 authelia attempt failed 2021-04-18 12:20:19 -05:00
2 changed files with 12 additions and 3 deletions
Expand all files Collapse all files

2
server/proxy.go
View File

@@ -69,6 +69,8 @@ func (rp *redirPurge) RoundTrip(r *http.Request) (*http.Response, error) {
if loc := resp.Header.Get("Location"); loc != "" {
resp.Header.Set("Location", strings.Replace(loc, rp.targetHost, rp.proxyHost, 1))
}
// google floc https://paramdeo.com/blog/opting-your-website-out-of-googles-floc-network
resp.Header.Set("Permissions-Policy", "interest-cohort=()")
return resp, err
}

13
server/server.go
View File

@@ -115,6 +115,7 @@ func (s *Server) doAuthelia(foo http.HandlerFunc) http.HandlerFunc {
panic(fmt.Sprintf("bad config for authelia url: %v", err))
}
url.Path = "/api/verify"
logb.Verbosef("authelia @ %s", url.String())
req, err := http.NewRequest(http.MethodGet, url.String(), nil)
if err != nil {
panic(err.Error())
@@ -134,11 +135,13 @@ func (s *Server) doAuthelia(foo http.HandlerFunc) http.HandlerFunc {
"X-Forwarded-Uri": r2.URL.String(),
} {
if _, ok := httpreq.Header[k]; !ok {
logb.Verbosef("authelia header setting %s:%s", k, v)
httpreq.Header.Set(k, v)
}
}
}
if cookie, err := r.Cookie("authelia_session"); err == nil {
logb.Verbosef("authelia session found in cookies; %+v", cookie)
req.AddCookie(cookie)
}
c := &http.Client{
@@ -149,6 +152,7 @@ func (s *Server) doAuthelia(foo http.HandlerFunc) http.HandlerFunc {
}
autheliaKey := mapKey(req.Host)
logb.Verbosef("request to %s is authelia %s? %v", r.Host, autheliaKey, strings.HasPrefix(r.Host, autheliaKey))
if strings.HasPrefix(r.Host, autheliaKey) {
logb.Debugf("no authelia for %s because it has prefix %s", r.Host, autheliaKey)
foo(w, r)
@@ -176,13 +180,13 @@ func (s *Server) doAuthelia(foo http.HandlerFunc) http.HandlerFunc {
Name: k,
Value: resp.Header.Get(k),
Path: "/",
Domain: r2.Host,
SameSite: http.SameSiteLaxMode,
Secure: true,
HttpOnly: true,
Expires: time.Now().Add(24 * time.Hour * 30),
}
logb.Verbosef("setting authelia cookie in response: %+v", cookie)
http.SetCookie(w, cookie)
logb.Verbosef("setting authelia cookie in request: %+v", cookie)
r.AddCookie(cookie)
}
}
foo(w, r)
@@ -192,6 +196,7 @@ func (s *Server) doAuthelia(foo http.HandlerFunc) http.HandlerFunc {
q := url.Query()
q.Set("rd", r2.URL.String())
url.RawQuery = q.Encode()
logb.Verbosef("authelia status %d, rd'ing %s", resp.StatusCode, url.String())
http.Redirect(w, r, url.String(), http.StatusFound)
}
}
@@ -268,8 +273,10 @@ func (s *Server) Pre(foo http.HandlerFunc) http.HandlerFunc {
return
}
if s.auth.BOAuthZ {
logb.Verbosef("doing boauthz for request to %s", r.URL.String())
s.doBOAuthZ(foo)(w, r)
} else if s.auth.Authelia {
logb.Verbosef("doing authelia for request to %s", r.URL.String())
s.doAuthelia(foo)(w, r)
} else {
foo(w, r)