outpost: use same http client for api requests and oauth token redeeming
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer
parent
0768b201a7
commit
039a1e544e
|
|
@ -141,7 +141,7 @@ func (pb *providerBundle) Build(provider api.ProxyOutpostConfig) {
|
|||
log.Printf("%s", err)
|
||||
os.Exit(1)
|
||||
}
|
||||
oauthproxy, err := NewOAuthProxy(opts, provider)
|
||||
oauthproxy, err := NewOAuthProxy(opts, provider, pb.s.ak.Client.GetConfig().HTTPClient)
|
||||
if err != nil {
|
||||
log.Errorf("ERROR: Failed to initialise OAuth2 Proxy: %v", err)
|
||||
os.Exit(1)
|
||||
|
|
|
|||
|
|
@ -32,12 +32,22 @@ func (p *OAuthProxy) GetRedirectURI(host string) string {
|
|||
return u.String()
|
||||
}
|
||||
|
||||
// HTTPClient is the context key to use with golang.org/x/net/context's
|
||||
// WithValue function to associate an *http.Client value with a context.
|
||||
var HTTPClient ContextKey
|
||||
|
||||
// ContextKey is just an empty struct. It exists so HTTPClient can be
|
||||
// an immutable public variable with a unique type. It's immutable
|
||||
// because nobody else can create a ContextKey, being unexported.
|
||||
type ContextKey struct{}
|
||||
|
||||
func (p *OAuthProxy) redeemCode(ctx context.Context, host, code string) (s *sessionsapi.SessionState, err error) {
|
||||
if code == "" {
|
||||
return nil, errors.New("missing code")
|
||||
}
|
||||
redirectURI := p.GetRedirectURI(host)
|
||||
s, err = p.provider.Redeem(ctx, redirectURI, code)
|
||||
redeemCtx := context.WithValue(ctx, HTTPClient, p.client)
|
||||
s, err = p.provider.Redeem(redeemCtx, redirectURI, code)
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
|
|
|
|||
|
|
@ -44,6 +44,8 @@ var (
|
|||
|
||||
// OAuthProxy is the main authentication proxy
|
||||
type OAuthProxy struct {
|
||||
client *http.Client
|
||||
|
||||
CookieSeed string
|
||||
CookieName string
|
||||
CSRFCookieName string
|
||||
|
|
@ -94,7 +96,7 @@ type OAuthProxy struct {
|
|||
}
|
||||
|
||||
// NewOAuthProxy creates a new instance of OAuthProxy from the options provided
|
||||
func NewOAuthProxy(opts *options.Options, provider api.ProxyOutpostConfig) (*OAuthProxy, error) {
|
||||
func NewOAuthProxy(opts *options.Options, provider api.ProxyOutpostConfig, c *http.Client) (*OAuthProxy, error) {
|
||||
logger := log.WithField("logger", "authentik.outpost.proxy").WithField("provider", provider.Name)
|
||||
sessionStore, err := sessions.NewSessionStore(&opts.Session, &opts.Cookie)
|
||||
if err != nil {
|
||||
|
|
@ -122,6 +124,7 @@ func NewOAuthProxy(opts *options.Options, provider api.ProxyOutpostConfig) (*OAu
|
|||
sessionChain := buildSessionChain(opts, sessionStore)
|
||||
|
||||
return &OAuthProxy{
|
||||
client: c,
|
||||
CookieName: opts.Cookie.Name,
|
||||
CSRFCookieName: fmt.Sprintf("%v_%v", opts.Cookie.Name, "csrf"),
|
||||
CookieSeed: opts.Cookie.Secret,
|
||||
|
|
|
|||
Reference in New Issue