Skip to content

Commit

Permalink
Moved auth_verify to server, responding either 204 or 401 as per ngin…
Browse files Browse the repository at this point in the history
…x standards (#84)
  • Loading branch information
robvanoostenrijk authored Dec 22, 2024
1 parent 425de3e commit 19faa3e
Show file tree
Hide file tree
Showing 2 changed files with 24 additions and 9 deletions.
9 changes: 0 additions & 9 deletions server/proxy.go
Original file line number Diff line number Diff line change
Expand Up @@ -99,15 +99,6 @@ func (p *Proxy) handler(respOutWriter http.ResponseWriter, reqIn *http.Request)
return
}

if p.config.AuthVerify && reqIn.URL.Path == p.config.AuthVerifyPath {
p.logger.
With(zap.String("remoteAddr", reqIn.RemoteAddr)).
Debug("Responding with 204 to auth verify request")
p.addHeaders(sessionClaims, respOutWriter.Header())
respOutWriter.WriteHeader(204)
return
}

reqOut = p.setupRequest(respOutWriter, reqIn)
if reqOut == nil {
return
Expand Down
24 changes: 24 additions & 0 deletions server/server.go
Original file line number Diff line number Diff line change
Expand Up @@ -112,6 +112,11 @@ func Start(ctx context.Context, listener net.Listener, logger *zap.Logger, cfg *
}

app := http.HandlerFunc(proxy.handler)
if cfg.AuthVerify {
http.Handle(cfg.AuthVerifyPath, authVerify(middleware))
}

http.Handle("/saml/sign_in", http.HandlerFunc(middleware.HandleStartAuthFlow))
http.Handle("/saml/", middleware)
http.Handle("/_health", http.HandlerFunc(proxy.health))
http.Handle("/", middleware.RequireAccount(app))
Expand Down Expand Up @@ -170,3 +175,22 @@ func setupHttpClient(idpCaFile string) (*http.Client, error) {

return client, nil
}

func authVerify(middleware *samlsp.Middleware) http.Handler {

return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {

session, err := middleware.Session.GetSession(r)

if session != nil {
w.WriteHeader(204)
return
}

if err == samlsp.ErrNoSession {
w.WriteHeader(401)
return
}

})
}

0 comments on commit 19faa3e

Please sign in to comment.