forked from louketo/louketo-proxy
-
Notifications
You must be signed in to change notification settings - Fork 0
/
misc.go
79 lines (64 loc) · 2.44 KB
/
misc.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
/*
Copyright 2015 All rights reserved.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package main
import (
"encoding/base64"
"fmt"
"net/http"
"path"
"time"
log "github.com/Sirupsen/logrus"
"github.com/coreos/go-oidc/jose"
"github.com/gin-gonic/gin"
)
// accessForbidden redirects the user to the forbidden page
func (r *oauthProxy) accessForbidden(cx *gin.Context) {
if r.config.hasCustomForbiddenPage() {
cx.HTML(http.StatusForbidden, path.Base(r.config.ForbiddenPage), r.config.Tags)
cx.Abort()
return
}
cx.AbortWithStatus(http.StatusForbidden)
}
// redirectToURL redirects the user and aborts the context
func (r *oauthProxy) redirectToURL(url string, cx *gin.Context) {
cx.Redirect(http.StatusTemporaryRedirect, url)
cx.Abort()
}
// redirectToAuthorization redirects the user to authorization handler
func (r *oauthProxy) redirectToAuthorization(cx *gin.Context) {
if r.config.NoRedirects {
cx.AbortWithStatus(http.StatusUnauthorized)
return
}
// step: add a state referrer to the authorization page
authQuery := fmt.Sprintf("?state=%s", base64.StdEncoding.EncodeToString([]byte(cx.Request.URL.RequestURI())))
// step: if verification is switched off, we can't authorization
if r.config.SkipTokenVerification {
log.Errorf("refusing to redirection to authorization endpoint, skip token verification switched on")
cx.AbortWithStatus(http.StatusForbidden)
return
}
r.redirectToURL(oauthURL+authorizationURL+authQuery, cx)
}
// getAccessCookieExpiration calucates the expiration of the access token cookie
func (r *oauthProxy) getAccessCookieExpiration(token jose.JWT, refresh string) time.Duration {
// notes: by default the duration of the access token will be the configuration option, if
// however we can decode the refresh token, we will set the duration to the duraction of the
// refresh token
duration := r.config.AccessTokenDuration
if _, ident, err := parseToken(refresh); err == nil {
duration = ident.ExpiresAt.Sub(time.Now())
}
return duration
}