Skip to content

Commit

Permalink
Strip out X-Forwarded-User header (or rather GRIST_FORWARD_AUTH_HEADE…
Browse files Browse the repository at this point in the history 
…R) (#10)

* control header on all endpoints
* Combine routes that only differ in paths

---------

Co-authored-by: Paul Fitzpatrick <paulfitz@alum.mit.edu>
  • Loading branch information
@dsagal @paulfitz
dsagal and paulfitz committed Nov 7, 2023
1 parent e9aba87 commit 9b0853a
Showing 1 changed file with 20 additions and 74 deletions.
94 changes: 20 additions & 74 deletions traefik.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,57 +22,35 @@ http:
forwardauth:
address: 'http://127.0.0.1:{{ env "TFA_PORT" }}'
authResponseHeaders: [ '{{ env "GRIST_FORWARD_AUTH_HEADER" }}' ]
no-fwd:
headers:
customRequestHeaders:
'{{ env "GRIST_FORWARD_AUTH_HEADER" }}': ""

routers:
route-grist-login:
rule: "PathPrefix(`/auth/login`)"
service: grist
middlewares:
- tfa
entryPoints:
- web
route-grist-auth:
rule: "PathPrefix(`/_oauth`)"
rule: "PathPrefix(`/auth/login`) || PathPrefix(`/_oauth`)"
service: grist
middlewares:
- tfa
entryPoints:
- web

route-grist:
rule: "PathPrefix(`/`)"
priority: 1 # Set a lower priority than the other rules
service: grist
middlewares:
- no-fwd
entryPoints:
- web
route-signed-out:
rule: "Path(`/signed-out`)"
service: grist
entryPoints:
- web
route-api:
rule: "PathPrefix(`/api/`)"
service: grist
entryPoints:
- web
route-api-org:
rule: "PathPrefix(`/o/{org:[^/]+}/api/`)"
service: grist
entryPoints:
- web
route-assets:
rule: "PathPrefix(`/v/unknown/`)"
service: grist
entryPoints:
- web

route-dex:
rule: "PathPrefix(`/dex/`)"
service: dex
entryPoints:
- web
route-dex-bare:
rule: "Path(`/dex`)"
rule: "PathPrefix(`/dex/`) || Path(`/dex`)"
service: dex
entryPoints:
- web

route-who:
rule: "Path(`/who`)"
service: whoami
Expand All @@ -82,63 +60,31 @@ http:
{{ $use_https := env "USE_HTTPS" }}
{{if eq $use_https "true" }}
https-route-grist-login:
rule: "Host(`{{ env "APP_HOST" }}`) && PathPrefix(`/auth/login`)"
service: grist
middlewares:
- tfa
entryPoints:
- websecure
tls: {{ env "TLS" }}
https-route-grist-auth:
rule: "Host(`{{ env "APP_HOST" }}`) && PathPrefix(`/_oauth`)"
rule: "Host(`{{ env "APP_HOST" }}`) && (PathPrefix(`/auth/login`) || PathPrefix(`/_oauth`))"
service: grist
middlewares:
- tfa
entryPoints:
- websecure
tls: {{ env "TLS" }}

https-route-grist:
rule: "Host(`{{ env "APP_HOST" }}`) && PathPrefix(`/`)"
priority: 1 # Set a lower priority than the other rules
service: grist
middlewares:
- no-fwd
entryPoints:
- websecure
tls: {{ env "TLS" }}
https-route-signed-out:
rule: "Host(`{{ env "APP_HOST" }}`) && Path(`/signed-out`)"
service: grist
entryPoints:
- websecure
tls: {{ env "TLS" }}
https-route-api:
rule: "Host(`{{ env "APP_HOST" }}`) && PathPrefix(`/api/`)"
service: grist
entryPoints:
- websecure
tls: {{ env "TLS" }}
https-route-api-org:
rule: "Host(`{{ env "APP_HOST" }}`) && PathPrefix(`/o/{org:[^/]+}/api/`)"
service: grist
entryPoints:
- websecure
tls: {{ env "TLS" }}
https-route-assets:
rule: "Host(`{{ env "APP_HOST" }}`) && PathPrefix(`/v/unknown/`)"
service: grist
entryPoints:
- websecure
tls: {{ env "TLS" }}

https-route-dex:
rule: "Host(`{{ env "APP_HOST" }}`) && PathPrefix(`/dex/`)"
service: dex
entryPoints:
- websecure
tls: {{ env "TLS" }}
https-route-dex-bare:
rule: "Host(`{{ env "APP_HOST" }}`) && Path(`/dex`)"
rule: "Host(`{{ env "APP_HOST" }}`) && (PathPrefix(`/dex/`) || Path(`/dex`))"
service: dex
entryPoints:
- websecure
tls: {{ env "TLS" }}

https-route-who:
rule: "Host(`{{ env "APP_HOST" }}`) && Path(`/who`)"
service: whoami
Expand Down

0 comments on commit 9b0853a

Please sign in to comment.