-
Notifications
You must be signed in to change notification settings - Fork 283
/
http.go
78 lines (71 loc) · 2.79 KB
/
http.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
// Package controlplane contains the HTTP and gRPC base servers and the xDS gRPC implementation for envoy.
package controlplane
import (
"net/http"
"net/url"
"time"
"github.com/CAFxX/httpcompression"
"github.com/gorilla/handlers"
"github.com/gorilla/mux"
"github.com/pomerium/csrf"
"github.com/pomerium/pomerium/config"
"github.com/pomerium/pomerium/internal/httputil"
"github.com/pomerium/pomerium/internal/log"
"github.com/pomerium/pomerium/internal/telemetry"
"github.com/pomerium/pomerium/internal/telemetry/requestid"
)
func (srv *Server) addHTTPMiddleware(root *mux.Router, cfg *config.Config) {
compressor, err := httpcompression.DefaultAdapter()
if err != nil {
panic(err)
}
root.Use(compressor)
root.Use(srv.reproxy.Middleware)
root.Use(requestid.HTTPMiddleware())
root.Use(log.NewHandler(log.Logger))
root.Use(log.AccessHandler(func(r *http.Request, status, size int, duration time.Duration) {
log.FromRequest(r).Debug().
Dur("duration", duration).
Int("size", size).
Int("status", status).
Str("method", r.Method).
Str("host", r.Host).
Str("path", r.URL.String()).
Msg("http-request")
}))
root.Use(handlers.RecoveryHandler())
root.Use(log.HeadersHandler(httputil.HeadersXForwarded))
root.Use(log.RemoteAddrHandler("ip"))
root.Use(log.UserAgentHandler("user_agent"))
root.Use(log.RefererHandler("referer"))
root.Use(log.RequestIDHandler("request-id"))
root.Use(telemetry.HTTPStatsHandler(func() string {
return srv.currentConfig.Load().Options.InstallationID
}, srv.name))
root.HandleFunc("/healthz", httputil.HealthCheck)
root.HandleFunc("/ping", httputil.HealthCheck)
root.Handle("/.well-known/pomerium", httputil.HandlerFunc(func(w http.ResponseWriter, r *http.Request) error {
return wellKnownPomerium(w, r, cfg)
}))
root.Handle("/.well-known/pomerium/", httputil.HandlerFunc(func(w http.ResponseWriter, r *http.Request) error {
return wellKnownPomerium(w, r, cfg)
}))
}
func wellKnownPomerium(w http.ResponseWriter, r *http.Request, cfg *config.Config) error {
authenticateURL, err := cfg.Options.GetAuthenticateURL()
if err != nil {
return err
}
wellKnownURLs := struct {
OAuth2Callback string `json:"authentication_callback_endpoint"` // RFC6749
JSONWebKeySetURL string `json:"jwks_uri"` // RFC7517
FrontchannelLogoutURI string `json:"frontchannel_logout_uri"` // https://openid.net/specs/openid-connect-frontchannel-1_0.html
}{
authenticateURL.ResolveReference(&url.URL{Path: "/oauth2/callback"}).String(),
authenticateURL.ResolveReference(&url.URL{Path: "/.well-known/pomerium/jwks.json"}).String(),
authenticateURL.ResolveReference(&url.URL{Path: "/.pomerium/sign_out"}).String(),
}
w.Header().Set("X-CSRF-Token", csrf.Token(r))
httputil.RenderJSON(w, http.StatusOK, wellKnownURLs)
return nil
}