proxy: add userinfo and webauthn endpoints

[calebdoxsey]

Summary

Add /.pomerium and /.pomerium/webauthn endpoints to the proxy service. Currently these are only handled by authenticate. With these changes they will also be available on any domain Pomerium handles.

I also moved all the common handlers to internal/handlers. (I wanted to avoid any circular references in httputil, which should be for more generic HTTP functionality)

The webauthn relying party is now derived from the request so that the origin used depends on the domain where the webauthn handlers live. As a consequence devices will now be domain-specific. I don't think a device registered on a.example.com could be used for b.example.com, but maybe this needs more testing.

Related issues

• https://github.com/pomerium/internal/issues/1014
• https://github.com/pomerium/internal/issues/1013

Checklist

• reference any related issues
• updated unit tests
• add appropriate tag (improvement / bug / etc)
• ready for review

[calebdoxsey]

After discussion, we should attempt to use the parent top-level-domain as the origin. For example: console.example.com should use example.com as the origin. This should make it possible to re-use devices across domain names for most use cases. For cases where routes are spread across different TLDs devices will only be re-usable for the same domain. In the future we can provide the ability to customize this behavior similar to COOKIE_DOMAIN.

[coveralls]

Coverage decreased (-0.6%) to 64.372% when pulling 20f3e7e on cdoxsey/proxy-user-info into 81053ac on main.

[calebdoxsey]

It now uses the top-level domain name as the origin. Testing this with two routes it appears to register and authenticate existing devices properly.

[calebdoxsey]

(worth mentioning, this is a breaking change, the next version of Pomerium will require devices to be re-registered because now they will be attached to a different name)

[desimone]

Adding breaking tag so it's flagged.

[desimone]

Code LGTM, with a few small suggestions, and comments.