Change name condition to restrictions

typester · Aug 16, 2014 · c3834c0 · c3834c0
1 parent f5a8fdb
commit c3834c0
Show file tree

Hide file tree

Showing 5 changed files with 41 additions and 36 deletions.
diff --git a/README.md b/README.md
@@ -1,8 +1,8 @@
 # "gate" for your private resources
 
-gate is a static file server and reverse proxy integrated with Google/GitHub account authentication.
+gate is a static file server and reverse proxy integrated with OAuth2 account authentication.
 
-With gate, you can safely serve your private resources with your company Google Apps/GitHub authenticaiton.
+With gate, you can safely serve your private resources based on whether or not request user is a member of your company's Google Apps or GitHub organizations.
 
 ## Usage
 
@@ -16,27 +16,30 @@ With gate, you can safely serve your private resources with your company Google
 # address to bind
 address: :9999
 
-# ssl keys (optional)
-ssl:
-  cert: ./ssl/ssl.cer
-  key: ./ssl/ssl.key
+# # ssl keys (optional)
+# ssl:
+#   cert: ./ssl/ssl.cer
+#   key: ./ssl/ssl.key
 
 auth:
   session:
     # authentication key for cookie store
     key: secret123
 
   info:
+    # oauth2 provider name (`google` or `github`)
     service: google
-    # your google app keys
+    # your app keys for the service
     client_id: your client id
     client_secret: your client secret
-    # your google app redirect_url: path is always "/oauth2callback"
+    # your app redirect_url for the service: if the service is Google, path is always "/oauth2callback"
     redirect_url: https://yourapp.example.com/oauth2callback
 
-# restrict domain. (optional)
-conditions:
-  - yourdomain.com
+# # restrict user request. (optional)
+# restrictions:
+#   - yourdomain.com    # domain of your Google App (Google)
+#   - example@gmail.com # specific email address (same as above)
+#   - your_company_org  # organization name (GitHub)
 
 # document root for static files
 htdocs: ./
@@ -66,10 +69,10 @@ auth:
     client_secret: your client secret
     redirect_url: https://yourapp.example.com/oauth2callback
 
-# restrict domain. (optional)
-conditions:
-  - example.com
-  - you@example.com
+# restrict user request. (optional)
+restrictions:
+  - yourdomain.com    # domain of your Google App
+  - example@gmail.com # specific email address
 ```
 
 ### Example config for GitHub
@@ -84,8 +87,8 @@ auth:
     client_secret: your client secret
     redirect_url: https://yourapp.example.com/oauth2callback
 
-# restrict organization (optional)
-conditions:
+# restrict user request. (optional)
+restrictions:
   - foo_organization
   - bar_organization
 ```

diff --git a/conf.go b/conf.go
@@ -7,12 +7,12 @@ import (
 )
 
 type Conf struct {
-	Addr       string      `yaml:"address"`
-	SSL        SSLConf     `yaml:"ssl"`
-	Auth       AuthConf    `yaml:"auth"`
-	Conditions []string    `yaml:"conditions"`
-	Proxies    []ProxyConf `yaml:"proxy"`
-	Htdocs     string      `yaml:"htdocs"`
+	Addr         string      `yaml:"address"`
+	SSL          SSLConf     `yaml:"ssl"`
+	Auth         AuthConf    `yaml:"auth"`
+	Restrictions []string    `yaml:"restrictions"`
+	Proxies      []ProxyConf `yaml:"proxy"`
+	Htdocs       string      `yaml:"htdocs"`
 }
 
 type SSLConf struct {

diff --git a/config_sample.yml b/config_sample.yml
@@ -12,17 +12,19 @@ auth:
     key: secret123
 
   info:
+    # oauth2 provider name (`google` or `github`)
     service: google
     # your app keys for the service
     client_id: your client id
     client_secret: your client secret
     # your app redirect_url for the service: if the service is Google, path is always "/oauth2callback"
     redirect_url: https://yourapp.example.com/oauth2callback
 
-# # restrict domain. (optional)
-# domain:
-#   - yourdomain.com    # restrict by domain
-#   - example@gmail.com # or specific address
+# # restrict user request. (optional)
+# restrictions:
+#   - yourdomain.com    # domain of your Google App (Google)
+#   - example@gmail.com # specific email address (same as above)
+#   - your_company_org  # organization name (GitHub)
 
 # document root for static files
 htdocs: ./

diff --git a/config_test.go b/config_test.go
@@ -50,7 +50,7 @@ proxy:
 	}
 }
 
-func TestParseMultiConditions(t *testing.T) {
+func TestParseMultiRestrictions(t *testing.T) {
 	f, err := ioutil.TempFile("", "")
 	if err != nil {
 		t.Error(err)
@@ -80,7 +80,7 @@ proxy:
     dest: http://example.com/bar
     strip_path: yes
 
-conditions:
+restrictions:
   - 'example1.com'
   - 'example2.com'
 `
@@ -93,12 +93,12 @@ conditions:
 		t.Error(err)
 	}
 
-	if len(conf.Conditions) != 2 {
-		t.Errorf("unexpected conditions num: %d", len(conf.Conditions))
+	if len(conf.Restrictions) != 2 {
+		t.Errorf("unexpected restrictions num: %d", len(conf.Restrictions))
 	}
 
-	if conf.Conditions[0] != "example1.com" || conf.Conditions[1] != "example2.com" {
-		t.Errorf("unexpected conditions: %+v", conf.Conditions)
+	if conf.Restrictions[0] != "example1.com" || conf.Restrictions[1] != "example2.com" {
+		t.Errorf("unexpected restrictions: %+v", conf.Restrictions)
 	}
 }
 
diff --git a/httpd.go b/httpd.go
@@ -37,7 +37,7 @@ func (s *Server) Run() error {
 	m.Use(a.Handler())
 
 	m.Use(loginRequired())
-	m.Use(restrictByConditions(s.Conf.Conditions, a))
+	m.Use(restrictRequest(s.Conf.Restrictions, a))
 
 	for i := range s.Conf.Proxies {
 		p := s.Conf.Proxies[i]
@@ -158,14 +158,14 @@ func base64Decode(s string) ([]byte, error) {
 	return base64.URLEncoding.DecodeString(s)
 }
 
-func restrictByConditions(conditions []string, authenticator Authenticator) martini.Handler {
+func restrictRequest(restrictions []string, authenticator Authenticator) martini.Handler {
 	return func(c martini.Context, tokens oauth2.Tokens, w http.ResponseWriter, r *http.Request) {
 		// skip websocket
 		if isWebsocket(r) {
 			return
 		}
 
-		authenticator.Authenticate(conditions, c, tokens, w, r)
+		authenticator.Authenticate(restrictions, c, tokens, w, r)
 	}
 }