This commit is contained in:
A.Unger
2020-11-30 17:19:03 +01:00
parent d856d5470e
commit 5cb359d877
6 changed files with 78 additions and 9 deletions

View File

@@ -2,8 +2,11 @@ package command
import (
"context"
gohttp "net/http"
_ "net/http/pprof"
"os"
"os/signal"
"runtime"
"strings"
"github.com/micro/cli/v2"
@@ -109,6 +112,11 @@ func Server(cfg *config.Config) *cli.Command {
cancel()
})
}
runtime.SetBlockProfileRate(1)
runtime.SetMutexProfileFraction(1)
go func() {
gohttp.ListenAndServe(":8887", nil)
}()
return gr.Run()
},

View File

@@ -1,7 +1,12 @@
package http
import (
_ "net/http/pprof"
ghttp "net/http"
"github.com/go-chi/chi"
cmw "github.com/go-chi/chi/middleware"
"github.com/owncloud/ocis/accounts/pkg/assets"
"github.com/owncloud/ocis/accounts/pkg/proto/v0"
"github.com/owncloud/ocis/accounts/pkg/version"
@@ -27,6 +32,9 @@ func Server(opts ...Option) http.Service {
mux := chi.NewMux()
mux.Use(func(next ghttp.Handler) ghttp.Handler {
return cmw.Profiler()
})
mux.Use(middleware.RealIP)
mux.Use(middleware.RequestID)
mux.Use(middleware.NoCache)

View File

@@ -268,8 +268,8 @@ func loadMiddlewares(ctx context.Context, l log.Logger, cfg *config.Config) alic
return alice.New(
middleware.HTTPSRedirect,
middleware.OIDCAuth(
middleware.Logger(l),
middleware.Authentication(
// OIDC Options
middleware.OIDCProviderFunc(func() (middleware.OIDCProvider, error) {
// Initialize a provider by specifying the issuer URL.
// it will fetch the keys from the issuer using the .well-known
@@ -280,13 +280,12 @@ func loadMiddlewares(ctx context.Context, l log.Logger, cfg *config.Config) alic
)
}),
middleware.HTTPClient(oidcHTTPClient),
middleware.OIDCIss(cfg.OIDC.Issuer),
middleware.TokenCacheSize(cfg.OIDC.UserinfoCache.Size),
middleware.TokenCacheTTL(time.Second*time.Duration(cfg.OIDC.UserinfoCache.TTL)),
),
middleware.BasicAuth(
// basic Options
middleware.Logger(l),
middleware.EnableBasicAuth(cfg.EnableBasicAuth),
middleware.EnableBasicAuth(true),
middleware.AccountsClient(accountsClient),
middleware.OIDCIss(cfg.OIDC.Issuer),
),

View File

@@ -0,0 +1,48 @@
package middleware
import (
"fmt"
"net/http"
"time"
)
// Authentication is a higher level authentication middleware.
func Authentication(opts ...Option) func(next http.Handler) http.Handler {
options := newOptions(opts...)
oidc := OIDCAuth(
Logger(options.Logger),
OIDCProviderFunc(options.OIDCProviderFunc),
HTTPClient(options.HTTPClient),
OIDCIss(options.OIDCIss),
TokenCacheSize(options.UserinfoCacheSize),
TokenCacheTTL(time.Second*time.Duration(options.UserinfoCacheTTL)),
)
basic := BasicAuth(
Logger(options.Logger),
EnableBasicAuth(options.EnableBasicAuth),
AccountsClient(options.AccountsClient),
OIDCIss(options.OIDCIss),
)
return func(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
// here we multiplex depending on the use agent
userAgent := r.Header.Get("User-Agent")
fmt.Printf("\n\nUser-Agent:\t%s\n\n", userAgent)
switch userAgent {
case "a":
oidc(next).ServeHTTP(w, r)
return
case "b":
basic(next).ServeHTTP(w, r)
return
default:
oidc(next).ServeHTTP(w, r)
basic(next).ServeHTTP(w, r)
return
}
})
}
}

View File

@@ -2,11 +2,12 @@ package middleware
import (
"fmt"
"net/http"
"strings"
accounts "github.com/owncloud/ocis/accounts/pkg/proto/v0"
"github.com/owncloud/ocis/ocis-pkg/log"
"github.com/owncloud/ocis/ocis-pkg/oidc"
"net/http"
"strings"
)
const publicFilesEndpoint = "/remote.php/dav/public-files/"
@@ -38,6 +39,8 @@ func BasicAuth(optionSetters ...Option) func(next http.Handler) http.Handler {
account, ok := h.getAccount(req)
if !ok {
// TODO need correct hostname
w.Header().Add("WWW-Authenticate", "Basic realm=\"Access to localhost\", charset=\"UTF-8\"")
w.WriteHeader(http.StatusUnauthorized)
return
}

View File

@@ -38,7 +38,10 @@ func OIDCAuth(optionSetters ...Option) func(next http.Handler) http.Handler {
return func(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
if !h.shouldServe(req) {
next.ServeHTTP(w, req)
// TODO need correct hostname
w.Header().Add("WWW-Authenticate", "Bearer realm=\"Access to localhost\", charset=\"UTF-8\"")
//w.WriteHeader(http.StatusUnauthorized)
//next.ServeHTTP(w, req)
return
}