mirror of
https://github.com/opencloud-eu/opencloud.git
synced 2026-07-17 19:13:58 -04:00
WIP
This commit is contained in:
@@ -2,8 +2,11 @@ package command
|
||||
|
||||
import (
|
||||
"context"
|
||||
gohttp "net/http"
|
||||
_ "net/http/pprof"
|
||||
"os"
|
||||
"os/signal"
|
||||
"runtime"
|
||||
"strings"
|
||||
|
||||
"github.com/micro/cli/v2"
|
||||
@@ -109,6 +112,11 @@ func Server(cfg *config.Config) *cli.Command {
|
||||
cancel()
|
||||
})
|
||||
}
|
||||
runtime.SetBlockProfileRate(1)
|
||||
runtime.SetMutexProfileFraction(1)
|
||||
go func() {
|
||||
gohttp.ListenAndServe(":8887", nil)
|
||||
}()
|
||||
|
||||
return gr.Run()
|
||||
},
|
||||
|
||||
@@ -1,7 +1,12 @@
|
||||
package http
|
||||
|
||||
import (
|
||||
_ "net/http/pprof"
|
||||
|
||||
ghttp "net/http"
|
||||
|
||||
"github.com/go-chi/chi"
|
||||
cmw "github.com/go-chi/chi/middleware"
|
||||
"github.com/owncloud/ocis/accounts/pkg/assets"
|
||||
"github.com/owncloud/ocis/accounts/pkg/proto/v0"
|
||||
"github.com/owncloud/ocis/accounts/pkg/version"
|
||||
@@ -27,6 +32,9 @@ func Server(opts ...Option) http.Service {
|
||||
|
||||
mux := chi.NewMux()
|
||||
|
||||
mux.Use(func(next ghttp.Handler) ghttp.Handler {
|
||||
return cmw.Profiler()
|
||||
})
|
||||
mux.Use(middleware.RealIP)
|
||||
mux.Use(middleware.RequestID)
|
||||
mux.Use(middleware.NoCache)
|
||||
|
||||
@@ -268,8 +268,8 @@ func loadMiddlewares(ctx context.Context, l log.Logger, cfg *config.Config) alic
|
||||
|
||||
return alice.New(
|
||||
middleware.HTTPSRedirect,
|
||||
middleware.OIDCAuth(
|
||||
middleware.Logger(l),
|
||||
middleware.Authentication(
|
||||
// OIDC Options
|
||||
middleware.OIDCProviderFunc(func() (middleware.OIDCProvider, error) {
|
||||
// Initialize a provider by specifying the issuer URL.
|
||||
// it will fetch the keys from the issuer using the .well-known
|
||||
@@ -280,13 +280,12 @@ func loadMiddlewares(ctx context.Context, l log.Logger, cfg *config.Config) alic
|
||||
)
|
||||
}),
|
||||
middleware.HTTPClient(oidcHTTPClient),
|
||||
middleware.OIDCIss(cfg.OIDC.Issuer),
|
||||
middleware.TokenCacheSize(cfg.OIDC.UserinfoCache.Size),
|
||||
middleware.TokenCacheTTL(time.Second*time.Duration(cfg.OIDC.UserinfoCache.TTL)),
|
||||
),
|
||||
middleware.BasicAuth(
|
||||
|
||||
// basic Options
|
||||
middleware.Logger(l),
|
||||
middleware.EnableBasicAuth(cfg.EnableBasicAuth),
|
||||
middleware.EnableBasicAuth(true),
|
||||
middleware.AccountsClient(accountsClient),
|
||||
middleware.OIDCIss(cfg.OIDC.Issuer),
|
||||
),
|
||||
|
||||
48
proxy/pkg/middleware/authentication.go
Normal file
48
proxy/pkg/middleware/authentication.go
Normal file
@@ -0,0 +1,48 @@
|
||||
package middleware
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"net/http"
|
||||
"time"
|
||||
)
|
||||
|
||||
// Authentication is a higher level authentication middleware.
|
||||
func Authentication(opts ...Option) func(next http.Handler) http.Handler {
|
||||
options := newOptions(opts...)
|
||||
|
||||
oidc := OIDCAuth(
|
||||
Logger(options.Logger),
|
||||
OIDCProviderFunc(options.OIDCProviderFunc),
|
||||
HTTPClient(options.HTTPClient),
|
||||
OIDCIss(options.OIDCIss),
|
||||
TokenCacheSize(options.UserinfoCacheSize),
|
||||
TokenCacheTTL(time.Second*time.Duration(options.UserinfoCacheTTL)),
|
||||
)
|
||||
|
||||
basic := BasicAuth(
|
||||
Logger(options.Logger),
|
||||
EnableBasicAuth(options.EnableBasicAuth),
|
||||
AccountsClient(options.AccountsClient),
|
||||
OIDCIss(options.OIDCIss),
|
||||
)
|
||||
|
||||
return func(next http.Handler) http.Handler {
|
||||
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
// here we multiplex depending on the use agent
|
||||
userAgent := r.Header.Get("User-Agent")
|
||||
fmt.Printf("\n\nUser-Agent:\t%s\n\n", userAgent)
|
||||
switch userAgent {
|
||||
case "a":
|
||||
oidc(next).ServeHTTP(w, r)
|
||||
return
|
||||
case "b":
|
||||
basic(next).ServeHTTP(w, r)
|
||||
return
|
||||
default:
|
||||
oidc(next).ServeHTTP(w, r)
|
||||
basic(next).ServeHTTP(w, r)
|
||||
return
|
||||
}
|
||||
})
|
||||
}
|
||||
}
|
||||
@@ -2,11 +2,12 @@ package middleware
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"net/http"
|
||||
"strings"
|
||||
|
||||
accounts "github.com/owncloud/ocis/accounts/pkg/proto/v0"
|
||||
"github.com/owncloud/ocis/ocis-pkg/log"
|
||||
"github.com/owncloud/ocis/ocis-pkg/oidc"
|
||||
"net/http"
|
||||
"strings"
|
||||
)
|
||||
|
||||
const publicFilesEndpoint = "/remote.php/dav/public-files/"
|
||||
@@ -38,6 +39,8 @@ func BasicAuth(optionSetters ...Option) func(next http.Handler) http.Handler {
|
||||
account, ok := h.getAccount(req)
|
||||
|
||||
if !ok {
|
||||
// TODO need correct hostname
|
||||
w.Header().Add("WWW-Authenticate", "Basic realm=\"Access to localhost\", charset=\"UTF-8\"")
|
||||
w.WriteHeader(http.StatusUnauthorized)
|
||||
return
|
||||
}
|
||||
|
||||
@@ -38,7 +38,10 @@ func OIDCAuth(optionSetters ...Option) func(next http.Handler) http.Handler {
|
||||
return func(next http.Handler) http.Handler {
|
||||
return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
|
||||
if !h.shouldServe(req) {
|
||||
next.ServeHTTP(w, req)
|
||||
// TODO need correct hostname
|
||||
w.Header().Add("WWW-Authenticate", "Bearer realm=\"Access to localhost\", charset=\"UTF-8\"")
|
||||
//w.WriteHeader(http.StatusUnauthorized)
|
||||
//next.ServeHTTP(w, req)
|
||||
return
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user