diff --git a/proxy/pkg/command/server.go b/proxy/pkg/command/server.go index b675274ca3..a04a7293b8 100644 --- a/proxy/pkg/command/server.go +++ b/proxy/pkg/command/server.go @@ -267,7 +267,7 @@ func loadMiddlewares(ctx context.Context, l log.Logger, cfg *config.Config) alic } return alice.New( - middleware.HTTPsRedirect, + middleware.HTTPSRedirect, middleware.OIDCAuth( middleware.Logger(l), middleware.OIDCProviderFunc(func() (middleware.OIDCProvider, error) { diff --git a/proxy/pkg/middleware/account_resolver.go b/proxy/pkg/middleware/account_resolver.go index 49adb83d13..1805e16c5a 100644 --- a/proxy/pkg/middleware/account_resolver.go +++ b/proxy/pkg/middleware/account_resolver.go @@ -17,6 +17,8 @@ import ( "strings" ) +// AccountResolver provides a middleware which mints a jwt and adds it to the proxied request based +// on the oidc-claims func AccountResolver(optionSetters ...Option) func(next http.Handler) http.Handler { options := newOptions(optionSetters...) logger := options.Logger diff --git a/proxy/pkg/middleware/basic_auth.go b/proxy/pkg/middleware/basic_auth.go index add13fe962..78363a58ac 100644 --- a/proxy/pkg/middleware/basic_auth.go +++ b/proxy/pkg/middleware/basic_auth.go @@ -9,6 +9,7 @@ import ( "strings" ) +// BasicAuth provides a middleware to check if BasicAuth is provided func BasicAuth(optionSetters ...Option) func(next http.Handler) http.Handler { options := newOptions(optionSetters...) diff --git a/proxy/pkg/middleware/create_home.go b/proxy/pkg/middleware/create_home.go index 09b83e54f2..2d86e8f1b8 100644 --- a/proxy/pkg/middleware/create_home.go +++ b/proxy/pkg/middleware/create_home.go @@ -14,6 +14,7 @@ import ( "net/http" ) +// CreateHome provides a middleware which sends a CreateHome request to the reva gateway func CreateHome(optionSetters ...Option) func(next http.Handler) http.Handler { options := newOptions(optionSetters...) logger := options.Logger diff --git a/proxy/pkg/middleware/https_redirect.go b/proxy/pkg/middleware/https_redirect.go index 588e4def82..f5d94144cb 100644 --- a/proxy/pkg/middleware/https_redirect.go +++ b/proxy/pkg/middleware/https_redirect.go @@ -5,8 +5,8 @@ import ( "net/http" ) -// RedirectToHTTPS redirects insecure requests to https -func HTTPsRedirect(next http.Handler) http.Handler { +// HTTPSRedirect redirects insecure requests to https +func HTTPSRedirect(next http.Handler) http.Handler { return http.HandlerFunc(func(res http.ResponseWriter, req *http.Request) { proto := req.Header.Get("x-forwarded-proto") if proto == "http" || proto == "HTTP" { diff --git a/proxy/pkg/middleware/middleware.go b/proxy/pkg/middleware/middleware.go index 32883cbbe3..c97da6e2b3 100644 --- a/proxy/pkg/middleware/middleware.go +++ b/proxy/pkg/middleware/middleware.go @@ -5,7 +5,12 @@ import ( ) var ( + // ErrInvalidToken is returned when the request token is invalid. ErrInvalidToken = errors.New("invalid or missing token") + + // ErrUnauthorized is returned if the request is not authorized ErrUnauthorized = errors.New("unauthorized") + + // ErrInternal is returned if something went wrong ErrInternal = errors.New("internal error") ) diff --git a/proxy/pkg/middleware/oidc_auth.go b/proxy/pkg/middleware/oidc_auth.go index cf5ab4812f..7c805aab22 100644 --- a/proxy/pkg/middleware/oidc_auth.go +++ b/proxy/pkg/middleware/oidc_auth.go @@ -10,10 +10,12 @@ import ( "strings" ) +// OIDCProvider used to mock the oidc provider during tests type OIDCProvider interface { UserInfo(ctx context.Context, ts oauth2.TokenSource) (*gOidc.UserInfo, error) } +// OIDCAuth provides a middleware to check access secured by a static token. func OIDCAuth(optionSetters ...Option) func(next http.Handler) http.Handler { options := newOptions(optionSetters...) @@ -111,9 +113,5 @@ func (m oidcAuth) shouldServe(req *http.Request) bool { } } - if !strings.HasPrefix(header, "Bearer ") { - return false - } - - return true + return strings.HasPrefix(header, "Bearer ") } diff --git a/proxy/pkg/middleware/signed_url_auth.go b/proxy/pkg/middleware/signed_url_auth.go index d5bf905517..7546442c2d 100644 --- a/proxy/pkg/middleware/signed_url_auth.go +++ b/proxy/pkg/middleware/signed_url_auth.go @@ -19,6 +19,7 @@ import ( "time" ) +// SignedURLAuth provides a middleware to check access secured by a signed URL. func SignedURLAuth(optionSetters ...Option) func(next http.Handler) http.Handler { options := newOptions(optionSetters...)