MCPcopy
hub / github.com/oauth2-proxy/oauth2-proxy / buildPreAuthChain

Function buildPreAuthChain

oauthproxy.go:361–399  ·  view source on GitHub ↗

buildPreAuthChain constructs a chain that should process every request before the OAuth2 Proxy authentication logic kicks in. For example forcing HTTPS or health checks.

(opts *options.Options, sessionStore sessionsapi.SessionStore, trustedProxies *ip.NetSet)

Source from the content-addressed store, hash-verified

359// the OAuth2 Proxy authentication logic kicks in.
360// For example forcing HTTPS or health checks.
361func buildPreAuthChain(opts *options.Options, sessionStore sessionsapi.SessionStore, trustedProxies *ip.NetSet) (alice.Chain, error) {
362 chain := alice.New(middleware.NewScope(opts.ReverseProxy, opts.Logging.RequestIDHeader, trustedProxies))
363
364 if opts.ForceHTTPS {
365 _, httpsPort, err := net.SplitHostPort(opts.Server.SecureBindAddress)
366 if err != nil {
367 return alice.Chain{}, fmt.Errorf("invalid HTTPS address %q: %v", opts.Server.SecureBindAddress, err)
368 }
369 chain = chain.Append(middleware.NewRedirectToHTTPS(httpsPort))
370 }
371
372 healthCheckPaths := []string{opts.PingPath}
373 healthCheckUserAgents := []string{opts.PingUserAgent}
374 if opts.GCPHealthChecks {
375 logger.Printf("WARNING: GCP HealthChecks are now deprecated: Reconfigure apps to use the ping path for liveness and readiness checks, set the ping user agent to \"GoogleHC/1.0\" to preserve existing behaviour")
376 healthCheckPaths = append(healthCheckPaths, "/liveness_check", "/readiness_check")
377 healthCheckUserAgents = append(healthCheckUserAgents, "GoogleHC/1.0")
378 }
379
380 // To silence logging of health checks, register the health check handler before
381 // the logging handler
382 if opts.Logging.SilencePing {
383 chain = chain.Append(
384 middleware.NewHealthCheck(healthCheckPaths, healthCheckUserAgents),
385 middleware.NewReadynessCheck(opts.ReadyPath, sessionStore),
386 middleware.NewRequestLogger(),
387 )
388 } else {
389 chain = chain.Append(
390 middleware.NewRequestLogger(),
391 middleware.NewHealthCheck(healthCheckPaths, healthCheckUserAgents),
392 middleware.NewReadynessCheck(opts.ReadyPath, sessionStore),
393 )
394 }
395
396 chain = chain.Append(middleware.NewRequestMetricsWithDefaultRegistry())
397
398 return chain, nil
399}
400
401func buildTrustedProxyNetSet(opts *options.Options) (*ip.NetSet, error) {
402 trustedProxyIPs := opts.TrustedProxyIPs

Callers 1

NewOAuthProxyFunction · 0.85

Calls 7

NewScopeFunction · 0.92
NewRedirectToHTTPSFunction · 0.92
PrintfFunction · 0.92
NewHealthCheckFunction · 0.92
NewReadynessCheckFunction · 0.92
NewRequestLoggerFunction · 0.92

Tested by

no test coverage detected