MCPcopy
hub / github.com/oauth2-proxy/oauth2-proxy / Proxy

Method Proxy

oauthproxy.go:1041–1086  ·  view source on GitHub ↗

Proxy proxies the user request if the user is authenticated else it prompts them to authenticate

(rw http.ResponseWriter, req *http.Request)

Source from the content-addressed store, hash-verified

1039// Proxy proxies the user request if the user is authenticated else it prompts
1040// them to authenticate
1041func (p *OAuthProxy) Proxy(rw http.ResponseWriter, req *http.Request) {
1042 session, err := p.getAuthenticatedSession(rw, req)
1043 switch err {
1044 case nil:
1045 // Check against our authorization constraints and return forbidden
1046 // if this request fails to satisfy them.
1047 if !authOnlyAuthorize(req, session) {
1048 http.Error(rw, http.StatusText(http.StatusForbidden), http.StatusForbidden)
1049 return
1050 }
1051
1052 // we are authenticated
1053 p.addHeadersForProxying(rw, session)
1054 p.headersChain.Then(p.upstreamProxy).ServeHTTP(rw, req)
1055 case ErrNeedsLogin:
1056 // we need to send the user to a login screen
1057 if p.forceJSONErrors || isAjax(req) || p.isAPIPath(req) {
1058 logger.Printf("No valid authentication in request. Access Denied.")
1059 // no point redirecting an AJAX request
1060 p.errorJSON(rw, http.StatusUnauthorized)
1061 return
1062 }
1063
1064 logger.Printf("No valid authentication in request. Initiating login.")
1065 if p.SkipProviderButton {
1066 // start OAuth flow, but only with the default login URL params - do not
1067 // consider this request's query params as potential overrides, since
1068 // the user did not explicitly start the login flow
1069 p.doOAuthStart(rw, req, nil)
1070 } else {
1071 p.SignInPage(rw, req, http.StatusForbidden)
1072 }
1073
1074 case ErrAccessDenied:
1075 if p.forceJSONErrors {
1076 p.errorJSON(rw, http.StatusForbidden)
1077 } else {
1078 p.ErrorPage(rw, req, http.StatusForbidden, "The session failed authorization checks")
1079 }
1080
1081 default:
1082 // unknown error
1083 logger.Errorf("Unexpected internal error: %v", err)
1084 p.ErrorPage(rw, req, http.StatusInternalServerError, err.Error())
1085 }
1086}
1087
1088// See https://developers.google.com/web/fundamentals/performance/optimizing-content-efficiency/http-caching?hl=en
1089var noCacheHeaders = map[string]string{

Callers

nothing calls this directly

Calls 13

addHeadersForProxyingMethod · 0.95
isAPIPathMethod · 0.95
errorJSONMethod · 0.95
doOAuthStartMethod · 0.95
SignInPageMethod · 0.95
ErrorPageMethod · 0.95
PrintfFunction · 0.92
ErrorfFunction · 0.92
authOnlyAuthorizeFunction · 0.85
isAjaxFunction · 0.85
ErrorMethod · 0.65

Tested by

no test coverage detected