starred/godoxy-yusing
1
0
Fork 0
mirror of https://github.com/yusing/godoxy.git synced 2026-04-26 10:18:29 +02:00
Code Issues 18 Packages Projects Releases 10 Wiki Activity

v0.26.0

Browse Source
This commit is contained in:
yusing
2026-02-16 08:59:01 +08:00
parent 15b9635ee1
commit e4e6f6b3e8
242 changed files with 3953 additions and 3502 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
internal/net/gphttp/middleware/oidc.go
View File

@@ -7,8 +7,10 @@ import (
"sync"
"sync/atomic"
"github.com/rs/zerolog/log"
"github.com/yusing/godoxy/internal/auth"
gperr "github.com/yusing/goutils/errs"
httpevents "github.com/yusing/goutils/events/http"
"github.com/yusing/goutils/http/httpheaders"
)
type oidcMiddleware struct {
@@ -28,7 +30,7 @@ var OIDC = NewMiddleware[oidcMiddleware]()
func (amw *oidcMiddleware) finalize() error {
if !auth.IsOIDCEnabled() {
return gperr.New("OIDC not enabled but OIDC middleware is used")
log.Error().Msg("OIDC not enabled but OIDC middleware is used")
}
return nil
}
@@ -97,6 +99,10 @@ func (amw *oidcMiddleware) initSlow() error {
}
func (amw *oidcMiddleware) before(w http.ResponseWriter, r *http.Request) (proceed bool) {
if !auth.IsOIDCEnabled() {
return true
}
if err := amw.init(); err != nil {
// no need to log here, main OIDC should've already failed and logged
http.Error(w, err.Error(), http.StatusInternalServerError)
@@ -105,7 +111,7 @@ func (amw *oidcMiddleware) before(w http.ResponseWriter, r *http.Request) (proce
if r.URL.Path == auth.OIDCLogoutPath {
amw.auth.LogoutHandler(w, r)
return true
return false
}
err := amw.auth.CheckToken(r)
@@ -113,11 +119,31 @@ func (amw *oidcMiddleware) before(w http.ResponseWriter, r *http.Request) (proce
return true
}
emitBlockedEvent := func() {
if r.Method != http.MethodHead {
httpevents.Blocked(r, "OIDC", err.Error())
}
}
isGet := r.Method == http.MethodGet
isWS := httpheaders.IsWebsocket(r.Header)
switch {
case r.Method == http.MethodHead:
w.WriteHeader(http.StatusOK)
case !isGet, isWS:
http.Error(w, err.Error(), http.StatusForbidden)
reqType := r.Method
if isWS {
reqType = "WebSocket"
}
OIDC.LogWarn(r).Msgf("[OIDC] %s request blocked.\nConsider adding bypass rule for this path if needed", reqType)
emitBlockedEvent()
return false
case errors.Is(err, auth.ErrMissingOAuthToken):
amw.auth.HandleAuth(w, r)
default:
auth.WriteBlockPage(w, http.StatusForbidden, err.Error(), "Logout", auth.OIDCLogoutPath)
emitBlockedEvent()
}
return false
}