fix(oidc): use XFH header from backend for cookie domain

chore: remove unused debugging printing
fix(route): error not being returned
2026-01-15 08:03:37 +01:00 · 2025-04-22 09:57:44 +08:00 · 2025-04-22 09:54:19 +08:00 · 2025-04-22 09:18:25 +08:00 · 2025-04-22 07:18:51 +08:00
3 changed files with 32 additions and 14 deletions
--- a/internal/api/v1/auth/utils.go
+++ b/internal/api/v1/auth/utils.go
@@ -25,10 +25,20 @@ var (
 //	"abc.example.com" -> "example.com"
 //	"example.com" -> ""
 func cookieFQDN(r *http.Request) string {
-	host, _, err := net.SplitHostPort(r.Host)
-	if err != nil {
-		host = r.Host
+	var host string
+	// check if it's from backend
+	switch r.Host {
+	case common.APIHTTPAddr:
+		// use XFH
+		host = r.Header.Get("X-Forwarded-Host")
+	default:
+		var err error
+		host, _, err = net.SplitHostPort(r.Host)
+		if err != nil {
+			host = r.Host
+		}
 	}
+
 	parts := strutils.SplitRune(host, '.')
 	if len(parts) < 2 {
 		return ""
--- a/internal/net/gphttp/middleware/redirect_http.go
+++ b/internal/net/gphttp/middleware/redirect_http.go
@@ -7,7 +7,6 @@ import (
 	"strings"

 	"github.com/yusing/go-proxy/internal/common"
-	"github.com/yusing/go-proxy/internal/logging"
 )

 type redirectHTTP struct {
@@ -46,7 +45,5 @@ func (m *redirectHTTP) before(w http.ResponseWriter, r *http.Request) (proceed b
 	}

 	http.Redirect(w, r, r.URL.String(), http.StatusPermanentRedirect)
-
-	logging.Debug().Str("url", r.URL.String()).Str("user_agent", r.UserAgent()).Msg("redirect to https")
 	return false
 }
--- a/internal/route/route.go
+++ b/internal/route/route.go
@@ -59,6 +59,7 @@ type (

 		impl        types.Route
 		isValidated bool
+		lastError   gperr.Error
 	}
 	Routes map[string]*Route
 )
@@ -68,9 +69,9 @@ func (r Routes) Contains(alias string) bool {
 	return ok
 }

-func (r *Route) Validate() (err gperr.Error) {
+func (r *Route) Validate() gperr.Error {
 	if r.isValidated {
-		return nil
+		return r.lastError
 	}
 	r.isValidated = true
 	r.Finalize()
@@ -88,6 +89,9 @@ func (r *Route) Validate() (err gperr.Error) {

 	errs := gperr.NewBuilder("entry validation failed")

+	var impl types.Route
+	var err gperr.Error
+
 	switch r.Scheme {
 	case types.SchemeFileServer:
 		r.impl, err = NewFileServer(r)
@@ -115,25 +119,32 @@ func (r *Route) Validate() (err gperr.Error) {
 	}

 	if errs.HasError() {
-		return errs.Error()
+		r.lastError = errs.Error()
+		return r.lastError
 	}

 	switch r.Scheme {
 	case types.SchemeFileServer:
-		r.impl, err = NewFileServer(r)
+		impl, err = NewFileServer(r)
 	case types.SchemeHTTP, types.SchemeHTTPS:
-		r.impl, err = NewReverseProxyRoute(r)
+		impl, err = NewReverseProxyRoute(r)
 	case types.SchemeTCP, types.SchemeUDP:
-		r.impl, err = NewStreamRoute(r)
+		impl, err = NewStreamRoute(r)
 	default:
 		panic(fmt.Errorf("unexpected scheme %s for alias %s", r.Scheme, r.Alias))
 	}

-	return err
+	if err != nil {
+		r.lastError = err
+		return err
+	}
+
+	r.impl = impl
+	return nil
 }

 func (r *Route) Start(parent task.Parent) (err gperr.Error) {
-	if r.impl == nil {
+	if r.impl == nil { // should not happen
 		return gperr.New("route not initialized")
 	}
Author	SHA1	Message	Date
yusing	0a8aa2b215	fix(oidc): use XFH header from backend for cookie domain	2025-04-22 09:57:44 +08:00
yusing	5a984f5c0c	chore: remove unused debugging printing	2025-04-22 09:54:19 +08:00
yusing	d60688c66f	fix(route): error not being returned	2025-04-22 09:18:25 +08:00
yusing	23482da259	fix(route): panic on middleware error	2025-04-22 07:18:51 +08:00