Documentation ¶
Index ¶
- Constants
- func AuthCallbackHandler(domains domains.Domains, whitelist whitelist.Whitelist, ...) http.Handler
- func ForwardAuthHandler(domains domains.Domains, oauthHandlers map[domains.Domain]oauth.Handler, ...) http.Handler
- func HealthHandler(sessions sessions.Sessions, states state.States[string]) http.Handler
- func LogoutHandler(domains domains.Domains, sessionStore sessions.Sessions, logger *slog.Logger) http.Handler
- func New(ctx context.Context, sessions sessions.Sessions, states state.States[string], ...) http.Handler
- type Metrics
Constants ¶
const OAUTHPath = "/_oauth"
Variables ¶
This section is empty.
Functions ¶
func AuthCallbackHandler ¶ added in v0.6.0
func AuthCallbackHandler( domains domains.Domains, whitelist whitelist.Whitelist, oauthHandlers map[domains.Domain]oauth.Handler, states state.States[string], sessions sessions.Sessions, logger *slog.Logger, ) http.Handler
The AuthCallbackHandler implements the oauth callback, initiated by ForwardAuthHandler's redirectToAuth method. It validates that the request came from us (by checking the state parameter), determines the user's email address, checks that that user is on the whitelist, creates a session Cookie for the user and redirects the user to the target that originally initiated the oauth flow.
func ForwardAuthHandler ¶ added in v0.6.0
func ForwardAuthHandler(domains domains.Domains, oauthHandlers map[domains.Domain]oauth.Handler, states state.States[string], logger *slog.Logger) http.Handler
The ForwardAuthHandler implements the authentication flow for traefik's forwardAuth middleware. It checks that the request has a valid session (stored in a http.Cookie). If so, it returns http.StatusOK. If not, it redirects the request to the configured oauth provider to log in. After login, the request is routed to the AuthCallbackHandler, which forwards the request to the originally requested destination.
func HealthHandler ¶ added in v0.6.0
func LogoutHandler ¶ added in v0.6.0
func LogoutHandler(domains domains.Domains, sessionStore sessions.Sessions, logger *slog.Logger) http.Handler
LogoutHandler logs out the user: it removes the session from the session store and sends an empty Cookie to the user. This means that the user's next request has an invalid cookie, triggering a new oauth flow.
func New ¶
func New(ctx context.Context, sessions sessions.Sessions, states state.States[string], config configuration.Configuration, metrics *Metrics, logger *slog.Logger) http.Handler
New returns a new http.Handler that handles traefik's forward-auth requests, and the associated oauth flow. It panics if config.Provider is invalid.
Types ¶
type Metrics ¶ added in v0.4.0
type Metrics struct {
// contains filtered or unexported fields
}
func NewMetrics ¶ added in v0.4.0
func (Metrics) Collect ¶ added in v0.4.0
func (m Metrics) Collect(ch chan<- prometheus.Metric)
func (Metrics) Describe ¶ added in v0.4.0
func (m Metrics) Describe(ch chan<- *prometheus.Desc)