diff --git a/Makefile b/Makefile index 8c3c1e5a4..43ea1d49d 100644 --- a/Makefile +++ b/Makefile @@ -6,11 +6,11 @@ GOVERSION ?= 1.8.1 ROOT_DIR=${PWD} HARDWARE=$(shell uname -m) GIT_SHA=$(shell git --no-pager describe --always --dirty) -BUILD_TIME=$(shell date -u '+%Y-%m-%d_%I:%M:%S%p') +BUILD_TIME=$(shell date '+%s') VERSION ?= $(shell awk '/release.*=/ { print $$3 }' doc.go | sed 's/"//g') DEPS=$(shell go list -f '{{range .TestImports}}{{.}} {{end}}' ./...) PACKAGES=$(shell go list ./...) -LFLAGS ?= -X main.gitsha=${GIT_SHA} +LFLAGS ?= -X main.gitsha=${GIT_SHA} -X main.compiled=${BUILD_TIME} VETARGS ?= -asmdecl -atomic -bool -buildtags -copylocks -methods -nilfunc -printf -rangeloops -shift -structtags -unsafeptr .PHONY: test authors changelog build docker static release lint cover vet diff --git a/cli.go b/cli.go index b7743134a..ceb951b67 100644 --- a/cli.go +++ b/cli.go @@ -32,7 +32,7 @@ func newOauthProxyApp() *cli.App { app := cli.NewApp() app.Name = prog app.Usage = description - app.Version = version + app.Version = getVersion() app.Author = author app.Email = email app.Flags = getCommandLineOptions() diff --git a/doc.go b/doc.go index 22dfc4a00..819c083b2 100644 --- a/doc.go +++ b/doc.go @@ -17,16 +17,19 @@ package main import ( "errors" + "fmt" "net/http" + "strconv" "time" "github.com/coreos/go-oidc/jose" ) var ( - release = "v2.0.7" - gitsha = "no gitsha provided" - version = release + " (git+sha: " + gitsha + ")" + release = "v2.1.0" + gitsha = "no gitsha provided" + compiled = "0" + version = "" ) const ( @@ -34,23 +37,24 @@ const ( author = "Rohith" email = "gambol99@gmail.com" description = "is a proxy using the keycloak service for auth and authorization" - httpSchema = "http" headerUpgrade = "Upgrade" userContextName = "identity" + revokeContextName = "revoke" authorizationHeader = "Authorization" versionHeader = "X-Auth-Proxy-Version" envPrefix = "PROXY_" + httpSchema = "http" oauthURL = "/oauth" authorizationURL = "/authorize" callbackURL = "/callback" - healthURL = "/health" - tokenURL = "/token" expiredURL = "/expired" - logoutURL = "/logout" + healthURL = "/health" loginURL = "/login" + logoutURL = "/logout" metricsURL = "/metrics" + tokenURL = "/token" claimPreferredName = "preferred_username" claimAudience = "aud" @@ -86,22 +90,6 @@ type Resource struct { Roles []string `json:"roles" yaml:"roles"` } -// Cors access controls -type Cors struct { - // Origins is a list of origins permitted - Origins []string `json:"origins" yaml:"origins"` - // Methods is a set of access control methods - Methods []string `json:"methods" yaml:"methods"` - // Headers is a set of cors headers - Headers []string `json:"headers" yaml:"headers"` - // ExposedHeaders are the exposed header fields - ExposedHeaders []string `json:"exposed-headers" yaml:"exposed-headers"` - // Credentials set the creds flag - Credentials bool `json:"credentials" yaml:"credentials"` - // MaxAge is the age for CORS - MaxAge time.Duration `json:"max-age" yaml:"max-age"` -} - // Config is the configuration for the proxy type Config struct { // ConfigFile is the binding interface @@ -131,8 +119,10 @@ type Config struct { // Headers permits adding customs headers across the board Headers map[string]string `json:"headers" yaml:"headers" usage:"custom headers to the upstream request, key=value"` - // EnableCorsGlobal enables the CORs header in all response headers - EnableCorsGlobal bool `json:"enable-cors-global" yaml:"enable-cors-global" usage:"inject the CORs headers into all responses" env:"ENABLE_CORS_GLOBAL"` + // EnableLogging indicates if we should log all the requests + EnableLogging bool `json:"enable-logging" yaml:"enable-logging" usage:"enable http logging of the requests"` + // EnableJSONLogging is the logging format + EnableJSONLogging bool `json:"enable-json-logging" yaml:"enable-json-logging" usage:"switch on json logging rather than text"` // EnableForwarding enables the forwarding proxy EnableForwarding bool `json:"enable-forwarding" yaml:"enable-forwarding" usage:"enables the forwarding proxy mode, signing outbound request"` // EnableSecurityFilter enabled the security handler @@ -212,10 +202,6 @@ type Config struct { // EncryptionKey is the encryption key used to encrypt the refresh token EncryptionKey string `json:"encryption-key" yaml:"encryption-key" usage:"encryption key used to encryption the session state" env:"ENCRYPTION_KEY"` - // LogRequests indicates if we should log all the requests - LogRequests bool `json:"log-requests" yaml:"log-requests" usage:"enable http logging of the requests"` - // LogFormat is the logging format - LogJSONFormat bool `json:"json-format" yaml:"json-format" usage:"switch on json logging rather than text"` // NoRedirects informs we should hand back a 401 not a redirect NoRedirects bool `json:"no-redirects" yaml:"no-redirects" usage:"do not have back redirects when no authentication is present, 401 them"` // SkipTokenVerification tells the service to skipp verifying the access token - for testing purposes @@ -246,10 +232,23 @@ type Config struct { ForwardingDomains []string `json:"forwarding-domains" yaml:"forwarding-domains" usage:"list of domains which should be signed; everything else is relayed unsigned"` } -// store is used to hold the offline refresh token, assuming you don't want to use +// getVersion returns the proxy version +func getVersion() string { + if version == "" { + tm, err := strconv.ParseInt(compiled, 10, 64) + if err != nil { + return "unable to parse compiled time" + } + version = fmt.Sprintf("git+sha: %s, built: %s", gitsha, time.Unix(tm, 0).Format("02/01/2006")) + } + + return version +} + +// storage is used to hold the offline refresh token, assuming you don't want to use // the default practice of a encrypted cookie type storage interface { - // Add the token to the store + // Set the token to the store Set(string, string) error // Get retrieves a token from the store Get(string) (string, error) diff --git a/handlers.go b/handlers.go index 766784947..a976db4e6 100644 --- a/handlers.go +++ b/handlers.go @@ -425,7 +425,7 @@ func (r *oauthProxy) tokenHandler(cx echo.Context) error { // healthHandler is a health check handler for the service func (r *oauthProxy) healthHandler(cx echo.Context) error { - cx.Response().Writer.Header().Set(versionHeader, version) + cx.Response().Writer.Header().Set(versionHeader, getVersion()) return cx.String(http.StatusOK, "OK\n") }