github/zot
1
0
Fork 0
mirror of https://github.com/project-zot/zot.git synced 2026-06-17 04:48:26 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix(authn): handle the case where zot with openid runs behind a proxy (#1675)

Browse Source 
added a new config option under 'http' called externalURL which is used
by openid/oauth2 clients to redirect back to zot

Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
This commit is contained in:
peusebiu
2023-08-09 19:11:21 +03:00
committed by GitHub
parent ed90e3bd24
commit 4d125d55ed
5 changed files with 320 additions and 259 deletions
Download Patch File Download Diff File Expand all files Collapse all files
pkg/api/authn.go
+16 -6
View File
@@ -586,11 +586,6 @@ func getRelyingPartyArgs(cfg *config.Config, provider string) (
panic(zerr.ErrOpenIDProviderDoesNotExist)
}
scheme := "http"
if cfg.HTTP.TLS != nil {
scheme = "https"
}
clientID := cfg.HTTP.Auth.OpenID.Providers[provider].ClientID
clientSecret := cfg.HTTP.Auth.OpenID.Providers[provider].ClientSecret
@@ -604,7 +599,22 @@ func getRelyingPartyArgs(cfg *config.Config, provider string) (
issuer := cfg.HTTP.Auth.OpenID.Providers[provider].Issuer
keyPath := cfg.HTTP.Auth.OpenID.Providers[provider].KeyPath
baseURL := net.JoinHostPort(cfg.HTTP.Address, port)
redirectURI := fmt.Sprintf("%s://%s%s", scheme, baseURL, constants.CallbackBasePath+fmt.Sprintf("/%s", provider))
callback := constants.CallbackBasePath + fmt.Sprintf("/%s", provider)
var redirectURI string
if cfg.HTTP.ExternalURL != "" {
externalURL := strings.TrimSuffix(cfg.HTTP.ExternalURL, "/")
redirectURI = fmt.Sprintf("%s%s", externalURL, callback)
} else {
scheme := "http"
if cfg.HTTP.TLS != nil {
scheme = "https"
}
redirectURI = fmt.Sprintf("%s://%s%s", scheme, baseURL, callback)
}
options := []rp.Option{
rp.WithVerifierOpts(rp.WithIssuedAtOffset(issuedAtOffset)),