outpost/embedded: fix embedded outpost redirecting to localhost

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-08 15:39:52 +02:00
parent c5976de500
commit 16f0f89a9d
1 changed files with 12 additions and 6 deletions
--- a/internal/outpost/proxy/api_bundle.go
+++ b/internal/outpost/proxy/api_bundle.go
@ -35,6 +35,12 @@ func intToPointer(i int) *int {
 	return &i
 }

+func (pb *providerBundle) replaceLocal(url string) string {
+	f := strings.ReplaceAll(url, "localhost:8000", pb.s.ak.Client.GetConfig().Host)
+	f = strings.ReplaceAll(f, "http", pb.s.ak.Client.GetConfig().Scheme)
+	return f
+}
+
 func (pb *providerBundle) prepareOpts(provider api.ProxyOutpostConfig) *options.Options {
 	externalHost, err := url.Parse(provider.ExternalHost)
 	if err != nil {
@ -54,12 +60,12 @@ func (pb *providerBundle) prepareOpts(provider api.ProxyOutpostConfig) *options.
 	providerOpts.Cookie.Secure = externalHost.Scheme == "https"

 	providerOpts.SkipOIDCDiscovery = true
-	providerOpts.OIDCIssuerURL = provider.OidcConfiguration.Issuer
-	providerOpts.LoginURL = provider.OidcConfiguration.AuthorizationEndpoint
-	providerOpts.RedeemURL = provider.OidcConfiguration.TokenEndpoint
-	providerOpts.OIDCJwksURL = provider.OidcConfiguration.JwksUri
-	providerOpts.ProfileURL = provider.OidcConfiguration.UserinfoEndpoint
-	providerOpts.ValidateURL = provider.OidcConfiguration.UserinfoEndpoint
+	providerOpts.OIDCIssuerURL = pb.replaceLocal(provider.OidcConfiguration.Issuer)
+	providerOpts.LoginURL = pb.replaceLocal(provider.OidcConfiguration.AuthorizationEndpoint)
+	providerOpts.RedeemURL = pb.replaceLocal(provider.OidcConfiguration.TokenEndpoint)
+	providerOpts.OIDCJwksURL = pb.replaceLocal(provider.OidcConfiguration.JwksUri)
+	providerOpts.ProfileURL = pb.replaceLocal(provider.OidcConfiguration.UserinfoEndpoint)
+	providerOpts.ValidateURL = pb.replaceLocal(provider.OidcConfiguration.UserinfoEndpoint)
 	providerOpts.AcrValues = "goauthentik.io/providers/oauth2/default"

 	if *provider.SkipPathRegex != "" {