internal: fix routing for requests with querystring signature to embedded outpost

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-18 20:43:01 +02:00
parent fdb8fb4b4c
commit 514c48a986
3 changed files with 17 additions and 9 deletions
--- a/internal/outpost/proxyv2/application/application.go
+++ b/internal/outpost/proxyv2/application/application.go
@ -201,6 +201,16 @@ func (a *Application) Mode() api.ProxyMode {
 	return *a.proxyConfig.Mode.Get()
 }

+func (a *Application) HasQuerySignature(r *http.Request) bool {
+	if strings.EqualFold(r.URL.Query().Get(CallbackSignature), "true") {
+		return true
+	}
+	if strings.EqualFold(r.URL.Query().Get(LogoutSignature), "true") {
+		return true
+	}
+	return false
+}
+
 func (a *Application) ProxyConfig() api.ProxyOutpostConfig {
 	return a.proxyConfig
 }
--- a/internal/outpost/proxyv2/proxyv2.go
+++ b/internal/outpost/proxyv2/proxyv2.go
@ -67,12 +67,13 @@ func NewProxyServer(ac *ak.APIController) *ProxyServer {

 func (ps *ProxyServer) HandleHost(rw http.ResponseWriter, r *http.Request) bool {
 	a, _ := ps.lookupApp(r)
-	if a != nil {
-		if a.Mode() == api.PROXYMODE_PROXY {
+	if a == nil {
+		return false
+	}
+	if a.HasQuerySignature(r) || a.Mode() == api.PROXYMODE_PROXY {
 		a.ServeHTTP(rw, r)
 		return true
 	}
-	}
 	return false
 }

--- a/internal/web/proxy.go
+++ b/internal/web/proxy.go
@ -9,7 +9,6 @@ import (
 	"time"

 	"github.com/prometheus/client_golang/prometheus"
-	"goauthentik.io/internal/outpost/proxyv2/application"
 	"goauthentik.io/internal/utils/sentry"
 )

@ -52,9 +51,7 @@ func (ws *WebServer) configureProxy() {
 		}
 		before := time.Now()
 		if ws.ProxyServer != nil {
-			_, oauthCallbackSet := r.URL.Query()[application.CallbackSignature]
-			_, logoutSet := r.URL.Query()[application.LogoutSignature]
-			if ws.ProxyServer.HandleHost(rw, r) || oauthCallbackSet || logoutSet {
+			if ws.ProxyServer.HandleHost(rw, r) {
 				Requests.With(prometheus.Labels{
 					"dest": "embedded_outpost",
 				}).Observe(float64(time.Since(before)))