123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687 |
- package authelia
- import (
- "errors"
- "fmt"
- "net/http"
- "net/url"
- "imuslab.com/zoraxy/mod/dynamicproxy"
- "imuslab.com/zoraxy/mod/info/logger"
- )
- type Options struct {
- AutheliaURL string //URL of the Authelia server, e.g. authelia.example.com
- UseHTTPS bool //Whether to use HTTPS for the Authelia server
- Logger logger.Logger
- }
- type AutheliaHandler struct {
- options *Options
- }
- func NewAutheliaAuthenticator(options *Options) *AutheliaHandler {
- return &AutheliaHandler{
- options: options,
- }
- }
- // HandleAutheliaAuthRouting is the handler for Authelia authentication, if the error is not nil, the request will be forwarded to the endpoint
- // Do not continue processing or write to the response writer if the error is not nil
- func (h *AutheliaHandler) HandleAutheliaAuthRouting(w http.ResponseWriter, r *http.Request, pe *dynamicproxy.ProxyEndpoint) error {
- err := h.handleAutheliaAuth(w, r)
- if err != nil {
- return nil
- }
- return err
- }
- func (h *AutheliaHandler) handleAutheliaAuth(w http.ResponseWriter, r *http.Request) error {
- client := &http.Client{}
- protocol := "http"
- if h.options.UseHTTPS {
- protocol = "https"
- }
- autheliaBaseURL := protocol + "://" + h.options.AutheliaURL
- //Remove tailing slash if any
- if autheliaBaseURL[len(autheliaBaseURL)-1] == '/' {
- autheliaBaseURL = autheliaBaseURL[:len(autheliaBaseURL)-1]
- }
- //Make a request to Authelia to verify the request
- req, err := http.NewRequest("POST", autheliaBaseURL+"/api/verify", nil)
- if err != nil {
- h.options.Logger.PrintAndLog("Authelia", "Unable to create request", err)
- w.WriteHeader(401)
- return errors.New("unauthorized")
- }
- scheme := "http"
- if r.TLS != nil {
- scheme = "https"
- }
- req.Header.Add("X-Original-URL", fmt.Sprintf("%s://%s", scheme, r.Host))
- // Copy cookies from the incoming request
- for _, cookie := range r.Cookies() {
- req.AddCookie(cookie)
- }
- // Making the verification request
- resp, err := client.Do(req)
- if err != nil {
- h.options.Logger.PrintAndLog("Authelia", "Unable to verify", err)
- w.WriteHeader(401)
- return errors.New("unauthorized")
- }
- if resp.StatusCode != 200 {
- redirectURL := autheliaBaseURL + "/?rd=" + url.QueryEscape(scheme+"://"+r.Host+r.URL.String()) + "&rm=" + r.Method
- http.Redirect(w, r, redirectURL, http.StatusSeeOther)
- return errors.New("unauthorized")
- }
- return nil
- }
|