首頁 探索 說明
登入
TC
/
Zoraxy
镜像来自 https://git.hkwtc.org/TC/ReverseProxy
1
0
複刻 0
Files 問題管理 0 Wiki
目錄樹: 9521d46e71
分支列表 標籤列表
Zoraxy
/
mod
/
auth
/
sso
/
authelia
/
authelia.go

authelia.go 2.4 KB
文件歷史 原始文件

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687 
  1. package authelia
    2. 

  2. 

  3. import (
    4. 

  4. 	"errors"
    5. 

  5. 	"fmt"
    6. 

  6. 	"net/http"
    7. 

  7. 	"net/url"
    8. 

  8. 

  9. 	"imuslab.com/zoraxy/mod/dynamicproxy"
    10. 

  10. 	"imuslab.com/zoraxy/mod/info/logger"
    11. 

  11. )
    12. 

  12. 

  13. type Options struct {
    14. 

  14. 	AutheliaURL string //URL of the Authelia server, e.g. authelia.example.com
    15. 

  15. 	UseHTTPS    bool   //Whether to use HTTPS for the Authelia server
    16. 

  16. 	Logger      logger.Logger
    17. 

  17. }
    18. 

  18. 

  19. type AutheliaHandler struct {
    20. 

  20. 	options *Options
    21. 

  21. }
    22. 

  22. 

  23. func NewAutheliaAuthenticator(options *Options) *AutheliaHandler {
    24. 

  24. 	return &AutheliaHandler{
    25. 

  25. 		options: options,
    26. 

  26. 	}
    27. 

  27. }
    28. 

  28. 

  29. // HandleAutheliaAuthRouting is the handler for Authelia authentication, if the error is not nil, the request will be forwarded to the endpoint
    30. 

  30. // Do not continue processing or write to the response writer if the error is not nil
    31. 

  31. func (h *AutheliaHandler) HandleAutheliaAuthRouting(w http.ResponseWriter, r *http.Request, pe *dynamicproxy.ProxyEndpoint) error {
    32. 

  32. 	err := h.handleAutheliaAuth(w, r)
    33. 

  33. 	if err != nil {
    34. 

  34. 		return nil
    35. 

  35. 	}
    36. 

  36. 	return err
    37. 

  37. }
    38. 

  38. 

  39. func (h *AutheliaHandler) handleAutheliaAuth(w http.ResponseWriter, r *http.Request) error {
    40. 

  40. 	client := &http.Client{}
    41. 

  41. 

  42. 	protocol := "http"
    43. 

  43. 	if h.options.UseHTTPS {
    44. 

  44. 		protocol = "https"
    45. 

  45. 	}
    46. 

  46. 

  47. 	autheliaBaseURL := protocol + "://" + h.options.AutheliaURL
    48. 

  48. 	//Remove tailing slash if any
    49. 

  49. 	if autheliaBaseURL[len(autheliaBaseURL)-1] == '/' {
    50. 

  50. 		autheliaBaseURL = autheliaBaseURL[:len(autheliaBaseURL)-1]
    51. 

  51. 	}
    52. 

  52. 

  53. 	//Make a request to Authelia to verify the request
    54. 

  54. 	req, err := http.NewRequest("POST", autheliaBaseURL+"/api/verify", nil)
    55. 

  55. 	if err != nil {
    56. 

  56. 		h.options.Logger.PrintAndLog("Authelia", "Unable to create request", err)
    57. 

  57. 		w.WriteHeader(401)
    58. 

  58. 		return errors.New("unauthorized")
    59. 

  59. 	}
    60. 

  60. 

  61. 	scheme := "http"
    62. 

  62. 	if r.TLS != nil {
    63. 

  63. 		scheme = "https"
    64. 

  64. 	}
    65. 

  65. 	req.Header.Add("X-Original-URL", fmt.Sprintf("%s://%s", scheme, r.Host))
    66. 

  66. 

  67. 	// Copy cookies from the incoming request
    68. 

  68. 	for _, cookie := range r.Cookies() {
    69. 

  69. 		req.AddCookie(cookie)
    70. 

  70. 	}
    71. 

  71. 

  72. 	// Making the verification request
    73. 

  73. 	resp, err := client.Do(req)
    74. 

  74. 	if err != nil {
    75. 

  75. 		h.options.Logger.PrintAndLog("Authelia", "Unable to verify", err)
    76. 

  76. 		w.WriteHeader(401)
    77. 

  77. 		return errors.New("unauthorized")
    78. 

  78. 	}
    79. 

  79. 

  80. 	if resp.StatusCode != 200 {
    81. 

  81. 		redirectURL := autheliaBaseURL + "/?rd=" + url.QueryEscape(scheme+"://"+r.Host+r.URL.String()) + "&rm=" + r.Method
    82. 

  82. 		http.Redirect(w, r, redirectURL, http.StatusSeeOther)
    83. 

  83. 		return errors.New("unauthorized")
    84. 

  84. 	}
    85. 

  85. 

  86. 	return nil
    87. 

  87. }
    88.