sproxy2/src, branch 1.94.0 HTTP proxy for authenticating users via OAuth2 https://git.pashev.ru/sproxy2/atom?h=1.94.0 2016-12-27T18:53:30Z Disregard possible port in the Host HTTP header 2016-12-27T18:53:30Z Igor Pashev pashev.igor@gmail.com 2016-12-27T18:53:30Z urn:sha1:d7e5277c680d73ac2e11aea0b473d98b2d48350c Motivation: to make it easy to switch Sproxy's primary port. This could be useful when running private (behind Sproxy) and public (e. g. nginx) HTTPS services on the same server. In such a setup one can use port 443 for public services and alt. HTTPS port 8443 for Sproxy. Before this change, Sproxy took possible port number into account when looking for backend and privileges. Now it ignores port and considers domain name only. This also gets Sproxy in line with browsers and SSL certificates: certificates do not include port numbers, browsers ignore ports when sending cookies. BREAKING: no wildcards for domain names 2016-12-18T11:31:10Z Igor Pashev pashev.igor@gmail.com 2016-12-18T11:29:18Z urn:sha1:dcebf4705dfe974746519a37570aecd7eb4e2b2c This feature was ambiguous (in the same way as paths are) and never used anyway. BREAKING: Allow !include in config file 2016-12-01T19:43:08Z Igor Pashev pashev.igor@gmail.com 2016-12-01T19:32:09Z urn:sha1:b0c5ffbe1d2dbbf1f9c460be0b4f18500c50a90f This changes semantics of these options: - key - oauth2.<provider>.client_secret They are no longer files, but strings. To read content from files, use !include. The point of being files or read from files is to segregate secrets from non-sensitive easily discoverable settings. With !include it is much more simple and flexible. Allow running in plain HTTP mode (no SSL) 2016-11-28T18:24:51Z Igor Pashev pashev.igor@gmail.com 2016-11-28T18:24:51Z urn:sha1:02e85ea26fc297d41a91c91d12b3e2aa290e62ff This can be useful when Sproxy is behind some other proxy or load-balancer. Apply same settings to redirect server 2016-11-28T12:57:23Z Igor Pashev pashev.igor@gmail.com 2016-11-28T12:57:23Z urn:sha1:1183905204bf70e69a2c853e71efed378f05d0b9 Refactored data import 2016-11-26T19:53:22Z Igor Pashev pashev.igor@gmail.com 2016-11-26T19:42:00Z urn:sha1:a3b5b7ac059e473e10749591c11aee97482b88d1 Use persistent prepared statements for PostgreSQL data source. Import should be faster from now on. Populate permission database from a file 2016-11-26T19:53:16Z Igor Pashev pashev.igor@gmail.com 2016-11-26T18:41:59Z urn:sha1:be9b6f68a60bec0cda4b905e9311a9076f778976 Make sure all HTTP headers are UTF8-encoded 2016-11-25T20:51:25Z Igor Pashev pashev.igor@gmail.com 2016-11-25T20:40:29Z urn:sha1:ea17e9c2a3350ba670f95a6fa0ce7716adfa4176 Especially X-Family-Name, X-Given-Name. Since we get all the data from JSON and JSON is in UTF8 by default RFC 7159, we are safe. Refactored to make it less error-prone and to get as small number of encoding/decoding as possible. /.sproxy/logout just redirects if no cookie 2016-11-25T10:39:13Z Igor Pashev pashev.igor@gmail.com 2016-11-25T10:39:13Z urn:sha1:7ba0b2158124bbf10fbdeeec70fb7e631a32a364 Disable printing exceptions 2016-11-24T20:24:31Z Igor Pashev pashev.igor@gmail.com 2016-11-24T20:24:31Z urn:sha1:a3739193953b2ccbe9174d76de8adf122269fbb5 We have our own traps and logging.