aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2017-07-26[WIP] State in OAuth2 callback should be short-livedstateIgor Pashev5-65/+79
2017-06-07Fix commentIgor Pashev1-1/+1
2017-05-15Version 1.95.01.95.0Igor Pashev2-1/+9
2017-05-13Respond with 502 on every backend exceptionIgor Pashev1-2/+6
From RFC 7231: 6.6.3. 502 Bad Gateway The 502 (Bad Gateway) status code indicates that the server, while acting as a gateway or proxy, received an invalid response from an inbound server it accessed while attempting to fulfill the request.
2017-05-13Add end-point for checking access in a bunchIgor Pashev5-36/+140
2017-04-20ChangeLog: updated linkIgor Pashev1-1/+1
2017-02-07Version 1.94.11.94.1Igor Pashev2-1/+8
2017-02-07Oops ¯\_(ツ)_/¯Igor Pashev1-1/+1
2017-01-30Version 1.94.01.94.0Igor Pashev2-1/+16
2017-01-15README: replace HTTP Basic authenticationIgor Pashev1-1/+3
2017-01-03TypoIgor Pashev1-1/+1
2016-12-27Disregard possible port in the Host HTTP headerIgor Pashev2-13/+16
Motivation: to make it easy to switch Sproxy's primary port. This could be useful when running private (behind Sproxy) and public (e. g. nginx) HTTPS services on the same server. In such a setup one can use port 443 for public services and alt. HTTPS port 8443 for Sproxy. Before this change, Sproxy took possible port number into account when looking for backend and privileges. Now it ignores port and considers domain name only. This also gets Sproxy in line with browsers and SSL certificates: certificates do not include port numbers, browsers ignore ports when sending cookies.
2016-12-27Suggest alternative HTTPS port 8443Igor Pashev1-1/+4
2016-12-18BREAKING: no wildcards for domain namesIgor Pashev2-3/+3
This feature was ambiguous (in the same way as paths are) and never used anyway.
2016-12-18sproxy.sql: updated exampleIgor Pashev1-1/+4
SQL wildcards are no longer supported for HTTP methods
2016-12-14TypoIgor Pashev1-1/+1
2016-12-13Version 1.93.01.93.0Igor Pashev2-1/+12
2016-12-10Examples: removed yaml markersIgor Pashev2-9/+0
They don't make much sense in files.
2016-12-05datafile.yml.example -> datafile.example.ymlIgor Pashev3-2/+2
2016-12-05sproxy.yml.example -> sproxy.example.ymlIgor Pashev3-2/+2
2016-12-01BREAKING: Allow !include in config fileIgor Pashev3-25/+16
This changes semantics of these options: - key - oauth2.<provider>.client_secret They are no longer files, but strings. To read content from files, use !include. The point of being files or read from files is to segregate secrets from non-sensitive easily discoverable settings. With !include it is much more simple and flexible.
2016-11-30Restructured README.mdIgor Pashev1-11/+11
2016-11-29TypoIgor Pashev1-1/+1
2016-11-28Version 1.92.01.92.0Igor Pashev2-1/+14
2016-11-28Allow running in plain HTTP mode (no SSL)Igor Pashev3-27/+73
This can be useful when Sproxy is behind some other proxy or load-balancer.
2016-11-28sproxy.sql: add "user" tableIgor Pashev1-6/+11
This will allow simple listing, removing and renaming users (changing email). It also will allow synchronizing Sproxy database with other sources. Note that this change is not compatible with current SproxyWeb, so don't try to update production databases. Speaking of synchronization, more then added, it's important that account are deleted automatically.
2016-11-28Apply same settings to redirect serverIgor Pashev1-7/+7
2016-11-26Version 1.91.01.91.0Igor Pashev2-1/+10
2016-11-26Refactored data importIgor Pashev1-63/+54
Use persistent prepared statements for PostgreSQL data source. Import should be faster from now on.
2016-11-26Cleaned READMEIgor Pashev1-7/+0
2016-11-26Populate permission database from a fileIgor Pashev8-45/+234
2016-11-26Version 1.90.21.90.2Igor Pashev2-1/+15
2016-11-25Make sure all HTTP headers are UTF8-encodedIgor Pashev7-49/+94
Especially X-Family-Name, X-Given-Name. Since we get all the data from JSON and JSON is in UTF8 by default RFC 7159, we are safe. Refactored to make it less error-prone and to get as small number of encoding/decoding as possible.
2016-11-25/.sproxy/logout just redirects if no cookieIgor Pashev1-20/+20
2016-11-24Disable printing exceptionsIgor Pashev1-2/+4
We have our own traps and logging.
2016-11-24Added comments on proxyingIgor Pashev1-1/+9
2016-11-23Differentiate exceptionsIgor Pashev1-4/+15
2016-11-22Version 1.90.11.90.1Igor Pashev2-1/+15
2016-11-22Print original headers from backendsIgor Pashev1-3/+3
2016-11-21Remove some headers which are set automaticallyIgor Pashev1-3/+6
By underlying HTTP Client or WAI
2016-11-20Show HTTP version in logsIgor Pashev1-0/+1
2016-11-20Updated README.mdIgor Pashev1-29/+64
2016-11-20oauth2 callback state: include query paramsIgor Pashev1-1/+3
If method of the original query is GET, redirect to original path with query parameters. Otherwise redirect to "/". Previously, when unauthenticated users click on "https://example.net/foo?bar", they are redirected to "https://example.net/foo" after authentication. Now, they will be redirected to "https://example.net/foo?bar"
2016-11-19Initial release (1.90.0)1.90.0Igor Pashev20-0/+1879