aboutsummaryrefslogtreecommitdiff
path: root/src/Sproxy
AgeCommit message (Collapse)AuthorFilesLines
2017-08-06Encode full URL in stateIgor Pashev1-5/+5
Encode full URL in state, not just path. Use encoded URL for cross-domain redirect. This is useful for OAuth2 providers that do not support multiple callback URLs, like https://oauth.yandex.com/
2017-08-06Fix POST requests for tokensIgor Pashev2-118/+131
Really use application/x-www-form-urlencoded instead of query paramaters. Apparently, Google and LinkedIn are too tolerant. Yandex is not.
2017-08-06Add YandexIgor Pashev2-8/+94
https://tech.yandex.com/oauth/
2017-05-13Respond with 502 on every backend exceptionIgor Pashev1-2/+6
From RFC 7231: 6.6.3. 502 Bad Gateway The 502 (Bad Gateway) status code indicates that the server, while acting as a gateway or proxy, received an invalid response from an inbound server it accessed while attempting to fulfill the request.
2017-05-13Add end-point for checking access in a bunchIgor Pashev3-16/+87
2017-02-07Oops ¯\_(ツ)_/¯Igor Pashev1-1/+1
2016-12-27Disregard possible port in the Host HTTP headerIgor Pashev1-10/+14
Motivation: to make it easy to switch Sproxy's primary port. This could be useful when running private (behind Sproxy) and public (e. g. nginx) HTTPS services on the same server. In such a setup one can use port 443 for public services and alt. HTTPS port 8443 for Sproxy. Before this change, Sproxy took possible port number into account when looking for backend and privileges. Now it ignores port and considers domain name only. This also gets Sproxy in line with browsers and SSL certificates: certificates do not include port numbers, browsers ignore ports when sending cookies.
2016-12-18BREAKING: no wildcards for domain namesIgor Pashev1-2/+2
This feature was ambiguous (in the same way as paths are) and never used anyway.
2016-12-01BREAKING: Allow !include in config fileIgor Pashev2-17/+8
This changes semantics of these options: - key - oauth2.<provider>.client_secret They are no longer files, but strings. To read content from files, use !include. The point of being files or read from files is to segregate secrets from non-sensitive easily discoverable settings. With !include it is much more simple and flexible.
2016-11-28Allow running in plain HTTP mode (no SSL)Igor Pashev2-19/+42
This can be useful when Sproxy is behind some other proxy or load-balancer.
2016-11-28Apply same settings to redirect serverIgor Pashev1-7/+7
2016-11-26Refactored data importIgor Pashev1-63/+54
Use persistent prepared statements for PostgreSQL data source. Import should be faster from now on.
2016-11-26Populate permission database from a fileIgor Pashev4-13/+133
2016-11-25Make sure all HTTP headers are UTF8-encodedIgor Pashev6-48/+90
Especially X-Family-Name, X-Given-Name. Since we get all the data from JSON and JSON is in UTF8 by default RFC 7159, we are safe. Refactored to make it less error-prone and to get as small number of encoding/decoding as possible.
2016-11-25/.sproxy/logout just redirects if no cookieIgor Pashev1-20/+20
2016-11-24Disable printing exceptionsIgor Pashev1-2/+4
We have our own traps and logging.
2016-11-24Added comments on proxyingIgor Pashev1-1/+9
2016-11-23Differentiate exceptionsIgor Pashev1-4/+15
2016-11-22Print original headers from backendsIgor Pashev1-3/+3
2016-11-21Remove some headers which are set automaticallyIgor Pashev1-3/+6
By underlying HTTP Client or WAI
2016-11-20Show HTTP version in logsIgor Pashev1-0/+1
2016-11-20oauth2 callback state: include query paramsIgor Pashev1-1/+3
If method of the original query is GET, redirect to original path with query parameters. Otherwise redirect to "/". Previously, when unauthenticated users click on "https://example.net/foo?bar", they are redirected to "https://example.net/foo" after authentication. Now, they will be redirected to "https://example.net/foo?bar"
2016-11-19Initial release (1.90.0)1.90.0Igor Pashev11-0/+1230
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-01 00:00:02 +0000