mirror of
https://github.com/lukaszraczylo/traefikoidc.git
synced 2026-06-05 22:44:17 +00:00
gofmt the updated files.
This commit is contained in:
@@ -139,7 +139,7 @@ func (c *Cache) Cleanup() {
|
|||||||
func (c *Cache) evictOldest() {
|
func (c *Cache) evictOldest() {
|
||||||
now := time.Now()
|
now := time.Now()
|
||||||
elem := c.order.Front()
|
elem := c.order.Front()
|
||||||
|
|
||||||
// First try to find an expired item from the front
|
// First try to find an expired item from the front
|
||||||
for elem != nil {
|
for elem != nil {
|
||||||
entry := elem.Value.(lruEntry)
|
entry := elem.Value.(lruEntry)
|
||||||
|
|||||||
+13
-13
@@ -9,7 +9,7 @@ import (
|
|||||||
|
|
||||||
func TestTokenBlacklistSizeLimit(t *testing.T) {
|
func TestTokenBlacklistSizeLimit(t *testing.T) {
|
||||||
tb := NewTokenBlacklist()
|
tb := NewTokenBlacklist()
|
||||||
|
|
||||||
// Add tokens up to maxSize
|
// Add tokens up to maxSize
|
||||||
for i := 0; i < 1000; i++ {
|
for i := 0; i < 1000; i++ {
|
||||||
tb.Add(fmt.Sprintf("token%d", i), time.Now().Add(time.Hour))
|
tb.Add(fmt.Sprintf("token%d", i), time.Now().Add(time.Hour))
|
||||||
@@ -31,12 +31,12 @@ func TestTokenBlacklistSizeLimit(t *testing.T) {
|
|||||||
|
|
||||||
func TestTokenBlacklistExpiredCleanup(t *testing.T) {
|
func TestTokenBlacklistExpiredCleanup(t *testing.T) {
|
||||||
tb := NewTokenBlacklist()
|
tb := NewTokenBlacklist()
|
||||||
|
|
||||||
// Add some expired tokens
|
// Add some expired tokens
|
||||||
for i := 0; i < 500; i++ {
|
for i := 0; i < 500; i++ {
|
||||||
tb.Add(fmt.Sprintf("expired%d", i), time.Now().Add(-time.Hour))
|
tb.Add(fmt.Sprintf("expired%d", i), time.Now().Add(-time.Hour))
|
||||||
}
|
}
|
||||||
|
|
||||||
// Add some valid tokens
|
// Add some valid tokens
|
||||||
for i := 0; i < 500; i++ {
|
for i := 0; i < 500; i++ {
|
||||||
tb.Add(fmt.Sprintf("valid%d", i), time.Now().Add(time.Hour))
|
tb.Add(fmt.Sprintf("valid%d", i), time.Now().Add(time.Hour))
|
||||||
@@ -62,14 +62,14 @@ func TestTokenBlacklistExpiredCleanup(t *testing.T) {
|
|||||||
|
|
||||||
func TestTokenBlacklistOldestEviction(t *testing.T) {
|
func TestTokenBlacklistOldestEviction(t *testing.T) {
|
||||||
tb := NewTokenBlacklist()
|
tb := NewTokenBlacklist()
|
||||||
|
|
||||||
// Add tokens at capacity with different expiration times
|
// Add tokens at capacity with different expiration times
|
||||||
baseTime := time.Now()
|
baseTime := time.Now()
|
||||||
oldestToken := "oldest"
|
oldestToken := "oldest"
|
||||||
|
|
||||||
// Add oldest token first
|
// Add oldest token first
|
||||||
tb.Add(oldestToken, baseTime.Add(time.Hour))
|
tb.Add(oldestToken, baseTime.Add(time.Hour))
|
||||||
|
|
||||||
// Fill up to capacity with newer tokens
|
// Fill up to capacity with newer tokens
|
||||||
for i := 0; i < 999; i++ {
|
for i := 0; i < 999; i++ {
|
||||||
tb.Add(fmt.Sprintf("token%d", i), baseTime.Add(time.Hour*2))
|
tb.Add(fmt.Sprintf("token%d", i), baseTime.Add(time.Hour*2))
|
||||||
@@ -96,7 +96,7 @@ func TestTokenBlacklistMemoryUsage(t *testing.T) {
|
|||||||
|
|
||||||
// Force initial GC
|
// Force initial GC
|
||||||
runtime.GC()
|
runtime.GC()
|
||||||
|
|
||||||
// Record initial memory stats
|
// Record initial memory stats
|
||||||
var m1, m2 runtime.MemStats
|
var m1, m2 runtime.MemStats
|
||||||
runtime.ReadMemStats(&m1)
|
runtime.ReadMemStats(&m1)
|
||||||
@@ -105,12 +105,12 @@ func TestTokenBlacklistMemoryUsage(t *testing.T) {
|
|||||||
for i := 0; i < iterations; i++ {
|
for i := 0; i < iterations; i++ {
|
||||||
// Add new token
|
// Add new token
|
||||||
tb.Add(fmt.Sprintf("token%d", i), time.Now().Add(time.Hour))
|
tb.Add(fmt.Sprintf("token%d", i), time.Now().Add(time.Hour))
|
||||||
|
|
||||||
// Periodically check blacklisted status
|
// Periodically check blacklisted status
|
||||||
if i%100 == 0 {
|
if i%100 == 0 {
|
||||||
tb.IsBlacklisted(fmt.Sprintf("token%d", i-50))
|
tb.IsBlacklisted(fmt.Sprintf("token%d", i-50))
|
||||||
}
|
}
|
||||||
|
|
||||||
// Periodically cleanup
|
// Periodically cleanup
|
||||||
if i%1000 == 0 {
|
if i%1000 == 0 {
|
||||||
tb.Cleanup()
|
tb.Cleanup()
|
||||||
@@ -180,7 +180,7 @@ func TestTokenCacheMemoryUsage(t *testing.T) {
|
|||||||
|
|
||||||
// Force initial GC
|
// Force initial GC
|
||||||
runtime.GC()
|
runtime.GC()
|
||||||
|
|
||||||
// Record initial memory stats
|
// Record initial memory stats
|
||||||
var m1, m2 runtime.MemStats
|
var m1, m2 runtime.MemStats
|
||||||
runtime.ReadMemStats(&m1)
|
runtime.ReadMemStats(&m1)
|
||||||
@@ -191,15 +191,15 @@ func TestTokenCacheMemoryUsage(t *testing.T) {
|
|||||||
"sub": fmt.Sprintf("user%d", i),
|
"sub": fmt.Sprintf("user%d", i),
|
||||||
"exp": time.Now().Add(time.Hour).Unix(),
|
"exp": time.Now().Add(time.Hour).Unix(),
|
||||||
}
|
}
|
||||||
|
|
||||||
// Add to cache
|
// Add to cache
|
||||||
tc.Set(fmt.Sprintf("token%d", i), claims, time.Hour)
|
tc.Set(fmt.Sprintf("token%d", i), claims, time.Hour)
|
||||||
|
|
||||||
// Periodically retrieve
|
// Periodically retrieve
|
||||||
if i%100 == 0 {
|
if i%100 == 0 {
|
||||||
tc.Get(fmt.Sprintf("token%d", i-50))
|
tc.Get(fmt.Sprintf("token%d", i-50))
|
||||||
}
|
}
|
||||||
|
|
||||||
// Periodically cleanup
|
// Periodically cleanup
|
||||||
if i%1000 == 0 {
|
if i%1000 == 0 {
|
||||||
tc.Cleanup()
|
tc.Cleanup()
|
||||||
|
|||||||
@@ -533,20 +533,20 @@ func (t *TraefikOidc) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
|
|||||||
|
|
||||||
// Set user information in headers
|
// Set user information in headers
|
||||||
req.Header.Set("X-Forwarded-User", email)
|
req.Header.Set("X-Forwarded-User", email)
|
||||||
|
|
||||||
// Set OIDC-specific headers
|
// Set OIDC-specific headers
|
||||||
req.Header.Set("X-Auth-Request-Redirect", req.URL.RequestURI())
|
req.Header.Set("X-Auth-Request-Redirect", req.URL.RequestURI())
|
||||||
req.Header.Set("X-Auth-Request-User", email)
|
req.Header.Set("X-Auth-Request-User", email)
|
||||||
if idToken := session.GetAccessToken(); idToken != "" {
|
if idToken := session.GetAccessToken(); idToken != "" {
|
||||||
req.Header.Set("X-Auth-Request-Token", idToken)
|
req.Header.Set("X-Auth-Request-Token", idToken)
|
||||||
}
|
}
|
||||||
|
|
||||||
// Set security headers
|
// Set security headers
|
||||||
rw.Header().Set("X-Frame-Options", "DENY")
|
rw.Header().Set("X-Frame-Options", "DENY")
|
||||||
rw.Header().Set("X-Content-Type-Options", "nosniff")
|
rw.Header().Set("X-Content-Type-Options", "nosniff")
|
||||||
rw.Header().Set("X-XSS-Protection", "1; mode=block")
|
rw.Header().Set("X-XSS-Protection", "1; mode=block")
|
||||||
rw.Header().Set("Referrer-Policy", "strict-origin-when-cross-origin")
|
rw.Header().Set("Referrer-Policy", "strict-origin-when-cross-origin")
|
||||||
|
|
||||||
// Set CORS headers
|
// Set CORS headers
|
||||||
origin := req.Header.Get("Origin")
|
origin := req.Header.Get("Origin")
|
||||||
if origin != "" {
|
if origin != "" {
|
||||||
@@ -554,14 +554,14 @@ func (t *TraefikOidc) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
|
|||||||
rw.Header().Set("Access-Control-Allow-Credentials", "true")
|
rw.Header().Set("Access-Control-Allow-Credentials", "true")
|
||||||
rw.Header().Set("Access-Control-Allow-Methods", "GET, POST, OPTIONS")
|
rw.Header().Set("Access-Control-Allow-Methods", "GET, POST, OPTIONS")
|
||||||
rw.Header().Set("Access-Control-Allow-Headers", "Authorization, Content-Type")
|
rw.Header().Set("Access-Control-Allow-Headers", "Authorization, Content-Type")
|
||||||
|
|
||||||
// Handle preflight requests
|
// Handle preflight requests
|
||||||
if req.Method == "OPTIONS" {
|
if req.Method == "OPTIONS" {
|
||||||
rw.WriteHeader(http.StatusOK)
|
rw.WriteHeader(http.StatusOK)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// Process the request
|
// Process the request
|
||||||
t.next.ServeHTTP(rw, req)
|
t.next.ServeHTTP(rw, req)
|
||||||
}
|
}
|
||||||
@@ -697,9 +697,9 @@ func (t *TraefikOidc) buildAuthURL(redirectURL, state, nonce string) string {
|
|||||||
// Extract issuer base URL
|
// Extract issuer base URL
|
||||||
issuerURL, err := url.Parse(t.issuerURL)
|
issuerURL, err := url.Parse(t.issuerURL)
|
||||||
if err == nil {
|
if err == nil {
|
||||||
return fmt.Sprintf("%s://%s%s?%s",
|
return fmt.Sprintf("%s://%s%s?%s",
|
||||||
issuerURL.Scheme,
|
issuerURL.Scheme,
|
||||||
issuerURL.Host,
|
issuerURL.Host,
|
||||||
t.authURL,
|
t.authURL,
|
||||||
params.Encode())
|
params.Encode())
|
||||||
}
|
}
|
||||||
@@ -709,17 +709,17 @@ func (t *TraefikOidc) buildAuthURL(redirectURL, state, nonce string) string {
|
|||||||
|
|
||||||
// startTokenCleanup starts the token cleanup goroutine
|
// startTokenCleanup starts the token cleanup goroutine
|
||||||
func (t *TraefikOidc) startTokenCleanup() {
|
func (t *TraefikOidc) startTokenCleanup() {
|
||||||
ticker := time.NewTicker(1 * time.Minute) // Run cleanup every minute
|
ticker := time.NewTicker(1 * time.Minute) // Run cleanup every minute
|
||||||
go func() {
|
go func() {
|
||||||
defer ticker.Stop()
|
defer ticker.Stop()
|
||||||
for range ticker.C {
|
for range ticker.C {
|
||||||
t.logger.Debug("Starting token cleanup cycle")
|
t.logger.Debug("Starting token cleanup cycle")
|
||||||
t.tokenCache.Cleanup()
|
t.tokenCache.Cleanup()
|
||||||
t.tokenBlacklist.Cleanup()
|
t.tokenBlacklist.Cleanup()
|
||||||
t.jwkCache.Cleanup() // Assuming jwkCache is the cache from cache.go
|
t.jwkCache.Cleanup() // Assuming jwkCache is the cache from cache.go
|
||||||
// Removed runtime.GC() call
|
// Removed runtime.GC() call
|
||||||
}
|
}
|
||||||
}()
|
}()
|
||||||
}
|
}
|
||||||
|
|
||||||
// RevokeToken adds the token to the blacklist
|
// RevokeToken adds the token to the blacklist
|
||||||
|
|||||||
+4
-4
@@ -1782,7 +1782,7 @@ func TestBuildAuthURL(t *testing.T) {
|
|||||||
issuerURL string
|
issuerURL string
|
||||||
redirectURL string
|
redirectURL string
|
||||||
state string
|
state string
|
||||||
nonce string
|
nonce string
|
||||||
expectedPrefix string
|
expectedPrefix string
|
||||||
}{
|
}{
|
||||||
{
|
{
|
||||||
@@ -1791,7 +1791,7 @@ func TestBuildAuthURL(t *testing.T) {
|
|||||||
issuerURL: "https://auth.example.com",
|
issuerURL: "https://auth.example.com",
|
||||||
redirectURL: "https://app.example.com/callback",
|
redirectURL: "https://app.example.com/callback",
|
||||||
state: "test-state",
|
state: "test-state",
|
||||||
nonce: "test-nonce",
|
nonce: "test-nonce",
|
||||||
expectedPrefix: "https://auth.example.com/oauth/authorize?",
|
expectedPrefix: "https://auth.example.com/oauth/authorize?",
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
@@ -1800,7 +1800,7 @@ func TestBuildAuthURL(t *testing.T) {
|
|||||||
issuerURL: "https://logto.example.com",
|
issuerURL: "https://logto.example.com",
|
||||||
redirectURL: "https://app.example.com/callback",
|
redirectURL: "https://app.example.com/callback",
|
||||||
state: "test-state",
|
state: "test-state",
|
||||||
nonce: "test-nonce",
|
nonce: "test-nonce",
|
||||||
expectedPrefix: "https://logto.example.com/oidc/auth?",
|
expectedPrefix: "https://logto.example.com/oidc/auth?",
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
@@ -1809,7 +1809,7 @@ func TestBuildAuthURL(t *testing.T) {
|
|||||||
issuerURL: "https://auth.example.com:8443",
|
issuerURL: "https://auth.example.com:8443",
|
||||||
redirectURL: "https://app.example.com/callback",
|
redirectURL: "https://app.example.com/callback",
|
||||||
state: "test-state",
|
state: "test-state",
|
||||||
nonce: "test-nonce",
|
nonce: "test-nonce",
|
||||||
expectedPrefix: "https://auth.example.com:8443/sign-in?",
|
expectedPrefix: "https://auth.example.com:8443/sign-in?",
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user