github provider

Jing-ze · Dec 23, 2024 · d2a70ab · d2a70ab
1 parent 2e4ee25
commit d2a70ab
Show file tree

Hide file tree

Showing 31 changed files with 153 additions and 75 deletions.
diff --git a/go.mod b/go.mod
@@ -1,4 +1,4 @@
-module github.com/higress-group/oauth2-proxy
+module github.com/Jing-ze/oauth2-proxy
 
 go 1.19
 

diff --git a/load.go b/load.go
@@ -3,9 +3,9 @@ package oidc
 import (
 	"fmt"
 
-	"github.com/higress-group/oauth2-proxy/pkg/apis/options"
-	"github.com/higress-group/oauth2-proxy/pkg/mapstructure"
-	"github.com/higress-group/oauth2-proxy/pkg/validation"
+	"github.com/Jing-ze/oauth2-proxy/pkg/apis/options"
+	"github.com/Jing-ze/oauth2-proxy/pkg/mapstructure"
+	"github.com/Jing-ze/oauth2-proxy/pkg/validation"
 
 	"github.com/tidwall/gjson"
 )

diff --git a/oauthproxy.go b/oauthproxy.go
@@ -9,18 +9,18 @@ import (
 	"strings"
 	"time"
 
-	"github.com/higress-group/oauth2-proxy/pkg/apis/options"
-	sessionsapi "github.com/higress-group/oauth2-proxy/pkg/apis/sessions"
-	"github.com/higress-group/oauth2-proxy/pkg/app/redirect"
-	"github.com/higress-group/oauth2-proxy/pkg/cookies"
-	"github.com/higress-group/oauth2-proxy/pkg/encryption"
-	"github.com/higress-group/oauth2-proxy/pkg/middleware"
-	requestutil "github.com/higress-group/oauth2-proxy/pkg/requests/util"
-	"github.com/higress-group/oauth2-proxy/pkg/sessions"
-	"github.com/higress-group/oauth2-proxy/pkg/util"
-	"github.com/higress-group/oauth2-proxy/providers"
-
-	middlewareapi "github.com/higress-group/oauth2-proxy/pkg/apis/middleware"
+	"github.com/Jing-ze/oauth2-proxy/pkg/apis/options"
+	sessionsapi "github.com/Jing-ze/oauth2-proxy/pkg/apis/sessions"
+	"github.com/Jing-ze/oauth2-proxy/pkg/app/redirect"
+	"github.com/Jing-ze/oauth2-proxy/pkg/cookies"
+	"github.com/Jing-ze/oauth2-proxy/pkg/encryption"
+	"github.com/Jing-ze/oauth2-proxy/pkg/middleware"
+	requestutil "github.com/Jing-ze/oauth2-proxy/pkg/requests/util"
+	"github.com/Jing-ze/oauth2-proxy/pkg/sessions"
+	"github.com/Jing-ze/oauth2-proxy/pkg/util"
+	"github.com/Jing-ze/oauth2-proxy/providers"
+
+	middlewareapi "github.com/Jing-ze/oauth2-proxy/pkg/apis/middleware"
 
 	"github.com/alibaba/higress/plugins/wasm-go/pkg/wrapper"
 	"github.com/gorilla/mux"

diff --git a/pkg/apis/middleware/scope.go b/pkg/apis/middleware/scope.go
@@ -4,7 +4,7 @@ import (
 	"context"
 	"net/http"
 
-	"github.com/higress-group/oauth2-proxy/pkg/apis/sessions"
+	"github.com/Jing-ze/oauth2-proxy/pkg/apis/sessions"
 )
 
 type scopeKey string

diff --git a/pkg/apis/middleware/session.go b/pkg/apis/middleware/session.go
@@ -4,9 +4,9 @@ import (
 	"context"
 	"fmt"
 
-	sessionsapi "github.com/higress-group/oauth2-proxy/pkg/apis/sessions"
+	sessionsapi "github.com/Jing-ze/oauth2-proxy/pkg/apis/sessions"
 
-	oidc "github.com/higress-group/oauth2-proxy/pkg/providers/go_oidc"
+	oidc "github.com/Jing-ze/oauth2-proxy/pkg/providers/go_oidc"
 )
 
 // TokenToSessionFunc takes a raw ID Token and converts it into a SessionState.

diff --git a/pkg/apis/options/providers.go b/pkg/apis/options/providers.go
@@ -70,6 +70,8 @@ const (
 	OIDCProvider ProviderType = "oidc"
 
 	AliyunProvider ProviderType = "aliyun"
+
+	GitHubProvider ProviderType = "github"
 )
 
 type OIDCOptions struct {

diff --git a/pkg/apis/sessions/session_state.go b/pkg/apis/sessions/session_state.go
@@ -7,8 +7,8 @@ import (
 
 	"encoding/json"
 
-	"github.com/higress-group/oauth2-proxy/pkg/clock"
-	"github.com/higress-group/oauth2-proxy/pkg/encryption"
+	"github.com/Jing-ze/oauth2-proxy/pkg/clock"
+	"github.com/Jing-ze/oauth2-proxy/pkg/encryption"
 )
 
 // // SessionState is used to store information about the currently authenticated user session

diff --git a/pkg/app/redirect/director.go b/pkg/app/redirect/director.go
@@ -5,7 +5,7 @@ import (
 	"net/http"
 	"strings"
 
-	"github.com/higress-group/oauth2-proxy/pkg/util"
+	"github.com/Jing-ze/oauth2-proxy/pkg/util"
 )
 
 // AppDirector is responsible for determining where OAuth2 Proxy should redirect

diff --git a/pkg/app/redirect/getters.go b/pkg/app/redirect/getters.go
@@ -4,7 +4,7 @@ import (
 	"fmt"
 	"net/http"
 
-	requestutil "github.com/higress-group/oauth2-proxy/pkg/requests/util"
+	requestutil "github.com/Jing-ze/oauth2-proxy/pkg/requests/util"
 )
 
 // redirectGetter represents a method to allow the proxy to determine a redirect

diff --git a/pkg/app/redirect/validator.go b/pkg/app/redirect/validator.go
@@ -5,7 +5,7 @@ import (
 	"regexp"
 	"strings"
 
-	"github.com/higress-group/oauth2-proxy/pkg/util"
+	"github.com/Jing-ze/oauth2-proxy/pkg/util"
 )
 
 var (

diff --git a/pkg/cookies/cookies.go b/pkg/cookies/cookies.go
@@ -7,10 +7,10 @@ import (
 	"strings"
 	"time"
 
-	"github.com/higress-group/oauth2-proxy/pkg/apis/options"
-	"github.com/higress-group/oauth2-proxy/pkg/util"
+	"github.com/Jing-ze/oauth2-proxy/pkg/apis/options"
+	"github.com/Jing-ze/oauth2-proxy/pkg/util"
 
-	requestutil "github.com/higress-group/oauth2-proxy/pkg/requests/util"
+	requestutil "github.com/Jing-ze/oauth2-proxy/pkg/requests/util"
 )
 
 // MakeCookieFromOptions constructs a cookie based on the given *options.CookieOptions,

diff --git a/pkg/cookies/csrf.go b/pkg/cookies/csrf.go
@@ -6,13 +6,13 @@ import (
 	"net/http"
 	"time"
 
-	"github.com/higress-group/oauth2-proxy/pkg/apis/options"
-	"github.com/higress-group/oauth2-proxy/pkg/apis/sessions"
+	"github.com/Jing-ze/oauth2-proxy/pkg/apis/options"
+	"github.com/Jing-ze/oauth2-proxy/pkg/apis/sessions"
 
 	"encoding/json"
 
-	"github.com/higress-group/oauth2-proxy/pkg/clock"
-	"github.com/higress-group/oauth2-proxy/pkg/encryption"
+	"github.com/Jing-ze/oauth2-proxy/pkg/clock"
+	"github.com/Jing-ze/oauth2-proxy/pkg/encryption"
 )
 
 // CSRF manages various nonces stored in the CSRF cookie during the initial

diff --git a/pkg/ip/realclientip.go b/pkg/ip/realclientip.go
@@ -6,7 +6,7 @@ import (
 	"net/http"
 	"strings"
 
-	ipapi "github.com/higress-group/oauth2-proxy/pkg/apis/ip"
+	ipapi "github.com/Jing-ze/oauth2-proxy/pkg/apis/ip"
 )
 
 func GetRealClientIPParser(headerKey string) (ipapi.RealClientIPParser, error) {

diff --git a/pkg/middleware/scope.go b/pkg/middleware/scope.go
@@ -3,7 +3,7 @@ package middleware
 import (
 	"net/http"
 
-	middlewareapi "github.com/higress-group/oauth2-proxy/pkg/apis/middleware"
+	middlewareapi "github.com/Jing-ze/oauth2-proxy/pkg/apis/middleware"
 
 	"github.com/google/uuid"
 	"github.com/justinas/alice"

diff --git a/pkg/middleware/stored_session.go b/pkg/middleware/stored_session.go
@@ -7,11 +7,11 @@ import (
 	"net/http"
 	"time"
 
-	middlewareapi "github.com/higress-group/oauth2-proxy/pkg/apis/middleware"
-	sessionsapi "github.com/higress-group/oauth2-proxy/pkg/apis/sessions"
-	"github.com/higress-group/oauth2-proxy/pkg/util"
+	middlewareapi "github.com/Jing-ze/oauth2-proxy/pkg/apis/middleware"
+	sessionsapi "github.com/Jing-ze/oauth2-proxy/pkg/apis/sessions"
+	"github.com/Jing-ze/oauth2-proxy/pkg/util"
 
-	oidc "github.com/higress-group/oauth2-proxy/pkg/providers/go_oidc"
+	oidc "github.com/Jing-ze/oauth2-proxy/pkg/providers/go_oidc"
 
 	"github.com/alibaba/higress/plugins/wasm-go/pkg/wrapper"
 	"github.com/higress-group/proxy-wasm-go-sdk/proxywasm"

diff --git a/pkg/providers/go_oidc/jwks.go b/pkg/providers/go_oidc/jwks.go
@@ -26,7 +26,7 @@ import (
 	"net/http"
 	"time"
 
-	"github.com/higress-group/oauth2-proxy/pkg/util"
+	"github.com/Jing-ze/oauth2-proxy/pkg/util"
 
 	"github.com/alibaba/higress/plugins/wasm-go/pkg/wrapper"
 	"github.com/go-jose/go-jose/v4"

diff --git a/pkg/providers/oidc/provider_verifier.go b/pkg/providers/oidc/provider_verifier.go
@@ -5,8 +5,8 @@ import (
 	"errors"
 	"fmt"
 
-	oidc "github.com/higress-group/oauth2-proxy/pkg/providers/go_oidc"
-	"github.com/higress-group/oauth2-proxy/pkg/providers/util"
+	oidc "github.com/Jing-ze/oauth2-proxy/pkg/providers/go_oidc"
+	"github.com/Jing-ze/oauth2-proxy/pkg/providers/util"
 )
 
 // ProviderVerifier represents the OIDC discovery and verification process

diff --git a/pkg/providers/oidc/verifier.go b/pkg/providers/oidc/verifier.go
@@ -5,7 +5,7 @@ import (
 	"fmt"
 	"reflect"
 
-	oidc "github.com/higress-group/oauth2-proxy/pkg/providers/go_oidc"
+	oidc "github.com/Jing-ze/oauth2-proxy/pkg/providers/go_oidc"
 )
 
 // idTokenVerifier allows an ID Token to be verified against the issue and provided keys.

diff --git a/pkg/requests/util/util.go b/pkg/requests/util/util.go
@@ -3,7 +3,7 @@ package util
 import (
 	"net/http"
 
-	middlewareapi "github.com/higress-group/oauth2-proxy/pkg/apis/middleware"
+	middlewareapi "github.com/Jing-ze/oauth2-proxy/pkg/apis/middleware"
 )
 
 const (

diff --git a/pkg/sessions/cookie/session_store.go b/pkg/sessions/cookie/session_store.go
@@ -8,10 +8,10 @@ import (
 	"regexp"
 	"time"
 
-	"github.com/higress-group/oauth2-proxy/pkg/apis/options"
-	"github.com/higress-group/oauth2-proxy/pkg/apis/sessions"
-	pkgcookies "github.com/higress-group/oauth2-proxy/pkg/cookies"
-	"github.com/higress-group/oauth2-proxy/pkg/encryption"
+	"github.com/Jing-ze/oauth2-proxy/pkg/apis/options"
+	"github.com/Jing-ze/oauth2-proxy/pkg/apis/sessions"
+	pkgcookies "github.com/Jing-ze/oauth2-proxy/pkg/cookies"
+	"github.com/Jing-ze/oauth2-proxy/pkg/encryption"
 )
 
 const (

diff --git a/pkg/sessions/session_store.go b/pkg/sessions/session_store.go
@@ -3,9 +3,9 @@ package sessions
 import (
 	"fmt"
 
-	"github.com/higress-group/oauth2-proxy/pkg/apis/options"
-	"github.com/higress-group/oauth2-proxy/pkg/apis/sessions"
-	"github.com/higress-group/oauth2-proxy/pkg/sessions/cookie"
+	"github.com/Jing-ze/oauth2-proxy/pkg/apis/options"
+	"github.com/Jing-ze/oauth2-proxy/pkg/apis/sessions"
+	"github.com/Jing-ze/oauth2-proxy/pkg/sessions/cookie"
 )
 
 // NewSessionStore creates a SessionStore from the provided configuration

diff --git a/pkg/validation/cookie.go b/pkg/validation/cookie.go
@@ -6,8 +6,8 @@ import (
 	"sort"
 	"time"
 
-	"github.com/higress-group/oauth2-proxy/pkg/apis/options"
-	"github.com/higress-group/oauth2-proxy/pkg/encryption"
+	"github.com/Jing-ze/oauth2-proxy/pkg/apis/options"
+	"github.com/Jing-ze/oauth2-proxy/pkg/encryption"
 )
 
 func validateCookie(o options.Cookie) []string {

diff --git a/pkg/validation/options.go b/pkg/validation/options.go
@@ -5,8 +5,8 @@ import (
 	"net/url"
 	"strings"
 
-	"github.com/higress-group/oauth2-proxy/pkg/apis/options"
-	"github.com/higress-group/oauth2-proxy/pkg/util"
+	"github.com/Jing-ze/oauth2-proxy/pkg/apis/options"
+	"github.com/Jing-ze/oauth2-proxy/pkg/util"
 )
 
 // Validate checks that required options are set and validates those that they

diff --git a/pkg/validation/providers.go b/pkg/validation/providers.go
@@ -3,7 +3,7 @@ package validation
 import (
 	"fmt"
 
-	"github.com/higress-group/oauth2-proxy/pkg/apis/options"
+	"github.com/Jing-ze/oauth2-proxy/pkg/apis/options"
 )
 
 // validateProviders is the initial validation migration for multiple providrers

diff --git a/providers/aliyun.go b/providers/aliyun.go
@@ -6,9 +6,9 @@ import (
 	"net/http"
 	"net/url"
 
+	"github.com/Jing-ze/oauth2-proxy/pkg/apis/sessions"
+	"github.com/Jing-ze/oauth2-proxy/pkg/util"
 	"github.com/alibaba/higress/plugins/wasm-go/pkg/wrapper"
-	"github.com/higress-group/oauth2-proxy/pkg/apis/sessions"
-	"github.com/higress-group/oauth2-proxy/pkg/util"
 )
 
 type AliyunProvider struct {

diff --git a/providers/github.go b/providers/github.go
@@ -0,0 +1,74 @@
+package providers
+
+import (
+	"net/url"
+)
+
+// GitHubProvider represents an GitHub based Identity Provider
+type GitHubProvider struct {
+	*ProviderData
+}
+
+var _ Provider = (*GitHubProvider)(nil)
+
+const (
+	githubProviderName = "GitHub"
+	githubDefaultScope = "user:email read:org"
+	orgTeamSeparator   = ":"
+)
+
+var (
+	// Default Login URL for GitHub.
+	// Pre-parsed URL of https://github.org/login/oauth/authorize.
+	githubDefaultLoginURL = &url.URL{
+		Scheme: "https",
+		Host:   "github.com",
+		Path:   "/login/oauth/authorize",
+	}
+
+	// Default Redeem URL for GitHub.
+	// Pre-parsed URL of https://github.org/login/oauth/access_token.
+	githubDefaultRedeemURL = &url.URL{
+		Scheme: "https",
+		Host:   "github.com",
+		Path:   "/login/oauth/access_token",
+	}
+
+	// Default Validation URL for GitHub.
+	// ValidationURL is the API Base URL.
+	// Other API requests are based off of this (eg to fetch users/groups).
+	// Pre-parsed URL of https://api.github.com/.
+	githubDefaultValidateURL = &url.URL{
+		Scheme: "https",
+		Host:   "api.github.com",
+		Path:   "/",
+	}
+)
+
+// NewGitHubProvider initiates a new GitHubProvider
+func NewGitHubProvider(p *ProviderData) *GitHubProvider {
+	p.setProviderDefaults(providerDefaults{
+		name:        githubProviderName,
+		loginURL:    githubDefaultLoginURL,
+		redeemURL:   githubDefaultRedeemURL,
+		profileURL:  nil,
+		validateURL: githubDefaultValidateURL,
+		scope:       githubDefaultScope,
+	})
+
+	provider := &GitHubProvider{ProviderData: p}
+	return provider
+}
+
+// func makeGitHubHeader(accessToken string) http.Header {
+// 	// extra headers required by the GitHub API when making authenticated requests
+// 	extraHeaders := map[string]string{
+// 		acceptHeader: "application/vnd.github.v3+json",
+// 	}
+// 	return makeAuthorizationHeader(tokenTypeToken, accessToken, extraHeaders)
+// }
+
+// ValidateSession validates the AccessToken
+// func (p *GitHubProvider) ValidateSession(ctx context.Context, s *sessions.SessionState) bool {
+// 	return validateToken(ctx, p, s.AccessToken, makeGitHubHeader(s.AccessToken))
+// }
diff --git a/providers/oidc.go b/providers/oidc.go
@@ -7,9 +7,9 @@ import (
 	"net/http"
 	"net/url"
 
-	"github.com/higress-group/oauth2-proxy/pkg/apis/options"
-	"github.com/higress-group/oauth2-proxy/pkg/apis/sessions"
-	"github.com/higress-group/oauth2-proxy/pkg/util"
+	"github.com/Jing-ze/oauth2-proxy/pkg/apis/options"
+	"github.com/Jing-ze/oauth2-proxy/pkg/apis/sessions"
+	"github.com/Jing-ze/oauth2-proxy/pkg/util"
 
 	"github.com/alibaba/higress/plugins/wasm-go/pkg/wrapper"
 )