kill oidc well known middleware and move it to static route

Signed-off-by: Christian Richter <crichter@owncloud.com>
2025-12-31 01:10:20 -06:00 · 2024-02-28 12:48:34 +01:00
parent 1323a554bc
commit 29549fade7
4 changed files with 62 additions and 69 deletions
--- a/services/proxy/pkg/command/server.go
+++ b/services/proxy/pkg/command/server.go
@@ -313,11 +313,6 @@ func loadMiddlewares(ctx context.Context, logger log.Logger, cfg *config.Config,
 		chimiddleware.RequestID,
 		middleware.AccessLog(logger),
 		middleware.HTTPSRedirect,
-		middleware.OIDCWellKnownRewrite(
-			logger, cfg.OIDC.Issuer,
-			cfg.OIDC.RewriteWellKnown,
-			oidcHTTPClient,
-		),
 		router.Middleware(cfg.PolicySelector, cfg.Policies, logger),
 		middleware.Authentication(
 			authenticators,
--- a/services/proxy/pkg/middleware/oidc_well-known.go
+++ b/services/proxy/pkg/middleware/oidc_well-known.go
@@ -1,56 +0,0 @@
-package middleware
-
-import (
-	"io"
-	"net/http"
-	"net/url"
-	"path"
-
-	"github.com/owncloud/ocis/v2/ocis-pkg/log"
-)
-
-var (
-	wellKnownPath = "/.well-known/openid-configuration"
-)
-
-// OIDCWellKnownRewrite is a middleware that rewrites the /.well-known/openid-configuration endpoint for external IDPs.
-func OIDCWellKnownRewrite(logger log.Logger, oidcISS string, rewrite bool, oidcClient *http.Client) func(http.Handler) http.Handler {
-
-	oidcURL, _ := url.Parse(oidcISS)
-	oidcURL.Path = path.Join(oidcURL.Path, wellKnownPath)
-
-	return func(next http.Handler) http.Handler {
-		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-			if rewrite && path.Clean(r.URL.Path) == wellKnownPath {
-
-				wellKnownRes, err := oidcClient.Get(oidcURL.String())
-				if err != nil {
-					logger.Error().
-						Err(err).
-						Str("middleware", "oidc wellknown rewrite").
-						Str("url", oidcURL.String()).
-						Msg("get information from url failed")
-					w.WriteHeader(http.StatusInternalServerError)
-					return
-				}
-
-				defer wellKnownRes.Body.Close()
-
-				copyHeader(w.Header(), wellKnownRes.Header)
-				w.WriteHeader(wellKnownRes.StatusCode)
-				io.Copy(w, wellKnownRes.Body)
-
-				return
-			}
-			next.ServeHTTP(w, r)
-		})
-	}
-}
-
-func copyHeader(dst, src http.Header) {
-	for k, vv := range src {
-		for _, v := range vv {
-			dst.Add(k, v)
-		}
-	}
-}
--- a/services/proxy/pkg/staticroutes/oidc_well-known.go
+++ b/services/proxy/pkg/staticroutes/oidc_well-known.go
@@ -0,0 +1,43 @@
+package staticroutes
+
+import (
+	"io"
+	"net/http"
+)
+
+var (
+	wellKnownPath = "/.well-known/openid-configuration"
+)
+
+//oidcURL, _ := url.Parse(oidcISS)
+//oidcURL.Path = path.Join(oidcURL.Path, wellKnownPath)
+
+// OIDCWellKnownRewrite is a middleware that rewrites the /.well-known/openid-configuration endpoint for external IDPs.
+func (s *StaticRouteHandler) OIDCWellKnownRewrite(w http.ResponseWriter, r *http.Request) {
+	wellKnownRes, err := s.OidcHttpClient.Get(s.oidcURL.String())
+	if err != nil {
+		s.Logger.Error().
+			Err(err).
+			Str("middleware", "oidc wellknown rewrite").
+			Str("url", s.oidcURL.String()).
+			Msg("get information from url failed")
+		w.WriteHeader(http.StatusInternalServerError)
+		return
+	}
+
+	defer wellKnownRes.Body.Close()
+
+	copyHeader(w.Header(), wellKnownRes.Header)
+	w.WriteHeader(wellKnownRes.StatusCode)
+	io.Copy(w, wellKnownRes.Body)
+
+	return
+}
+
+func copyHeader(dst, src http.Header) {
+	for k, vv := range src {
+		for _, v := range vv {
+			dst.Add(k, v)
+		}
+	}
+}
--- a/services/proxy/pkg/staticroutes/staticroutes.go
+++ b/services/proxy/pkg/staticroutes/staticroutes.go
@@ -7,16 +7,21 @@ import (
 	"github.com/owncloud/ocis/v2/services/proxy/pkg/config"
 	microstore "go-micro.dev/v4/store"
 	"net/http"
+	"net/url"
+	"path"
 )

 // StaticRouteHandler defines a Route Handler for static routes
 type StaticRouteHandler struct {
-	Prefix        string
-	Proxy         http.Handler
-	UserInfoCache microstore.Store
-	Logger        log.Logger
-	Config        config.Config
-	OidcClient    oidc.OIDCClient
+	Prefix         string
+	Proxy          http.Handler
+	UserInfoCache  microstore.Store
+	Logger         log.Logger
+	Config         config.Config
+	OidcClient     oidc.OIDCClient
+	OidcHttpClient *http.Client
+
+	oidcURL *url.URL
 }

 type jse struct {
@@ -25,13 +30,19 @@ type jse struct {
 }

 func (s *StaticRouteHandler) Handler() http.Handler {
+	s.oidcURL, _ = url.Parse(s.Config.OIDC.Issuer)
+	s.oidcURL.Path = path.Join(s.oidcURL.Path, wellKnownPath)
 	m := chi.NewMux()
 	m.Route(s.Prefix, func(r chi.Router) {
+
 		// Wrapper for backchannel logout
 		r.Post("/backchannel_logout", s.backchannelLogout)

-		// TODO: migrate oidc well knowns here in a second wrapper
-
+		// openid .well-known
+		if s.Config.OIDC.RewriteWellKnown {
+			r.Get("/.well-known/openid-configuration", s.OIDCWellKnownRewrite)
+		}
+		
 		// Send all requests to the proxy handler
 		r.HandleFunc("/*", s.Proxy.ServeHTTP)
 	})