Skip to content
This repository has been archived by the owner on Dec 7, 2020. It is now read-only.

Commit

Permalink
CLI Options (#164)
Browse files Browse the repository at this point in the history
- using the reflection library to parse the command line options
- updating the changelog to reflect the changes
  • Loading branch information
gambol99 authored Dec 19, 2016
1 parent 2ee7ae9 commit 4b83ccd
Show file tree
Hide file tree
Showing 8 changed files with 114 additions and 210 deletions.
3 changes: 3 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,9 @@ FIXES:

BREAKING CHANGES:
* The login handler by default has been switched off, you must enable for --enable-login-handler
* Changed the CORS format in the configuration file
* Changed the command line options scope -> scopes
* Changed the command line options log-json-format -> json-format

#### **1.2.8**

Expand Down
239 changes: 60 additions & 179 deletions cli.go
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@ import (
"fmt"
"os"
"os/signal"
"reflect"
"syscall"

"github.com/urfave/cli"
Expand Down Expand Up @@ -92,7 +93,6 @@ func newOauthProxyApp() *cli.App {
// getCLIOptions returns the command line options
func getCLIOptions() []cli.Flag {
defaults := newDefaultConfig()

return []cli.Flag{
cli.StringFlag{
Name: "config",
Expand All @@ -105,6 +105,16 @@ func getCLIOptions() []cli.Flag {
Value: defaults.Listen,
EnvVar: "PROXY_LISTEN",
},
cli.StringFlag{
Name: "listen-http",
Usage: "the interface you want the http-only service to use on",
EnvVar: "PROXY_HTTP_LISTEN",
},
cli.StringFlag{
Name: "discovery-url",
Usage: "the discovery url to retrieve the openid configuration",
EnvVar: "PROXY_DISCOVERY_URL",
},
cli.StringFlag{
Name: "client-secret",
Usage: "the client secret used to authenticate to the oauth server (access_type: confidential)",
Expand All @@ -115,13 +125,8 @@ func getCLIOptions() []cli.Flag {
Usage: "the client id used to authenticate to the oauth service",
EnvVar: "PROXY_CLIENT_ID",
},
cli.StringFlag{
Name: "discovery-url",
Usage: "the discovery url to retrieve the openid configuration",
EnvVar: "PROXY_DISCOVERY_URL",
},
cli.StringSliceFlag{
Name: "scope",
Name: "scopes",
Usage: "a variable list of scopes requested when authenticating the user",
},
cli.BoolFlag{
Expand Down Expand Up @@ -149,10 +154,6 @@ func getCLIOptions() []cli.Flag {
Value: defaults.Upstream,
EnvVar: "PROXY_UPSTREAM_URL",
},
cli.BoolFlag{
Name: "enable-login-handler",
Usage: "this enables the login hanlder /oauth/login, by default this is disabled",
},
cli.BoolTFlag{
Name: "upstream-keepalives",
Usage: "enables or disables the keepalive connections for upstream endpoint",
Expand All @@ -167,14 +168,6 @@ func getCLIOptions() []cli.Flag {
Usage: "specifies the keep-alive period for an active network connection",
Value: defaults.UpstreamKeepaliveTimeout,
},
cli.BoolTFlag{
Name: "enable-authorization-header",
Usage: "adds the authorization header to the proxy request",
},
cli.BoolFlag{
Name: "enable-refresh-tokens",
Usage: "enables the handling of the refresh tokens",
},
cli.BoolTFlag{
Name: "secure-cookie",
Usage: "enforces the cookie to be secure, default to true",
Expand Down Expand Up @@ -210,6 +203,18 @@ func getCLIOptions() []cli.Flag {
Usage: "a list of hostnames the service will respond to, defaults to all",
},
cli.BoolFlag{
Name: "enable-login-handler",
Usage: "this enables the login hanlder /oauth/login, by default this is disabled",
},
cli.BoolTFlag{
Name: "enable-authorization-header",
Usage: "adds the authorization header to the proxy request",
},
cli.BoolTFlag{
Name: "enable-refresh-tokens",
Usage: "enables the handling of the refresh tokens",
},
cli.BoolTFlag{
Name: "enable-metrics",
Usage: "enable the prometheus metrics collector on /oauth/metrics",
},
Expand All @@ -225,6 +230,14 @@ func getCLIOptions() []cli.Flag {
Name: "enable-forwarding",
Usage: "enables the forwarding proxy mode, signing outbound request",
},
cli.BoolTFlag{
Name: "enable-profiling",
Usage: "switching on the golang profiling via pprof on /debug/pprof, /debug/pprof/heap etc",
},
cli.BoolTFlag{
Name: "enable-security-filter",
Usage: "enables the security filter handler",
},
cli.StringFlag{
Name: "forwarding-username",
Usage: "the username to use when logging into the openid provider",
Expand Down Expand Up @@ -282,7 +295,7 @@ func getCLIOptions() []cli.Flag {
Usage: "Add custom headers to the upstream request, key=value",
},
cli.StringFlag{
Name: "signin-page",
Name: "sign-in-page",
Usage: "a custom template displayed for signin",
},
cli.StringFlag{
Expand Down Expand Up @@ -318,12 +331,12 @@ func getCLIOptions() []cli.Flag {
Usage: "the credentials access control header (Access-Control-Allow-Credentials)",
},
cli.BoolTFlag{
Name: "enable-profiling",
Usage: "switching on the golang profiling via pprof on /debug/pprof, /debug/pprof/heap etc",
Name: "filter-browser-xss",
Usage: "enable the adds the X-XSS-Protection header with mode=block",
},
cli.BoolTFlag{
Name: "enable-security-filter",
Usage: "enables the security filter handler",
Name: "filter-content-nosniff",
Usage: "adds the X-Content-Type-Options header with the value nosniff",
},
cli.BoolFlag{
Name: "skip-token-verification",
Expand All @@ -349,161 +362,29 @@ func getCLIOptions() []cli.Flag {
// @TODO look for a shorter way of doing this, we're maintaining the same options in multiple places, it's tedious!
//
func parseCLIOptions(cx *cli.Context, config *Config) (err error) {
if cx.String("listen") != "" {
config.Listen = cx.String("listen")
}
if cx.String("client-secret") != "" {
config.ClientSecret = cx.String("client-secret")
}
if cx.String("client-id") != "" {
config.ClientID = cx.String("client-id")
}
if cx.String("discovery-url") != "" {
config.DiscoveryURL = cx.String("discovery-url")
}
if cx.String("upstream-url") != "" {
config.Upstream = cx.String("upstream-url")
}
if cx.String("revocation-url") != "" {
config.RevocationEndpoint = cx.String("revocation-url")
}
if cx.IsSet("upstream-keepalives") {
config.UpstreamKeepalives = cx.Bool("upstream-keepalives")
}
if cx.IsSet("upstream-timeout") {
config.UpstreamTimeout = cx.Duration("upstream-timeout")
}
if cx.IsSet("upstream-keepalive-timeout") {
config.UpstreamKeepaliveTimeout = cx.Duration("upstream-keepalive-timeout")
}
if cx.IsSet("skip-token-verification") {
config.SkipTokenVerification = cx.Bool("skip-token-verification")
}
if cx.IsSet("skip-upstream-tls-verify") {
config.SkipUpstreamTLSVerify = cx.Bool("skip-upstream-tls-verify")
}
if cx.IsSet("skip-openid-provider-tls-verify") {
config.SkipOpenIDProviderTLSVerify = cx.Bool("skip-openid-provider-tls-verify")
}
if cx.IsSet("encryption-key") {
config.EncryptionKey = cx.String("encryption-key")
}
if cx.IsSet("secure-cookie") {
config.SecureCookie = cx.Bool("secure-cookie")
}
if cx.IsSet("http-only-cookie") {
config.HTTPOnlyCookie = cx.Bool("http-only-cookie")
}
if cx.IsSet("cookie-access-name") {
config.CookieAccessName = cx.String("cookie-access-name")
}
if cx.IsSet("cookie-refresh-name") {
config.CookieRefreshName = cx.String("cookie-refresh-name")
}
if cx.IsSet("cookie-domain") {
config.CookieDomain = cx.String("cookie-domain")
}
if cx.IsSet("add-claims") {
config.AddClaims = append(config.AddClaims, cx.StringSlice("add-claims")...)
}
if cx.String("store-url") != "" {
config.StoreURL = cx.String("store-url")
}
if cx.IsSet("no-redirects") {
config.NoRedirects = cx.Bool("no-redirects")
}
if cx.String("redirection-url") != "" {
config.RedirectionURL = cx.String("redirection-url")
}
if cx.IsSet("tls-cert") {
config.TLSCertificate = cx.String("tls-cert")
}
if cx.IsSet("tls-private-key") {
config.TLSPrivateKey = cx.String("tls-private-key")
}
if cx.IsSet("tls-ca-certificate") {
config.TLSCaCertificate = cx.String("tls-ca-certificate")
}
if cx.IsSet("tls-ca-key") {
config.TLSCaPrivateKey = cx.String("tls-ca-key")
}
if cx.IsSet("tls-client-certificate") {
config.TLSClientCertificate = cx.String("tls-client-certificate")
}
if cx.IsSet("enable-login-handler") {
config.EnableLoginHandler = cx.Bool("enable-login-handler")
}
if cx.IsSet("enable-profiling") {
config.EnableProfiling = cx.Bool("enable-profiling")
}
if cx.IsSet("enable-metrics") {
config.EnableMetrics = cx.Bool("enable-metrics")
}
if cx.IsSet("localhost-only-metrics") {
config.LocalhostMetrics = cx.Bool("localhost-only-metrics")
}
if cx.IsSet("enable-proxy-protocol") {
config.EnableProxyProtocol = cx.Bool("enable-proxy-protocol")
}
if cx.IsSet("enable-forwarding") {
config.EnableForwarding = cx.Bool("enable-forwarding")
}
if cx.IsSet("enable-authorization-header") {
config.EnableAuthorizationHeader = cx.Bool("enable-authorization-header")
}
if cx.IsSet("enable-refresh-tokens") {
config.EnableRefreshTokens = cx.Bool("enable-refresh-tokens")
}
if cx.IsSet("forwarding-username") {
config.ForwardingUsername = cx.String("forwarding-username")
}
if cx.IsSet("forwarding-password") {
config.ForwardingPassword = cx.String("forwarding-password")
}
if cx.IsSet("forwarding-domains") {
config.ForwardingDomains = append(config.ForwardingDomains, cx.StringSlice("forwarding-domains")...)
}
if cx.IsSet("signin-page") {
config.SignInPage = cx.String("signin-page")
}
if cx.IsSet("forbidden-page") {
config.ForbiddenPage = cx.String("forbidden-page")
}
if cx.IsSet("enable-security-filter") {
config.EnableSecurityFilter = true
}
if cx.IsSet("json-logging") {
config.LogJSONFormat = cx.Bool("json-logging")
}
if cx.IsSet("log-requests") {
config.LogRequests = cx.Bool("log-requests")
}
if cx.IsSet("verbose") {
config.Verbose = cx.Bool("verbose")
}
if cx.IsSet("scope") {
config.Scopes = cx.StringSlice("scope")
}
if cx.IsSet("hostname") {
config.Hostnames = append(config.Hostnames, cx.StringSlice("hostname")...)
}
if cx.IsSet("cors-origins") {
config.CrossOrigin.Origins = append(config.CrossOrigin.Origins, cx.StringSlice("cors-origins")...)
}
if cx.IsSet("cors-methods") {
config.CrossOrigin.Methods = append(config.CrossOrigin.Methods, cx.StringSlice("cors-methods")...)
}
if cx.IsSet("cors-headers") {
config.CrossOrigin.Headers = append(config.CrossOrigin.Headers, cx.StringSlice("cors-headers")...)
}
if cx.IsSet("cors-exposed-headers") {
config.CrossOrigin.ExposedHeaders = append(config.CrossOrigin.ExposedHeaders, cx.StringSlice("cors-exposed-headers")...)
}
if cx.IsSet("cors-max-age") {
config.CrossOrigin.MaxAge = cx.Duration("cors-max-age")
}
if cx.IsSet("cors-credentials") {
config.CrossOrigin.Credentials = cx.BoolT("cors-credentials")
// step: we can ignore these options in the Config struct
ignoredOptions := []string{"tag-data", "match-claims", "resources", "headers"}
// step: iterate the Config and grab command line options via reflection
count := reflect.TypeOf(config).Elem().NumField()
for i := 0; i < count; i++ {
field := reflect.TypeOf(config).Elem().Field(i)
name := field.Tag.Get("yaml")
if containedIn(name, ignoredOptions) {
continue
}

if cx.IsSet(name) {
switch field.Type.Kind() {
case reflect.Bool:
reflect.ValueOf(config).Elem().FieldByName(field.Name).SetBool(cx.Bool(name))
case reflect.String:
reflect.ValueOf(config).Elem().FieldByName(field.Name).SetString(cx.String(name))
case reflect.Slice:
for _, x := range cx.StringSlice(name) {
reflect.Append(reflect.ValueOf(config).Elem().FieldByName(field.Name), reflect.ValueOf(x))
}
}
}
}
if cx.IsSet("tag") {
tags, err := decodeKeyPairs(cx.StringSlice("tag"))
Expand Down
1 change: 0 additions & 1 deletion config.go
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,6 @@ func newDefaultConfig() *Config {
SecureCookie: true,
SkipUpstreamTLSVerify: true,
SkipOpenIDProviderTLSVerify: false,
CrossOrigin: CORS{},
}
}

Expand Down
Loading

0 comments on commit 4b83ccd

Please sign in to comment.