fix internal OIDC path handling.

handle controller detail missing API
openziti · Jan 28, 2025 · 8057194 · 8057194
1 parent 3142819
commit 8057194
Show file tree

Hide file tree

Showing 4 changed files with 19 additions and 11 deletions.
diff --git a/deps/CMakeLists.txt b/deps/CMakeLists.txt
@@ -9,7 +9,7 @@ if (NOT TARGET tlsuv)
     else ()
         FetchContent_Declare(tlsuv
                 GIT_REPOSITORY https://github.com/openziti/tlsuv.git
-                GIT_TAG v0.33.4
+                GIT_TAG v0.33.5
         )
         FetchContent_MakeAvailable(tlsuv)
     endif (tlsuv_DIR)

diff --git a/library/ha_auth.c b/library/ha_auth.c
@@ -79,15 +79,18 @@ ziti_auth_method_t *new_ha_auth(uv_loop_t *l, model_list* urls, tls_context *tls
         .name = "ziti-internal-oidc",
         .enabled = true,
         .provider_url = (char*) model_list_head(&auth->urls),
+        .target_token = ziti_target_token_access_token,
     };
-
+    model_list_append(&auth->config.scopes, "offline_access");
 
     oidc_client_init(l, &auth->oidc, &auth->config, tls);
     return &auth->api;
 }
 
 static void close_cb(oidc_client_t *oidc) {
     struct ha_auth_s *auth = HA_AUTH_FROM_OIDC(oidc);
+    model_list_clear(&auth->urls, free);
+    model_list_clear(&auth->config.scopes, NULL);
     free(auth);
 }
 

diff --git a/library/oidc.c b/library/oidc.c
@@ -451,7 +451,7 @@ static void login_cb(tlsuv_http_resp_t *http_resp, void *ctx) {
         const char *redirect = tlsuv_http_resp_header(http_resp, "Location");
         struct tlsuv_url_s uri;
         tlsuv_parse_url(&uri, redirect);
-
+        tlsuv_http_set_path_prefix(&req->clt->http, NULL);
         tlsuv_http_req(&req->clt->http, "GET", uri.path, code_cb, req);
     } else {
         failed_auth_req(req, http_resp->status);
@@ -474,7 +474,8 @@ static void auth_cb(tlsuv_http_resp_t *http_resp, void *ctx) {
             path = "/oidc/login/cert";
         }
         ZITI_LOG(DEBUG, "login with path[%s] ", path);
-        tlsuv_http_req_t *login_req = tlsuv_http_req(&req->clt->http, "POST", path, login_cb, req);
+        tlsuv_http_set_path_prefix(&req->clt->http, path);
+        tlsuv_http_req_t *login_req = tlsuv_http_req(&req->clt->http, "POST", NULL, login_cb, req);
         if (req->clt->jwt_token_auth) {
             tlsuv_http_req_header(login_req, "Authorization", req->clt->jwt_token_auth);
         }

diff --git a/library/ziti.c b/library/ziti.c
@@ -326,21 +326,25 @@ static void ctrl_list_cb(ziti_controller_detail_array ctrls, const ziti_error *e
 
     bool changed = false;
     for (int i = 0; ctrls[i] != NULL; i++) {
-        const ziti_controller_detail *detail = ctrls[i];
-        const api_address *api = model_list_head(&detail->apis.edge);
-        ZTX_LOG(INFO, "controller[%s/%s] url[%s]", detail->name, detail->id, FIELD_OR_ELSE(api, url, "<unset>"));
+        ziti_controller_detail *detail = ctrls[i];
+        const api_address *edge_api = model_list_head(&detail->apis.edge);
 
-        model_map_set(&ztx->ctrl_details, detail->id, detail);
+        if (edge_api && edge_api->url) {
+            ZTX_LOG(INFO, "controller[%s/%s] url[%s]", detail->name, detail->id, edge_api->url);
 
-        if (api->url) {
-            char *old_url = model_map_remove(&diff, api->url);
+            model_map_set(&ztx->ctrl_details, detail->id, detail);
+
+            char *old_url = model_map_remove(&diff, edge_api->url);
             if (old_url == NULL) {
                 changed = true;
             } else {
                 free(old_url);
             }
 
-            model_list_append(&ztx->config.controllers, strdup(api->url));
+            model_list_append(&ztx->config.controllers, strdup(edge_api->url));
+        } else {
+            ZTX_LOG(INFO, "controller[%s/%s]: no Edge API", detail->name, detail->id);
+            free_ziti_controller_detail_ptr(detail);
         }
     }
     changed = changed || (model_map_size(&diff) > 0);