repo-mirrors/traefik-github-oauth-plugin
1
0
Fork 0
mirror of https://github.com/MuXiu1997/traefik-github-oauth-plugin synced 2025-12-17 18:31:27 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: set no cache headers

Browse Source
This commit is contained in:
MuXiu1997
2023-02-04 19:09:00 +08:00
parent 3c01f5c4fa
commit 316878f0d3
3 changed files with 21 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
internal/app/traefik-github-oauth-server/router/oauth.go
View File

@@ -23,6 +23,7 @@ var (
func generateOAuthPageURL(app *server.App) gin.HandlerFunc { func generateOAuthPageURL(app *server.App) gin.HandlerFunc {
return func(c *gin.Context) { return func(c *gin.Context) {
setNoCacheHeaders(c)
body := model.RequestGenerateOAuthPageURL{} body := model.RequestGenerateOAuthPageURL{}
err := c.ShouldBindJSON(&body) err := c.ShouldBindJSON(&body)
if err != nil { if err != nil {
@@ -69,6 +70,7 @@ func generateOAuthPageURL(app *server.App) gin.HandlerFunc {
func redirect(app *server.App) gin.HandlerFunc { func redirect(app *server.App) gin.HandlerFunc {
return func(c *gin.Context) { return func(c *gin.Context) {
setNoCacheHeaders(c)
query := model.RequestRedirect{} query := model.RequestRedirect{}
err := c.BindQuery(&query) err := c.BindQuery(&query)
if err != nil { if err != nil {
@@ -120,6 +122,7 @@ func redirect(app *server.App) gin.HandlerFunc {
func getAuthResult(app *server.App) gin.HandlerFunc { func getAuthResult(app *server.App) gin.HandlerFunc {
return func(c *gin.Context) { return func(c *gin.Context) {
setNoCacheHeaders(c)
query := model.RequestGetAuthResult{} query := model.RequestGetAuthResult{}
err := c.ShouldBindQuery(&query) err := c.ShouldBindQuery(&query)
if err != nil { if err != nil {
@@ -181,3 +184,9 @@ func buildRedirectURI(apiBaseUrl, rid string) (string, error) {
redirectURI.RawQuery = redirectURLQuery.Encode() redirectURI.RawQuery = redirectURLQuery.Encode()
return redirectURI.String(), nil return redirectURI.String(), nil
} }
func setNoCacheHeaders(c *gin.Context) {
c.Header(constant.HTTP_HEADER_CACHE_CONTROL, "no-cache, no-store, must-revalidate, private")
c.Header(constant.HTTP_HEADER_PRAGMA, "no-cache")
c.Header(constant.HTTP_HEADER_EXPIRES, "0")
}

3
internal/pkg/constant/constant.go
View File

@@ -15,6 +15,9 @@ const (
QUERY_KEY_REQUEST_ID = "rid" QUERY_KEY_REQUEST_ID = "rid"
HTTP_HEADER_AUTHORIZATION = "Authorization" HTTP_HEADER_AUTHORIZATION = "Authorization"
HTTP_HEADER_CACHE_CONTROL = "Cache-Control"
HTTP_HEADER_PRAGMA = "Pragma"
HTTP_HEADER_EXPIRES = "Expires"
AUTHORIZATION_PREFIX_TOKEN = "token" AUTHORIZATION_PREFIX_TOKEN = "token"
) )

9
middleware_plugin.go
View File

@@ -135,6 +135,7 @@ func (p *TraefikGithubOauthMiddleware) handleRequest(rw http.ResponseWriter, req
return return
} }
if !p.whitelistIdSet.Has(user.Id) && !p.whitelistLoginSet.Has(user.Login) { if !p.whitelistIdSet.Has(user.Id) && !p.whitelistLoginSet.Has(user.Login) {
setNoCacheHeaders(rw)
http.Error(rw, "not in whitelist", http.StatusForbidden) http.Error(rw, "not in whitelist", http.StatusForbidden)
return return
} }
@@ -143,6 +144,7 @@ func (p *TraefikGithubOauthMiddleware) handleRequest(rw http.ResponseWriter, req
// handleAuthRequest // handleAuthRequest
func (p *TraefikGithubOauthMiddleware) handleAuthRequest(rw http.ResponseWriter, req *http.Request) { func (p *TraefikGithubOauthMiddleware) handleAuthRequest(rw http.ResponseWriter, req *http.Request) {
setNoCacheHeaders(rw)
rid := req.URL.Query().Get(constant.QUERY_KEY_REQUEST_ID) rid := req.URL.Query().Get(constant.QUERY_KEY_REQUEST_ID)
result, err := p.getAuthResult(rid) result, err := p.getAuthResult(rid)
if err != nil { if err != nil {
@@ -165,6 +167,7 @@ func (p *TraefikGithubOauthMiddleware) handleAuthRequest(rw http.ResponseWriter,
} }
func (p *TraefikGithubOauthMiddleware) redirectToOAuthPage(rw http.ResponseWriter, req *http.Request) { func (p *TraefikGithubOauthMiddleware) redirectToOAuthPage(rw http.ResponseWriter, req *http.Request) {
setNoCacheHeaders(rw)
oAuthPageURL, err := p.generateOAuthPageURL(getRawRequestUrl(req), p.getAuthURL(req)) oAuthPageURL, err := p.generateOAuthPageURL(getRawRequestUrl(req), p.getAuthURL(req))
if err != nil { if err != nil {
p.logger.Debugf("redirectToOAuthPage: generateOAuthPageURL: %s\n", err.Error()) p.logger.Debugf("redirectToOAuthPage: generateOAuthPageURL: %s\n", err.Error())
@@ -243,6 +246,12 @@ func (p *TraefikGithubOauthMiddleware) getAuthURL(originalReq *http.Request) str
return builder.String() return builder.String()
} }
func setNoCacheHeaders(rw http.ResponseWriter) {
rw.Header().Set(constant.HTTP_HEADER_CACHE_CONTROL, "no-cache, no-store, must-revalidate, private")
rw.Header().Set(constant.HTTP_HEADER_PRAGMA, "no-cache")
rw.Header().Set(constant.HTTP_HEADER_EXPIRES, "0")
}
func getRawRequestUrl(originalReq *http.Request) string { func getRawRequestUrl(originalReq *http.Request) string {
var builder strings.Builder var builder strings.Builder
scheme := "http" scheme := "http"