Refactor getPAT, linting fixes (#451)

Refactor getPAT, linting fixes
gogatekeeper · Apr 24, 2024 · 988bcbc · 988bcbc
1 parent 20c872f
commit 988bcbc
Show file tree

Hide file tree

Showing 19 changed files with 193 additions and 117 deletions.
diff --git a/cmd/google/gatekeeper-google.go b/cmd/google/gatekeeper-google.go
@@ -0,0 +1,28 @@
+/*
+Copyright 2015 All rights reserved.
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package main
+
+import (
+	"os"
+
+	googlecore "github.com/gogatekeeper/gatekeeper/pkg/google/proxy/core"
+	"github.com/gogatekeeper/gatekeeper/pkg/proxy"
+)
+
+func main() {
+	app := proxy.NewOauthProxyApp(googlecore.Provider)
+	_ = app.Run(os.Args)
+}
diff --git a/cmd/gatekeeper-keycloak.go → cmd/keycloak/gatekeeper-keycloak.go b/cmd/gatekeeper-keycloak.go → cmd/keycloak/gatekeeper-keycloak.go
@@ -18,10 +18,11 @@ package main
 import (
 	"os"
 
+	keycloakcore "github.com/gogatekeeper/gatekeeper/pkg/keycloak/proxy/core"
 	"github.com/gogatekeeper/gatekeeper/pkg/proxy"
 )
 
 func main() {
-	app := proxy.NewOauthProxyApp()
+	app := proxy.NewOauthProxyApp(keycloakcore.Provider)
 	_ = app.Run(os.Args)
 }
diff --git a/e2e/e2e_test.go b/e2e/e2e_test.go
@@ -10,6 +10,7 @@ import (
 	"net/http/httptest"
 	"net/url"
 	"os"
+	"strconv"
 	"strings"
 	"time"
 
@@ -20,6 +21,7 @@ import (
 
 	resty "github.com/go-resty/resty/v2"
 	"github.com/gogatekeeper/gatekeeper/pkg/constant"
+	keycloakcore "github.com/gogatekeeper/gatekeeper/pkg/keycloak/proxy/core"
 	"github.com/gogatekeeper/gatekeeper/pkg/proxy"
 	"github.com/gogatekeeper/gatekeeper/pkg/testsuite"
 )
@@ -34,6 +36,10 @@ const (
 	umaTestClientSecret     = "A5vokiGdI3H2r4aXFrANbKvn4R7cbf6P"
 	timeout                 = time.Second * 300
 	idpURI                  = "http://localhost:8081"
+	localURI                = "http://localhost:"
+	logoutURI               = "/oauth/logout"
+	allInterfaces           = "0.0.0.0:"
+	anyURI                  = "/any"
 	testUser                = "myuser"
 	testPass                = "baba1234"
 	testPath                = "/test"
@@ -52,13 +58,14 @@ func generateRandomPort() string {
 	rg := rand.New(rand.NewSource(time.Now().UnixNano()))
 	min := 1024
 	max := 65000
-	return fmt.Sprintf("%d", rg.Intn(max-min+1)+min)
+	return strconv.Itoa(rg.Intn(max-min+1) + min)
 }
 
 func startAndWait(portNum string, osArgs []string) {
 	go func() {
 		defer GinkgoRecover()
-		app := proxy.NewOauthProxyApp()
+
+		app := proxy.NewOauthProxyApp(keycloakcore.Provider)
 		Expect(app.Run(osArgs)).To(Succeed())
 	}()
 
@@ -106,13 +113,13 @@ var _ = Describe("NoRedirects Simple login/logout", func() {
 	BeforeEach(func() {
 		server := httptest.NewServer(&testsuite.FakeUpstreamService{})
 		portNum = generateRandomPort()
-		proxyAddress = "http://localhost:" + portNum
+		proxyAddress = localURI + portNum
 
 		osArgs := []string{os.Args[0]}
 		proxyArgs := []string{
 			"--discovery-url=" + idpRealmURI,
 			"--openid-provider-timeout=120s",
-			"--listen=" + "0.0.0.0:" + portNum,
+			"--listen=" + allInterfaces + portNum,
 			"--client-id=" + testClient,
 			"--client-secret=" + testClientSecret,
 			"--upstream-url=" + server.URL,
@@ -149,7 +156,7 @@ var _ = Describe("NoRedirects Simple login/logout", func() {
 				Expect(resp.StatusCode()).To(Equal(http.StatusOK))
 
 				request = resty.New().R().SetAuthToken(respToken.AccessToken)
-				resp, err = request.Get(proxyAddress + "/oauth/logout")
+				resp, err = request.Get(proxyAddress + logoutURI)
 				Expect(err).NotTo(HaveOccurred())
 				Expect(resp.StatusCode()).To(Equal(http.StatusOK))
 			},
@@ -164,13 +171,13 @@ var _ = Describe("Code Flow login/logout", func() {
 	BeforeEach(func() {
 		server := httptest.NewServer(&testsuite.FakeUpstreamService{})
 		portNum = generateRandomPort()
-		proxyAddress = "http://localhost:" + portNum
+		proxyAddress = localURI + portNum
 
 		osArgs := []string{os.Args[0]}
 		proxyArgs := []string{
 			"--discovery-url=" + idpRealmURI,
 			"--openid-provider-timeout=120s",
-			"--listen=" + "0.0.0.0:" + portNum,
+			"--listen=" + allInterfaces + portNum,
 			"--client-id=" + testClient,
 			"--client-secret=" + testClientSecret,
 			"--upstream-url=" + server.URL,
@@ -215,11 +222,11 @@ var _ = Describe("Code Flow login/logout", func() {
 
 				By("wait for access token expiration")
 				time.Sleep(32 * time.Second)
-				resp, err = rClient.R().Get(proxyAddress + "/any")
+				resp, err = rClient.R().Get(proxyAddress + anyURI)
 				Expect(err).NotTo(HaveOccurred())
 				Expect(resp.Header().Get("Proxy-Accepted")).To(Equal("true"))
 				body = resp.Body()
-				Expect(strings.Contains(string(body), "/any")).To(BeTrue())
+				Expect(strings.Contains(string(body), anyURI)).To(BeTrue())
 				Expect(resp.StatusCode()).To(Equal(http.StatusOK))
 				Expect(err).NotTo(HaveOccurred())
 				cookiesAfterRefresh := rClient.GetClient().Jar.Cookies(jarURI)
@@ -235,15 +242,15 @@ var _ = Describe("Code Flow login/logout", func() {
 				Expect(accessCookieLogin).NotTo(Equal(accessCookieAfterRefresh))
 
 				By("make another request with new access token")
-				resp, err = rClient.R().Get(proxyAddress + "/any")
+				resp, err = rClient.R().Get(proxyAddress + anyURI)
 				Expect(err).NotTo(HaveOccurred())
 				Expect(resp.Header().Get("Proxy-Accepted")).To(Equal("true"))
 				body = resp.Body()
-				Expect(strings.Contains(string(body), "/any")).To(BeTrue())
+				Expect(strings.Contains(string(body), anyURI)).To(BeTrue())
 				Expect(resp.StatusCode()).To(Equal(http.StatusOK))
 
 				By("log out")
-				resp, err = rClient.R().Get(proxyAddress + "/oauth/logout")
+				resp, err = rClient.R().Get(proxyAddress + logoutURI)
 				Expect(err).NotTo(HaveOccurred())
 				Expect(resp.StatusCode()).To(Equal(http.StatusOK))
 
@@ -285,13 +292,13 @@ var _ = Describe("Code Flow login/logout", func() {
 				rClient.GetClient().Jar.SetCookies(jarURI, cookiesLogin)
 
 				By("make another request with forged access token")
-				resp, err = rClient.R().Get(proxyAddress + "/any")
+				resp, err = rClient.R().Get(proxyAddress + anyURI)
 				Expect(err).NotTo(HaveOccurred())
-				Expect(strings.Contains(string(body), "/any")).To(BeFalse())
+				Expect(strings.Contains(string(body), anyURI)).To(BeFalse())
 				Expect(resp.StatusCode()).To(Equal(http.StatusForbidden))
 
 				By("log out")
-				resp, err = rClient.R().Get(proxyAddress + "/oauth/logout")
+				resp, err = rClient.R().Get(proxyAddress + logoutURI)
 				Expect(err).NotTo(HaveOccurred())
 				Expect(resp.StatusCode()).To(Equal(http.StatusForbidden))
 			},
@@ -306,12 +313,12 @@ var _ = Describe("Code Flow PKCE login/logout", func() {
 	BeforeEach(func() {
 		server := httptest.NewServer(&testsuite.FakeUpstreamService{})
 		portNum = generateRandomPort()
-		proxyAddress = "http://localhost:" + portNum
+		proxyAddress = localURI + portNum
 		osArgs := []string{os.Args[0]}
 		proxyArgs := []string{
 			"--discovery-url=" + idpRealmURI,
 			"--openid-provider-timeout=120s",
-			"--listen=" + "0.0.0.0:" + portNum,
+			"--listen=" + allInterfaces + portNum,
 			"--client-id=" + pkceTestClient,
 			"--client-secret=" + pkceTestClientSecret,
 			"--upstream-url=" + server.URL,
@@ -341,7 +348,7 @@ var _ = Describe("Code Flow PKCE login/logout", func() {
 				body := resp.Body()
 				Expect(strings.Contains(string(body), pkceCookieName)).To(BeTrue())
 
-				resp, err = rClient.R().Get(proxyAddress + "/oauth/logout")
+				resp, err = rClient.R().Get(proxyAddress + logoutURI)
 				Expect(err).NotTo(HaveOccurred())
 				Expect(resp.StatusCode()).To(Equal(http.StatusOK))
 
@@ -367,7 +374,7 @@ var _ = Describe("Code Flow login/logout with session check", func() {
 		proxyArgs := []string{
 			"--discovery-url=" + idpRealmURI,
 			"--openid-provider-timeout=120s",
-			"--listen=" + "0.0.0.0:" + portNum,
+			"--listen=" + allInterfaces + portNum,
 			"--client-id=" + testClient,
 			"--client-secret=" + testClientSecret,
 			"--upstream-url=" + server.URL,
@@ -386,12 +393,12 @@ var _ = Describe("Code Flow login/logout with session check", func() {
 		startAndWait(portNum, osArgs)
 
 		portNum = generateRandomPort()
-		proxyAddressSec = "http://localhost:" + portNum
+		proxyAddressSec = localURI + portNum
 		osArgs = []string{os.Args[0]}
 		proxyArgs = []string{
 			"--discovery-url=" + idpRealmURI,
 			"--openid-provider-timeout=120s",
-			"--listen=" + "0.0.0.0:" + portNum,
+			"--listen=" + allInterfaces + portNum,
 			"--client-id=" + pkceTestClient,
 			"--client-secret=" + pkceTestClientSecret,
 			"--upstream-url=" + server.URL,
@@ -433,7 +440,7 @@ var _ = Describe("Code Flow login/logout with session check", func() {
 			Expect(strings.Contains(string(body), testPath)).To(BeTrue())
 
 			By("Logout user on first client")
-			resp, err = rClient.R().Get(proxyAddressFirst + "/oauth/logout")
+			resp, err = rClient.R().Get(proxyAddressFirst + logoutURI)
 			Expect(err).NotTo(HaveOccurred())
 			Expect(resp.StatusCode()).To(Equal(http.StatusOK))
 

diff --git a/e2e/e2e_uma_test.go b/e2e/e2e_uma_test.go
@@ -24,12 +24,12 @@ var _ = Describe("UMA Code Flow authorization", func() {
 	BeforeEach(func() {
 		server := httptest.NewServer(&testsuite.FakeUpstreamService{})
 		portNum = generateRandomPort()
-		proxyAddress = "http://localhost:" + portNum
+		proxyAddress = localURI + portNum
 		osArgs := []string{os.Args[0]}
 		proxyArgs := []string{
 			"--discovery-url=" + idpRealmURI,
 			"--openid-provider-timeout=120s",
-			"--listen=" + "0.0.0.0:" + portNum,
+			"--listen=" + allInterfaces + portNum,
 			"--client-id=" + umaTestClient,
 			"--client-secret=" + umaTestClientSecret,
 			"--upstream-url=" + server.URL,
@@ -63,7 +63,7 @@ var _ = Describe("UMA Code Flow authorization", func() {
 			Expect(resp.StatusCode()).To(Equal(http.StatusForbidden))
 			Expect(strings.Contains(string(body), umaCookieName)).To(BeFalse())
 
-			resp, err = rClient.R().Get(proxyAddress + "/oauth/logout")
+			resp, err = rClient.R().Get(proxyAddress + logoutURI)
 			Expect(err).NotTo(HaveOccurred())
 			Expect(resp.StatusCode()).To(Equal(http.StatusOK))
 
@@ -117,12 +117,12 @@ var _ = Describe("UMA Code Flow authorization with method scope", func() {
 	BeforeEach(func() {
 		server := httptest.NewServer(&testsuite.FakeUpstreamService{})
 		portNum = generateRandomPort()
-		proxyAddress = "http://localhost:" + portNum
+		proxyAddress = localURI + portNum
 		osArgs := []string{os.Args[0]}
 		proxyArgs := []string{
 			"--discovery-url=" + idpRealmURI,
 			"--openid-provider-timeout=120s",
-			"--listen=" + "0.0.0.0:" + portNum,
+			"--listen=" + allInterfaces + portNum,
 			"--client-id=" + umaTestClient,
 			"--client-secret=" + umaTestClientSecret,
 			"--upstream-url=" + server.URL,
@@ -159,7 +159,7 @@ var _ = Describe("UMA Code Flow authorization with method scope", func() {
 			Expect(resp.StatusCode()).To(Equal(http.StatusForbidden))
 			Expect(strings.Contains(string(body), umaCookieName)).To(BeFalse())
 
-			resp, err = rClient.R().Get(proxyAddress + "/oauth/logout")
+			resp, err = rClient.R().Get(proxyAddress + logoutURI)
 			Expect(err).NotTo(HaveOccurred())
 			Expect(resp.StatusCode()).To(Equal(http.StatusOK))
 
@@ -180,14 +180,14 @@ var _ = Describe("UMA no-redirects authorization with forwarding client credenti
 		server := httptest.NewServer(&testsuite.FakeUpstreamService{})
 		portNum = generateRandomPort()
 		fwdPortNum = generateRandomPort()
-		proxyAddress = "http://localhost:" + portNum
-		fwdProxyAddress = "http://localhost:" + fwdPortNum
+		proxyAddress = localURI + portNum
+		fwdProxyAddress = localURI + fwdPortNum
 		osArgs := []string{os.Args[0]}
 		fwdOsArgs := []string{os.Args[0]}
 		proxyArgs := []string{
 			"--discovery-url=" + idpRealmURI,
 			"--openid-provider-timeout=120s",
-			"--listen=" + "0.0.0.0:" + portNum,
+			"--listen=" + allInterfaces + portNum,
 			"--client-id=" + umaTestClient,
 			"--client-secret=" + umaTestClientSecret,
 			"--upstream-url=" + server.URL,
@@ -203,7 +203,7 @@ var _ = Describe("UMA no-redirects authorization with forwarding client credenti
 		fwdProxyArgs := []string{
 			"--discovery-url=" + idpRealmURI,
 			"--openid-provider-timeout=120s",
-			"--listen=" + "0.0.0.0:" + fwdPortNum,
+			"--listen=" + allInterfaces + fwdPortNum,
 			"--client-id=" + testClient,
 			"--client-secret=" + testClientSecret,
 			"--enable-uma=true",
@@ -260,14 +260,14 @@ var _ = Describe("UMA no-redirects authorization with forwarding direct access g
 		server := httptest.NewServer(&testsuite.FakeUpstreamService{})
 		portNum = generateRandomPort()
 		fwdPortNum = generateRandomPort()
-		proxyAddress = "http://localhost:" + portNum
-		fwdProxyAddress = "http://localhost:" + fwdPortNum
+		proxyAddress = localURI + portNum
+		fwdProxyAddress = localURI + fwdPortNum
 		osArgs := []string{os.Args[0]}
 		fwdOsArgs := []string{os.Args[0]}
 		proxyArgs := []string{
 			"--discovery-url=" + idpRealmURI,
 			"--openid-provider-timeout=120s",
-			"--listen=" + "0.0.0.0:" + portNum,
+			"--listen=" + allInterfaces + portNum,
 			"--client-id=" + umaTestClient,
 			"--client-secret=" + umaTestClientSecret,
 			"--upstream-url=" + server.URL,
@@ -284,7 +284,7 @@ var _ = Describe("UMA no-redirects authorization with forwarding direct access g
 		fwdProxyArgs := []string{
 			"--discovery-url=" + idpRealmURI,
 			"--openid-provider-timeout=120s",
-			"--listen=" + "0.0.0.0:" + fwdPortNum,
+			"--listen=" + allInterfaces + fwdPortNum,
 			"--client-id=" + testClient,
 			"--client-secret=" + testClientSecret,
 			"--forwarding-username=" + testUser,
@@ -356,12 +356,12 @@ var _ = Describe("UMA Code Flow, NOPROXY authorization with method scope", func(
 
 	BeforeEach(func() {
 		portNum = generateRandomPort()
-		proxyAddress = "http://localhost:" + portNum
+		proxyAddress = localURI + portNum
 		osArgs := []string{os.Args[0]}
 		proxyArgs := []string{
 			"--discovery-url=" + idpRealmURI,
 			"--openid-provider-timeout=120s",
-			"--listen=" + "0.0.0.0:" + portNum,
+			"--listen=" + allInterfaces + portNum,
 			"--client-id=" + umaTestClient,
 			"--client-secret=" + umaTestClientSecret,
 			"--no-redirects=false",
@@ -394,7 +394,7 @@ var _ = Describe("UMA Code Flow, NOPROXY authorization with method scope", func(
 			resp := codeFlowLogin(rClient, proxyAddress, http.StatusOK)
 			Expect(resp.Header().Get(constant.AuthorizationHeader)).ToNot(BeEmpty())
 
-			resp, err = rClient.R().Get(proxyAddress + "/oauth/logout")
+			resp, err = rClient.R().Get(proxyAddress + logoutURI)
 			Expect(err).NotTo(HaveOccurred())
 			Expect(resp.StatusCode()).To(Equal(http.StatusOK))
 

diff --git a/pkg/config/config.go b/pkg/config/config.go
@@ -19,9 +19,10 @@ import (
 	"github.com/gogatekeeper/gatekeeper/pkg/config/core"
 	googleconfig "github.com/gogatekeeper/gatekeeper/pkg/google/config"
 	keycloakconfig "github.com/gogatekeeper/gatekeeper/pkg/keycloak/config"
+	proxycore "github.com/gogatekeeper/gatekeeper/pkg/proxy/core"
 )
 
-func ProduceConfig(provider string) core.Configs {
+func ProduceConfig[T proxycore.KeycloakProvider | proxycore.GoogleProvider](provider T) core.Configs {
 	switch provider {
 	case "keycloak":
 		return keycloakconfig.NewDefaultConfig()