diff --git a/auth.go b/auth.go index d41c6eeb..05568356 100644 --- a/auth.go +++ b/auth.go @@ -257,8 +257,8 @@ func (s *Service) AddProvider(name, cid, csecret string) { s.authMiddleware.Providers = s.providers } -// AddDevProvider with a custom port -func (s *Service) AddDevProvider(port int) { +// AddDevProvider with a custom host and port +func (s *Service) AddDevProvider(host string, port int) { p := provider.Params{ URL: s.opts.URL, JwtService: s.jwtService, @@ -266,6 +266,7 @@ func (s *Service) AddDevProvider(port int) { AvatarSaver: s.avatarProxy, L: s.logger, Port: port, + Host: host, } s.providers = append(s.providers, provider.NewService(provider.NewDev(p))) } diff --git a/auth_test.go b/auth_test.go index 601cd92d..3edbb694 100644 --- a/auth_test.go +++ b/auth_test.go @@ -510,7 +510,7 @@ func prepService(t *testing.T) (svc *Service, teardown func()) { //nolint unpara } svc = NewService(options) - svc.AddDevProvider(18084) // add dev provider on 18084 + svc.AddDevProvider("localhost", 18084) // add dev provider on 18084 svc.AddProvider("github", "cid", "csec") // add github provider // add go-oauth2/oauth2 provider diff --git a/go.mod b/go.mod index 869e836d..919b7e67 100644 --- a/go.mod +++ b/go.mod @@ -8,7 +8,7 @@ require ( github.com/go-pkgz/repeater v1.1.3 github.com/go-pkgz/rest v1.14.0 github.com/golang-jwt/jwt v3.2.2+incompatible - github.com/microcosm-cc/bluemonday v1.0.18 + github.com/microcosm-cc/bluemonday v1.0.19 github.com/nullrocks/identicon v0.0.0-20180626043057-7875f45b0022 github.com/stretchr/testify v1.7.0 go.etcd.io/bbolt v1.3.6 diff --git a/go.sum b/go.sum index 8c21340d..6ceb3bf4 100644 --- a/go.sum +++ b/go.sum @@ -228,8 +228,8 @@ github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/mattn/go-colorable v0.1.7/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc= github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU= -github.com/microcosm-cc/bluemonday v1.0.18 h1:6HcxvXDAi3ARt3slx6nTesbvorIc3QeTzBNRvWktHBo= -github.com/microcosm-cc/bluemonday v1.0.18/go.mod h1:Z0r70sCuXHig8YpBzCc5eGHAap2K7e/u082ZUpDRRqM= +github.com/microcosm-cc/bluemonday v1.0.19 h1:OI7hoF5FY4pFz2VA//RN8TfM0YJ2dJcl4P4APrCWy6c= +github.com/microcosm-cc/bluemonday v1.0.19/go.mod h1:QNzV2UbLK2/53oIIwTOyLUSABMkjZ4tqiyC1g/DyqxE= github.com/montanaflynn/stats v0.0.0-20171201202039-1bf9dbcd8cbe/go.mod h1:wL8QJuTMNUDYhXwkmfOly8iTdp5TEcJFWZD2D7SIkUc= github.com/moul/http2curl v1.0.0 h1:dRMWoAtb+ePxMlLkrCbAqh4TlPHXvoGUSQ323/9Zahs= github.com/moul/http2curl v1.0.0/go.mod h1:8UbvGypXm98wA/IqH45anm5Y2Z6ep6O31QGOAZ3H0fQ= diff --git a/provider/dev_provider.go b/provider/dev_provider.go index 222c7ae7..d9e654f8 100644 --- a/provider/dev_provider.go +++ b/provider/dev_provider.go @@ -16,7 +16,10 @@ import ( "github.com/go-pkgz/auth/token" ) -const defDevAuthPort = 8084 +const ( + defDevAuthPort = 8084 + defDevAuthHost = "127.0.0.1" +) // DevAuthServer is a fake oauth server for development // it provides stand-alone server running on its own port and pretending to be the real oauth2. It also provides @@ -28,7 +31,6 @@ type DevAuthServer struct { Provider Oauth2Handler Automatic bool GetEmailFn func(string) string - username string // unsafe, but fine for dev httpServer *http.Server lock sync.Mutex @@ -39,6 +41,10 @@ func (d *DevAuthServer) Run(ctx context.Context) { // nolint (gocyclo) if d.Provider.Port == 0 { d.Provider.Port = defDevAuthPort } + if d.Provider.Host == "" { + d.Provider.Host = defDevAuthHost + } + d.username = "dev_user" d.Logf("[INFO] run local oauth2 dev server on %d, redirect url=%s", d.Provider.Port, d.Provider.conf.RedirectURL) d.lock.Lock() @@ -93,7 +99,7 @@ func (d *DevAuthServer) Run(ctx context.Context) { // nolint (gocyclo) } case strings.HasPrefix(r.URL.Path, "/user"): - ava := fmt.Sprintf("http://127.0.0.1:%d/avatar?user=%s", d.Provider.Port, d.username) + ava := fmt.Sprintf("http://%s:%d/avatar?user=%s", d.Provider.Host, d.Provider.Port, d.username) res := fmt.Sprintf(`{ "id": "%s", "name":"%s", @@ -165,14 +171,17 @@ func NewDev(p Params) Oauth2Handler { if p.Port == 0 { p.Port = defDevAuthPort } + if p.Host == "" { + p.Host = defDevAuthHost + } oh := initOauth2Handler(p, Oauth2Handler{ name: "dev", endpoint: oauth2.Endpoint{ - AuthURL: fmt.Sprintf("http://127.0.0.1:%d/login/oauth/authorize", p.Port), - TokenURL: fmt.Sprintf("http://127.0.0.1:%d/login/oauth/access_token", p.Port), + AuthURL: fmt.Sprintf("http://%s:%d/login/oauth/authorize", p.Host, p.Port), + TokenURL: fmt.Sprintf("http://%s:%d/login/oauth/access_token", p.Host, p.Port), }, scopes: []string{"user:email"}, - infoURL: fmt.Sprintf("http://127.0.0.1:%d/user", p.Port), + infoURL: fmt.Sprintf("http://%s:%d/user", p.Host, p.Port), mapUser: func(data UserData, _ []byte) token.User { userInfo := token.User{ ID: data.Value("id"), diff --git a/provider/oauth2.go b/provider/oauth2.go index d2c8dd7c..88ed4b67 100644 --- a/provider/oauth2.go +++ b/provider/oauth2.go @@ -40,7 +40,8 @@ type Params struct { Issuer string AvatarSaver AvatarSaver - Port int // relevant for providers supporting port customization, for example dev oauth2 + Port int // relevant for providers supporting port customization, for example dev oauth2 + Host string // relevant for providers supporting host customization, for example dev oauth2 } // UserData is type for user information returned from oauth2 providers /info API method