summaryrefslogtreecommitdiff
path: root/app/middleware
AgeCommit message (Collapse)Author
2025-05-28chore: do not forward sensitive headers to Sparklemo khan
2025-05-28chore: rename headers from x-id-jwt to x-jwtmo khan
2025-05-28chore: remove logging of sensitive fieldsmo khan
2025-05-28refactor: always provide a user in the request contextmo khan
2025-05-28refactor: delete jwt verification codemo khan
2025-05-28refactor: parse headers injected by envoymo khan
2025-05-28refactor: extract type to parse user from http.Requestmo khan
2025-05-28refactor: extract RequestParser typemo khan
2025-05-26fix: do not clear id_token cookie on errormo khan
2025-05-26refactor: parse id token from custom x-jwt-payload headermo khan
2025-05-24chore: log the sub claim from the envoy headermo khan
2025-05-24feat: create middleware to check if user has permissionmo khan
2025-05-23feat: parse the body of the id tokenmo khan
2025-05-23feat: add external authorization service (authzd) with JWT authenticationmo khan
- Add new authzd gRPC service implementing Envoy's external authorization API - Integrate JWT authentication filter in Envoy configuration with claim extraction - Update middleware to support both cookie-based and header-based user authentication - Add comprehensive test coverage for authorization service and server - Configure proper service orchestration with authzd, sparkled, and Envoy - Update build system and Docker configuration for multi-service deployment - Add grpcurl tool for gRPC service debugging and testing This enables fine-grained authorization control through Envoy's ext_authz filter while maintaining backward compatibility with existing cookie-based authentication.
2025-05-15refactor: decouple from oauth configmo khan
2025-05-15refactor: rename TestServer to OIDCServermo khan
2025-05-15refactor: allow cookie parser to accept cookie namemo khan
2025-05-15refactor: inline usage of RawToken typemo khan
2025-05-15refactor: remove more types from oidc packagemo khan
2025-05-15refactor: remove oidc.OpenID structmo khan
2025-05-15refactor: provide oauth config to oidc.Newmo khan
2025-05-15refactor: inline usage of validate id tokenmo khan
2025-05-14refactor: remove unnecessary params from ctormo khan
2025-05-14feat: provider a fallback provider that defaults to hard-coded pathsmo khan
2025-05-11refactor: use same cookie names as envoy pluginmo khan
2025-05-08feat: use a cookie prefix to lock down the session cookiemo khan
> __Host-: If a cookie name has this prefix, it's accepted in a > Set-Cookie header only if it's also marked with the Secure attribute, > was sent from a secure origin, does not include a Domain attribute, > and has the Path attribute set to /. In other words, the cookie is > domain-locked. https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Cookies#cookie_prefixes
2025-05-08chore: add link to 404 issuemo khan
2025-05-07refactor: use Mapper typemo khan
2025-05-07refactor: provide context to repository to apply timeoutmo khan
2025-05-07feat: digitally sign and verify cookie using randomly generated keymo khan
2025-05-07refactor: move test server to oidc packagemo khan
2025-05-07refactor: extract helper to log errors consistentlymo khan
2025-05-07refactor: move cookie to web packagemo khan
2025-04-30fix: strict same site mode breaks redirectsmo khan
2025-04-30refactor: delegate to cookie.Reset to overload with optionsmo khan
2025-04-30refactor: extract Option[T] and cleaner API for creating cookiesmo khan
2025-04-28refactor: extract method to validate id tokenmo khan
2025-04-28feat: use htmx to render partialsmo khan
2025-04-28refactor: add predicate to check if user is logged inmo khan
2025-04-28fix: render 404 when not logged inmo khan
2025-04-25refactor: move key pacakge to cfgmo khan
2025-04-25refactor: move db and mountable to appmo khan
generated by cgit v1.2.3 (git 2.39.1) at 2026-02-02 18:46:49 +0000