525edb188a
- Added a new blueprint for OIDC logout that invalidates the Authentik session and redirects to a specified landing page. - Introduced custom CSS and JS files for branding, improving the visual integration of Authentik flows. - Updated Nginx configuration to serve the new branding assets and handle specific routes for signup and password recovery. - Enhanced the flow completion logic to support OIDC bridge functionality, including session management and redirect handling. - Implemented unit tests for the new OIDC bridge and flow context functionalities to ensure reliability.
29 lines
837 B
Go
29 lines
837 B
Go
package middleware
|
|
|
|
import (
|
|
"net/http"
|
|
"strings"
|
|
)
|
|
|
|
// ForwardedHeaders sets r.URL.Scheme and r.URL.Host from reverse-proxy headers so
|
|
// chi RedirectSlashes and other absolute redirects use https behind Cloudflare/nginx.
|
|
func ForwardedHeaders(next http.Handler) http.Handler {
|
|
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
if proto := strings.TrimSpace(r.Header.Get("X-Forwarded-Proto")); proto != "" {
|
|
if i := strings.IndexByte(proto, ','); i >= 0 {
|
|
proto = strings.TrimSpace(proto[:i])
|
|
}
|
|
r.URL.Scheme = proto
|
|
}
|
|
if host := strings.TrimSpace(r.Header.Get("X-Forwarded-Host")); host != "" {
|
|
if i := strings.IndexByte(host, ','); i >= 0 {
|
|
host = strings.TrimSpace(host[:i])
|
|
}
|
|
r.URL.Host = host
|
|
} else if r.Host != "" {
|
|
r.URL.Host = r.Host
|
|
}
|
|
next.ServeHTTP(w, r)
|
|
})
|
|
}
|