Automatically extract dstDomain from tgt
This commit is contained in:
parent
52ffc45d37
commit
bfc3192ef7
|
@ -6,4 +6,8 @@
|
||||||
<ImplicitUsings>enable</ImplicitUsings>
|
<ImplicitUsings>enable</ImplicitUsings>
|
||||||
</PropertyGroup>
|
</PropertyGroup>
|
||||||
|
|
||||||
|
<ItemGroup>
|
||||||
|
<PackageReference Include="Nager.PublicSuffix" Version="2.4.0" />
|
||||||
|
</ItemGroup>
|
||||||
|
|
||||||
</Project>
|
</Project>
|
||||||
|
|
|
@ -1,8 +1,11 @@
|
||||||
using System.Web;
|
using System.Web;
|
||||||
|
using Nager.PublicSuffix;
|
||||||
|
|
||||||
namespace AutheliaMultiDomainProxy.Backend;
|
namespace AutheliaMultiDomainProxy.Backend;
|
||||||
|
|
||||||
public class AuthHelpers {
|
public class AuthHelpers {
|
||||||
|
static DomainParser domainParser = new DomainParser(new WebTldRuleProvider());
|
||||||
|
|
||||||
public static (bool isAuthenticated, string? user) IsAuthenticated(IRequestCookieCollection cookies) {
|
public static (bool isAuthenticated, string? user) IsAuthenticated(IRequestCookieCollection cookies) {
|
||||||
if (!cookies.ContainsKey(Vars.CookieName))
|
if (!cookies.ContainsKey(Vars.CookieName))
|
||||||
return (false, null);
|
return (false, null);
|
||||||
|
@ -40,4 +43,8 @@ public class AuthHelpers {
|
||||||
var response = client.GetAsync($"http://127.0.0.1:9091/api/verify");
|
var response = client.GetAsync($"http://127.0.0.1:9091/api/verify");
|
||||||
return response.Result;
|
return response.Result;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public static string GetRootDomain(string url) {
|
||||||
|
return domainParser.Parse(new Uri(url).Host).RegistrableDomain;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -10,20 +10,18 @@ namespace AutheliaMultiDomainProxy.Controllers;
|
||||||
public class CookieProxyController : Controller {
|
public class CookieProxyController : Controller {
|
||||||
[Produces("text/html", "text/plain")]
|
[Produces("text/html", "text/plain")]
|
||||||
[Route("/api/cookieproxy_stage_one")]
|
[Route("/api/cookieproxy_stage_one")]
|
||||||
public IActionResult StageOne([FromQuery] string dstDomain, [FromQuery] string tgt) {
|
public IActionResult StageOne([FromQuery] string tgt) {
|
||||||
// Check if we are on the correct domain
|
// Check if we are on the correct domain
|
||||||
if (Request.Host.Host != $"{Vars.AuthProxySubdomain}.{Vars.UpstreamPrimaryDomain}")
|
if (Request.Host.Host != $"{Vars.AuthProxySubdomain}.{Vars.UpstreamPrimaryDomain}")
|
||||||
return StatusCode(StatusCodes.Status421MisdirectedRequest);
|
return StatusCode(StatusCodes.Status421MisdirectedRequest);
|
||||||
|
|
||||||
if (!Request.Cookies.ContainsKey("authelia_session")
|
var dstDomain = AuthHelpers.GetRootDomain(tgt);
|
||||||
|| string.IsNullOrWhiteSpace(dstDomain)
|
|
||||||
|| !Vars.PermittedDomains.Contains(dstDomain)
|
if (!Request.Cookies.ContainsKey("authelia_session") || string.IsNullOrWhiteSpace(tgt) || !Vars.PermittedDomains.Contains(dstDomain)) {
|
||||||
|| string.IsNullOrWhiteSpace(tgt)
|
|
||||||
|| !new Uri(tgt).Host.EndsWith(dstDomain)) {
|
|
||||||
return BadRequest("Bad request.");
|
return BadRequest("Bad request.");
|
||||||
}
|
}
|
||||||
|
|
||||||
var targetUrl = $"https://{Vars.AuthProxySubdomain}.{dstDomain}/api/cookieproxy_stage_two?dstDomain={HttpUtility.UrlEncode(dstDomain)}&tgt={HttpUtility.UrlEncode(tgt)}";
|
var targetUrl = $"https://{Vars.AuthProxySubdomain}.{dstDomain}/api/cookieproxy_stage_two?tgt={HttpUtility.UrlEncode(tgt)}";
|
||||||
return
|
return
|
||||||
Content($"Redirecting to cookie proxy (stage two) on the destination domain... <form method=\"POST\" action=\"{targetUrl}\"> <input type=\"hidden\" name=\"cookie\" value=\"{HttpUtility.HtmlEncode(Request.Cookies["authelia_session"])}\"><button type=\"submit\">Click here</button> if you are not redirected automatically</form><script>document.querySelector(\"form\").submit();</script>",
|
Content($"Redirecting to cookie proxy (stage two) on the destination domain... <form method=\"POST\" action=\"{targetUrl}\"> <input type=\"hidden\" name=\"cookie\" value=\"{HttpUtility.HtmlEncode(Request.Cookies["authelia_session"])}\"><button type=\"submit\">Click here</button> if you are not redirected automatically</form><script>document.querySelector(\"form\").submit();</script>",
|
||||||
"text/html");
|
"text/html");
|
||||||
|
@ -32,16 +30,14 @@ public class CookieProxyController : Controller {
|
||||||
[HttpPost]
|
[HttpPost]
|
||||||
[Produces("text/html", "text/plain")]
|
[Produces("text/html", "text/plain")]
|
||||||
[Route("/api/cookieproxy_stage_two")]
|
[Route("/api/cookieproxy_stage_two")]
|
||||||
public IActionResult StageTwo([FromQuery] string dstDomain, [FromQuery] string tgt, [FromForm] string cookie) {
|
public IActionResult StageTwo([FromQuery] string tgt, [FromForm] string cookie) {
|
||||||
// Check if we are on an allowed domain
|
// Check if we are on an allowed domain
|
||||||
if (Vars.PermittedDomains.All(p => Request.Host.Host != $"{Vars.AuthProxySubdomain}.{p}"))
|
if (Vars.PermittedDomains.All(p => Request.Host.Host != $"{Vars.AuthProxySubdomain}.{p}"))
|
||||||
return StatusCode(StatusCodes.Status421MisdirectedRequest);
|
return StatusCode(StatusCodes.Status421MisdirectedRequest);
|
||||||
|
|
||||||
if (string.IsNullOrWhiteSpace(dstDomain)
|
var dstDomain = AuthHelpers.GetRootDomain(tgt);
|
||||||
|| !Vars.PermittedDomains.Contains(dstDomain)
|
|
||||||
|| string.IsNullOrWhiteSpace(cookie)
|
if (string.IsNullOrWhiteSpace(tgt) || !Vars.PermittedDomains.Contains(dstDomain) || string.IsNullOrWhiteSpace(cookie)) {
|
||||||
|| string.IsNullOrWhiteSpace(tgt)
|
|
||||||
|| !new Uri(tgt).Host.EndsWith(dstDomain)) {
|
|
||||||
return BadRequest("Bad request.");
|
return BadRequest("Bad request.");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -7,14 +7,16 @@ namespace AutheliaMultiDomainProxy.Controllers;
|
||||||
[Controller]
|
[Controller]
|
||||||
[Route("/api/redirect")]
|
[Route("/api/redirect")]
|
||||||
public class RedirectController : Controller {
|
public class RedirectController : Controller {
|
||||||
public IActionResult Get([FromQuery] string dstDomain, [FromQuery] string tgt) {
|
public IActionResult Get([FromQuery] string tgt) {
|
||||||
// Check if we are on an allowed domain
|
// Check if we are on an allowed domain
|
||||||
if (!Vars.PermittedDomains.Any(p => Request.Host.Host.EndsWith($".{p}"))) {
|
if (!Vars.PermittedDomains.Any(p => Request.Host.Host.EndsWith($".{p}"))) {
|
||||||
Response.StatusCode = 421;
|
Response.StatusCode = 421;
|
||||||
return StatusCode(StatusCodes.Status421MisdirectedRequest);
|
return StatusCode(StatusCodes.Status421MisdirectedRequest);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (string.IsNullOrWhiteSpace(dstDomain) || !Vars.PermittedDomains.Contains(dstDomain) || string.IsNullOrWhiteSpace(tgt) || !new Uri(tgt).Host.EndsWith(dstDomain)) {
|
var dstDomain = AuthHelpers.GetRootDomain(tgt);
|
||||||
|
|
||||||
|
if (string.IsNullOrWhiteSpace(tgt) || !Vars.PermittedDomains.Contains(dstDomain)) {
|
||||||
Response.StatusCode = StatusCodes.Status421MisdirectedRequest;
|
Response.StatusCode = StatusCodes.Status421MisdirectedRequest;
|
||||||
return BadRequest("Bad request.");
|
return BadRequest("Bad request.");
|
||||||
}
|
}
|
||||||
|
|
|
@ -32,6 +32,6 @@
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
<p>You are currently <span class="badge bg-danger">not authenticated</span></p>
|
<p>You are currently <span class="badge bg-danger">not authenticated</span></p>
|
||||||
<a href="https://@Vars.AutheliaSubdomain.@Vars.UpstreamPrimaryDomain/?rd=@HttpUtility.UrlEncode($"https://{Vars.AuthProxySubdomain}.{Vars.UpstreamPrimaryDomain}/api/cookieproxy_stage_one?dstDomain={Request.Host.Host.Replace($"{Vars.AuthProxySubdomain}.", "")}&tgt=https://{Request.Host.Host}")" class="btn btn-success">Log in</a>
|
<a href="https://@Vars.AutheliaSubdomain.@Vars.UpstreamPrimaryDomain/?rd=@HttpUtility.UrlEncode($"https://{Vars.AuthProxySubdomain}.{Vars.UpstreamPrimaryDomain}/api/cookieproxy_stage_one?tgt=https://{Request.Host.Host}")" class="btn btn-success">Log in</a>
|
||||||
}
|
}
|
||||||
</div>
|
</div>
|
||||||
|
|
Loading…
Reference in a new issue