Added basic oauth module structure (wip)

- Added struct for oauth - Added interception handler for Zoraxy SSO - Added user structure for SSO
2025-08-09 22:57:47 +02:00 · 2024-09-12 10:55:01 +08:00
parent 3392013a5c
commit 5c56da1180
21 changed files with 1644 additions and 13 deletions
--- a/src/mod/dynamicproxy/Server.go
+++ b/src/mod/dynamicproxy/Server.go
@@ -21,6 +21,7 @@ import (
 			- Blacklist
 			- Whitelist
 		- Rate Limitor
+		- SSO Auth
 		- Basic Auth
 		- Vitrual Directory Proxy
 		- Subdomain Proxy
@@ -77,7 +78,16 @@ func (h *ProxyHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 		if sep.RequireRateLimit {
 			err := h.handleRateLimitRouting(w, r, sep)
 			if err != nil {
-				h.Parent.Option.Logger.LogHTTPRequest(r, "host", 429)
+				h.Parent.Option.Logger.LogHTTPRequest(r, "host", 307)
+				return
+			}
+		}
+
+		//SSO Interception Mode
+		if sep.UseSSOIntercept {
+			allowPass := h.Parent.Option.SSOHandler.ServeForwardAuth(w, r)
+			if !allowPass {
+				h.Parent.Option.Logger.LogHTTPRequest(r, "sso-x", 307)
 				return
 			}
 		}
--- a/src/mod/dynamicproxy/typedef.go
+++ b/src/mod/dynamicproxy/typedef.go
@@ -7,6 +7,7 @@ import (
 	"sync"

 	"imuslab.com/zoraxy/mod/access"
+	"imuslab.com/zoraxy/mod/auth/sso"
 	"imuslab.com/zoraxy/mod/dynamicproxy/dpcore"
 	"imuslab.com/zoraxy/mod/dynamicproxy/loadbalance"
 	"imuslab.com/zoraxy/mod/dynamicproxy/permissionpolicy"
@@ -44,6 +45,7 @@ type RouterOption struct {
 	StatisticCollector *statistic.Collector      //Statistic collector for storing stats on incoming visitors
 	WebDirectory       string                    //The static web server directory containing the templates folder
 	LoadBalancer       *loadbalance.RouteManager //Load balancer that handle load balancing of proxy target
+	SSOHandler         *sso.SSOHandler           //SSO handler for handling SSO requests, interception mode only
 	Logger             *logger.Logger            //Logger for reverse proxy requets
 }

@@ -142,6 +144,7 @@ type ProxyEndpoint struct {
 	RequireBasicAuth        bool                      //Set to true to request basic auth before proxy
 	BasicAuthCredentials    []*BasicAuthCredentials   //Basic auth credentials
 	BasicAuthExceptionRules []*BasicAuthExceptionRule //Path to exclude in a basic auth enabled proxy target
+	UseSSOIntercept         bool                      //Allow SSO to intercept this endpoint and provide authentication via Oauth2 credentials

 	// Rate Limiting
 	RequireRateLimit bool