From 10aa9c138327944853519fd752149a8f22b50b78 Mon Sep 17 00:00:00 2001 From: Pavol Ipoth Date: Tue, 17 Dec 2024 23:17:39 +0100 Subject: [PATCH 1/4] Fix gocritic lints --- .golangci.yml | 1 - pkg/authorization/external_keycloak.go | 4 ++-- pkg/keycloak/proxy/handlers.go | 4 ++-- pkg/keycloak/proxy/middleware.go | 2 +- pkg/keycloak/proxy/server.go | 2 +- pkg/proxy/middleware/oauth.go | 4 ++-- pkg/utils/token.go | 15 +-------------- 7 files changed, 9 insertions(+), 23 deletions(-) diff --git a/.golangci.yml b/.golangci.yml index 312cf78f7..4eb0bbcb8 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -23,7 +23,6 @@ linters: - ireturn - maintidx - wrapcheck - - gocritic - gci - gofumpt - nlreturn diff --git a/pkg/authorization/external_keycloak.go b/pkg/authorization/external_keycloak.go index 9b1736b36..460b7bb82 100644 --- a/pkg/authorization/external_keycloak.go +++ b/pkg/authorization/external_keycloak.go @@ -26,7 +26,7 @@ func NewKeycloakAuthorizationProvider( targetPath string, idpClient *gocloak.GoCloak, idpTimeout time.Duration, - PAT string, + pat string, realm string, methodScope *string, ) Provider { @@ -35,7 +35,7 @@ func NewKeycloakAuthorizationProvider( targetPath: targetPath, idpClient: idpClient, idpTimeout: idpTimeout, - pat: PAT, + pat: pat, realm: realm, methodScope: methodScope, } diff --git a/pkg/keycloak/proxy/handlers.go b/pkg/keycloak/proxy/handlers.go index 760e8a9fa..ef1ce3da9 100644 --- a/pkg/keycloak/proxy/handlers.go +++ b/pkg/keycloak/proxy/handlers.go @@ -648,7 +648,7 @@ func logoutHandler( cookManager *cookie.Manager, httpClient *http.Client, accessError func(wrt http.ResponseWriter, req *http.Request) context.Context, - GetIdentity func(req *http.Request, tokenCookie string, tokenHeader string) (*models.UserContext, error), + getIdentity func(req *http.Request, tokenCookie string, tokenHeader string) (*models.UserContext, error), ) func(wrt http.ResponseWriter, req *http.Request) { return func(writer http.ResponseWriter, req *http.Request) { // @check if the redirection is there @@ -680,7 +680,7 @@ func logoutHandler( } // @step: drop the access token - user, err := GetIdentity(req, cookieAccessName, "") + user, err := getIdentity(req, cookieAccessName, "") if err != nil { accessError(writer, req) return diff --git a/pkg/keycloak/proxy/middleware.go b/pkg/keycloak/proxy/middleware.go index e7f6435c4..2a95a09d4 100644 --- a/pkg/keycloak/proxy/middleware.go +++ b/pkg/keycloak/proxy/middleware.go @@ -203,7 +203,7 @@ func authorizationMiddleware( } } - switch true { + switch { case errors.Is(err, apperrors.ErrPermissionNotInToken): scope.Logger.Info(apperrors.ErrPermissionNotInToken.Error()) case errors.Is(err, apperrors.ErrResourceRetrieve): diff --git a/pkg/keycloak/proxy/server.go b/pkg/keycloak/proxy/server.go index 86e19b191..305a53de9 100644 --- a/pkg/keycloak/proxy/server.go +++ b/pkg/keycloak/proxy/server.go @@ -1176,7 +1176,7 @@ func (r *OauthProxy) createHTTPListener(config listenerConfig) (net.Listener, er if listener, err = net.Listen("unix", socket); err != nil { return nil, err } - } else { //nolint:gocritic + } else { if listener, err = net.Listen("tcp", config.listen); err != nil { return nil, err } diff --git a/pkg/proxy/middleware/oauth.go b/pkg/proxy/middleware/oauth.go index 44852a4af..f1858ae8e 100644 --- a/pkg/proxy/middleware/oauth.go +++ b/pkg/proxy/middleware/oauth.go @@ -94,7 +94,7 @@ func AuthenticationMiddleware( redirectToAuthorization(wrt, req) return } - } else { //nolint:gocritic + } else { _, err := utils.VerifyToken( ctx, provider, @@ -184,7 +184,7 @@ func AuthenticationMiddleware( newAccToken, newRawAccToken, newRefreshToken, accessExpiresAt, refreshExpiresIn, err := utils.GetRefreshedToken(ctx, conf, httpClient, refresh) if err != nil { - switch true { + switch { case errors.Is(err, apperrors.ErrRefreshTokenExpired): lLog.Warn("refresh token has expired, cannot retrieve access token") cookMgr.ClearAllCookies(req.WithContext(ctx), wrt) diff --git a/pkg/utils/token.go b/pkg/utils/token.go index 0f00c1a28..69ed94507 100644 --- a/pkg/utils/token.go +++ b/pkg/utils/token.go @@ -168,8 +168,6 @@ func GetRefreshedToken( } // CheckClaim checks whether claim in userContext matches claimName, match. It can be String or Strings claim. -// -//nolint:cyclop func CheckClaim( logger *zap.Logger, user *models.UserContext, @@ -190,14 +188,8 @@ func CheckClaim( return false } - switch user.Claims[claimName].(type) { + switch claims := user.Claims[claimName].(type) { case []interface{}: - claims, assertOk := user.Claims[claimName].([]interface{}) - if !assertOk { - logger.Error(apperrors.ErrAssertionFailed.Error()) - return false - } - for _, v := range claims { value, ok := v.(string) if !ok { @@ -226,11 +218,6 @@ func CheckClaim( return false case string: - claims, assertOk := user.Claims[claimName].(string) - if !assertOk { - logger.Error(apperrors.ErrAssertionFailed.Error()) - return false - } if match.MatchString(claims) { return true } From dbd919171f118964508f41914cd04efb2dd05048 Mon Sep 17 00:00:00 2001 From: Pavol Ipoth Date: Tue, 17 Dec 2024 23:33:31 +0100 Subject: [PATCH 2/4] Fix test helper lint --- .golangci.yml | 1 - pkg/config/core/core.go | 1 + pkg/encryption/rotation_test.go | 1 + pkg/testsuite/cookies_test.go | 6 ++++++ pkg/testsuite/fake_proxy.go | 1 + pkg/testsuite/handlers_test.go | 6 ++++++ pkg/testsuite/middleware_test.go | 1 + pkg/testsuite/misc_test.go | 1 + pkg/testsuite/server_test.go | 7 +++++++ 9 files changed, 24 insertions(+), 1 deletion(-) diff --git a/.golangci.yml b/.golangci.yml index 4eb0bbcb8..3d535eb0f 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -19,7 +19,6 @@ linters: enable-all: true disable: - depguard - - thelper - ireturn - maintidx - wrapcheck diff --git a/pkg/config/core/core.go b/pkg/config/core/core.go index b8de9f623..59c4b0423 100644 --- a/pkg/config/core/core.go +++ b/pkg/config/core/core.go @@ -33,6 +33,7 @@ type Configs interface { type CommonConfig struct{} func WriteFakeConfigFile(t *testing.T, content string) *os.File { + t.Helper() file, err := os.CreateTemp("", "node_label_file") if err != nil { t.Fatalf("unexpected error creating node_label_file: %v", err) diff --git a/pkg/encryption/rotation_test.go b/pkg/encryption/rotation_test.go index c5bd21688..9a1aa9d50 100644 --- a/pkg/encryption/rotation_test.go +++ b/pkg/encryption/rotation_test.go @@ -34,6 +34,7 @@ const ( ) func newTestCertificateRotator(t *testing.T) *CertificationRotation { + t.Helper() counter := prometheus.NewCounter( prometheus.CounterOpts{ Name: "proxy_certificate_rotation_total", diff --git a/pkg/testsuite/cookies_test.go b/pkg/testsuite/cookies_test.go index 60d69623f..61dd36de8 100644 --- a/pkg/testsuite/cookies_test.go +++ b/pkg/testsuite/cookies_test.go @@ -320,6 +320,7 @@ func TestCustomCookieNames(t *testing.T) { ExpectedCode: http.StatusOK, ExpectedLoginCookiesValidator: map[string]func(*testing.T, *config.Config, string) bool{ customStateName: func(t *testing.T, _ *config.Config, value string) bool { + t.Helper() return assert.NotEqual(t, "", value) }, }, @@ -343,6 +344,7 @@ func TestCustomCookieNames(t *testing.T) { ExpectedCode: http.StatusOK, ExpectedLoginCookiesValidator: map[string]func(*testing.T, *config.Config, string) bool{ customAccessName: func(t *testing.T, _ *config.Config, value string) bool { + t.Helper() return assert.NotEqual(t, "", value) }, }, @@ -368,6 +370,7 @@ func TestCustomCookieNames(t *testing.T) { ExpectedCode: http.StatusOK, ExpectedLoginCookiesValidator: map[string]func(*testing.T, *config.Config, string) bool{ customRefreshName: func(t *testing.T, _ *config.Config, value string) bool { + t.Helper() return assert.NotEqual(t, "", value) }, }, @@ -392,6 +395,7 @@ func TestCustomCookieNames(t *testing.T) { ExpectedCode: http.StatusOK, ExpectedLoginCookiesValidator: map[string]func(*testing.T, *config.Config, string) bool{ customRedirectName: func(t *testing.T, _ *config.Config, value string) bool { + t.Helper() return assert.NotEqual(t, "", value) }, }, @@ -418,6 +422,7 @@ func TestCustomCookieNames(t *testing.T) { ExpectedCode: http.StatusOK, ExpectedLoginCookiesValidator: map[string]func(*testing.T, *config.Config, string) bool{ customPKCEName: func(t *testing.T, _ *config.Config, value string) bool { + t.Helper() return assert.NotEqual(t, "", value) }, }, @@ -445,6 +450,7 @@ func TestCustomCookieNames(t *testing.T) { ExpectedCode: http.StatusOK, ExpectedLoginCookiesValidator: map[string]func(*testing.T, *config.Config, string) bool{ customIDTokenName: func(t *testing.T, _ *config.Config, value string) bool { + t.Helper() return assert.NotEqual(t, "", value) }, }, diff --git a/pkg/testsuite/fake_proxy.go b/pkg/testsuite/fake_proxy.go index ca9ad0d86..78708a149 100644 --- a/pkg/testsuite/fake_proxy.go +++ b/pkg/testsuite/fake_proxy.go @@ -135,6 +135,7 @@ func (f *fakeProxy) getServiceURL() string { // //nolint:gocyclo,funlen,cyclop func (f *fakeProxy) RunTests(t *testing.T, requests []fakeRequest) { + t.Helper() defer func() { f.idp.Close() f.proxy.Server.Close() diff --git a/pkg/testsuite/handlers_test.go b/pkg/testsuite/handlers_test.go index 7558f9e9d..984f01029 100644 --- a/pkg/testsuite/handlers_test.go +++ b/pkg/testsuite/handlers_test.go @@ -460,6 +460,7 @@ func TestTokenEncryptionLoginHandler(t *testing.T) { ExpectedCookies: map[string]string{cfg.CookieAccessName: ""}, ExpectedCookiesValidator: map[string]func(*testing.T, *config.Config, string) bool{ cfg.CookieAccessName: func(t *testing.T, _ *config.Config, rawToken string) bool { + t.Helper() token, err := jwt.ParseSigned(rawToken, constant.SignatureAlgs[:]) if err != nil { return false @@ -511,6 +512,7 @@ func TestTokenEncryptionLoginHandler(t *testing.T) { }, ExpectedCookiesValidator: map[string]func(*testing.T, *config.Config, string) bool{ cfg.CookieAccessName: func(t *testing.T, _ *config.Config, rawToken string) bool { + t.Helper() token, err := jwt.ParseSigned(rawToken, constant.SignatureAlgs[:]) if err != nil { return false @@ -970,6 +972,7 @@ func TestAuthorizationURL(t *testing.T) { ExpectedLocation: "test=yes", ExpectedHeadersValidator: map[string]func(*testing.T, *config.Config, string){ "Location": func(t *testing.T, _ *config.Config, value string) { + t.Helper() assert.NotContains(t, value, "test1=test") }, }, @@ -1008,6 +1011,7 @@ func TestAuthorizationURL(t *testing.T) { Redirects: true, ExpectedHeadersValidator: map[string]func(*testing.T, *config.Config, string){ "Location": func(t *testing.T, _ *config.Config, value string) { + t.Helper() assert.Contains(t, value, "test1=test") assert.Contains(t, value, "test=yes") }, @@ -1034,6 +1038,7 @@ func TestAuthorizationURL(t *testing.T) { Redirects: true, ExpectedHeadersValidator: map[string]func(*testing.T, *config.Config, string){ "Location": func(t *testing.T, _ *config.Config, value string) { + t.Helper() assert.Contains(t, value, "test1=test") assert.Contains(t, value, "test=yes") }, @@ -1060,6 +1065,7 @@ func TestAuthorizationURL(t *testing.T) { Redirects: true, ExpectedHeadersValidator: map[string]func(*testing.T, *config.Config, string){ "Location": func(t *testing.T, _ *config.Config, value string) { + t.Helper() assert.Contains(t, value, "test1=test") assert.Contains(t, value, "test=yes") }, diff --git a/pkg/testsuite/middleware_test.go b/pkg/testsuite/middleware_test.go index e1e9903c8..a1c5f66d0 100644 --- a/pkg/testsuite/middleware_test.go +++ b/pkg/testsuite/middleware_test.go @@ -1643,6 +1643,7 @@ func delay(no int, _ *resty.Request, _ *resty.Response) { } func checkAccessTokenEncryption(t *testing.T, cfg *config.Config, value string) bool { + t.Helper() rawToken, err := encryption.DecodeText(value, cfg.EncryptionKey) if err != nil { diff --git a/pkg/testsuite/misc_test.go b/pkg/testsuite/misc_test.go index 45b984549..6c896b8f4 100644 --- a/pkg/testsuite/misc_test.go +++ b/pkg/testsuite/misc_test.go @@ -82,6 +82,7 @@ func TestRedirectToAuthorizationSkipToken(t *testing.T) { } func assertAlmostEquals(t *testing.T, expected time.Duration, actual time.Duration) { + t.Helper() delta := expected - actual if delta < 0 { delta = -delta diff --git a/pkg/testsuite/server_test.go b/pkg/testsuite/server_test.go index d8cbad29c..f5271e361 100644 --- a/pkg/testsuite/server_test.go +++ b/pkg/testsuite/server_test.go @@ -103,6 +103,7 @@ func TestReverseProxyHeaders(t *testing.T) { }, ExpectedProxyHeadersValidator: map[string]func(*testing.T, *config.Config, string){ "X-Auth-Token": func(t *testing.T, c *config.Config, value string) { + t.Helper() assert.Equal(t, jwt, value) assert.False(t, checkAccessTokenEncryption(t, c, value)) }, @@ -139,6 +140,7 @@ func TestAuthTokenHeader(t *testing.T) { ExpectedCode: http.StatusOK, ExpectedProxyHeadersValidator: map[string]func(*testing.T, *config.Config, string){ "X-Auth-Token": func(t *testing.T, c *config.Config, value string) { + t.Helper() _, err := jwt.ParseSigned(value, constant.SignatureAlgs[:]) require.NoError(t, err, "Problem parsing X-Auth-Token") assert.False(t, checkAccessTokenEncryption(t, c, value)) @@ -150,6 +152,7 @@ func TestAuthTokenHeader(t *testing.T) { ExpectedProxy: true, ExpectedProxyHeadersValidator: map[string]func(*testing.T, *config.Config, string){ "X-Auth-Token": func(t *testing.T, c *config.Config, value string) { + t.Helper() _, err := jwt.ParseSigned(value, constant.SignatureAlgs[:]) require.NoError(t, err, "Problem parsing X-Auth-Token") assert.False(t, checkAccessTokenEncryption(t, c, value)) @@ -176,6 +179,7 @@ func TestAuthTokenHeader(t *testing.T) { ExpectedCode: http.StatusOK, ExpectedProxyHeadersValidator: map[string]func(*testing.T, *config.Config, string){ "X-Auth-Token": func(t *testing.T, c *config.Config, value string) { + t.Helper() _, err := jwt.ParseSigned(value, constant.SignatureAlgs[:]) require.NoError(t, err, "Problem parsing X-Auth-Token") assert.False(t, checkAccessTokenEncryption(t, c, value)) @@ -187,6 +191,7 @@ func TestAuthTokenHeader(t *testing.T) { ExpectedProxy: true, ExpectedProxyHeadersValidator: map[string]func(*testing.T, *config.Config, string){ "X-Auth-Token": func(t *testing.T, c *config.Config, value string) { + t.Helper() _, err := jwt.ParseSigned(value, constant.SignatureAlgs[:]) require.NoError(t, err, "Problem parsing X-Auth-Token") assert.False(t, checkAccessTokenEncryption(t, c, value)) @@ -1585,6 +1590,7 @@ func TestXForwarded(t *testing.T) { ExpectedProxy: true, ExpectedProxyHeadersValidator: map[string]func(*testing.T, *config.Config, string){ constant.HeaderXForwardedHost: func(t *testing.T, _ *config.Config, value string) { + t.Helper() assert.Contains(t, value, "127.0.0.1") }, }, @@ -1622,6 +1628,7 @@ func TestXForwarded(t *testing.T) { ExpectedProxy: true, ExpectedProxyHeadersValidator: map[string]func(*testing.T, *config.Config, string){ "X-Forwarded-Host": func(t *testing.T, _ *config.Config, value string) { + t.Helper() assert.Contains(t, value, "127.0.0.1") }, }, From af4d091663ddc5a33652c3947dbee108505fa2df Mon Sep 17 00:00:00 2001 From: Pavol Ipoth Date: Wed, 18 Dec 2024 00:05:05 +0100 Subject: [PATCH 3/4] Fix dot linter --- .golangci.yml | 1 - pkg/apperrors/apperrors.go | 2 +- pkg/authorization/resource.go | 10 ++++---- pkg/constant/constant.go | 4 ++-- pkg/encryption/rotation.go | 8 +++---- pkg/encryption/self_signed.go | 14 +++++------ pkg/encryption/text_encryption.go | 8 +++---- pkg/google/config/config.go | 8 ++----- pkg/keycloak/config/config.go | 8 ++----- pkg/keycloak/proxy/forwarding.go | 2 +- pkg/keycloak/proxy/misc.go | 2 +- pkg/keycloak/proxy/server.go | 20 ++++++++-------- pkg/proxy/cookie/cookies.go | 40 +++++++++++++++---------------- pkg/proxy/core/core.go | 2 -- pkg/proxy/core/helpers.go | 4 ++-- pkg/proxy/core/template.go | 3 +-- pkg/proxy/handlers/handlers.go | 16 ++++++------- pkg/proxy/middleware/base.go | 14 ++++------- pkg/proxy/middleware/security.go | 4 ++-- pkg/proxy/models/models.go | 2 +- pkg/proxy/models/rest.go | 2 +- pkg/proxy/models/user.go | 8 +++---- pkg/proxy/session/token.go | 18 +++++++------- pkg/storage/storage.go | 4 ++-- pkg/storage/store_redis.go | 14 +++++------ pkg/testsuite/fake_authserver.go | 8 +------ pkg/testsuite/fake_upstream.go | 4 ++-- pkg/testsuite/middleware_test.go | 2 +- pkg/utils/token.go | 2 -- pkg/utils/utils.go | 32 +++++++++---------------- 30 files changed, 116 insertions(+), 150 deletions(-) diff --git a/.golangci.yml b/.golangci.yml index 3d535eb0f..669530afc 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -42,5 +42,4 @@ linters: # TODO: Revisit after the refactor - gocognit - testpackage - - godot - nestif diff --git a/pkg/apperrors/apperrors.go b/pkg/apperrors/apperrors.go index b3bdf1868..d7e5628b8 100644 --- a/pkg/apperrors/apperrors.go +++ b/pkg/apperrors/apperrors.go @@ -83,7 +83,7 @@ var ( ErrStartRedirectHTTP = errors.New("failed to start http redirect service") ErrStartAdminHTTP = errors.New("failed to start admin service") - // config errors + // config errors. ErrNoRedirectsWithEnableRefreshTokensInvalid = errors.New("no-redirects true cannot be enabled with refresh tokens") ErrInvalidPostLoginRedirectPath = errors.New("post login redirect path invalid, should be only path not absolute url (no hostname, scheme)") diff --git a/pkg/authorization/resource.go b/pkg/authorization/resource.go index 0e74f24d5..40f21be54 100644 --- a/pkg/authorization/resource.go +++ b/pkg/authorization/resource.go @@ -25,7 +25,7 @@ import ( "github.com/gogatekeeper/gatekeeper/pkg/utils" ) -// Resource represents a url resource to protect +// Resource represents a url resource to protect. type Resource struct { // URL the url for the resource URL string `json:"uri" yaml:"uri"` @@ -171,22 +171,22 @@ func (r *Resource) Valid() error { return nil } -// GetRoles returns a list of roles for this resource +// GetRoles returns a list of roles for this resource. func (r Resource) GetRoles() string { return strings.Join(r.Roles, ",") } -// GetAcr returns a list of authentication levels for this resource +// GetAcr returns a list of authentication levels for this resource. func (r Resource) GetAcr() string { return strings.Join(r.Acr, ",") } -// GetHeaders returns a list of headers for this resource +// GetHeaders returns a list of headers for this resource. func (r Resource) GetHeaders() string { return strings.Join(r.Headers, ",") } -// String returns a string representation of the resource +// String returns a string representation of the resource. func (r Resource) String() string { if r.WhiteListed { return fmt.Sprintf("uri: %s, white-listed", r.URL) diff --git a/pkg/constant/constant.go b/pkg/constant/constant.go index 6110014ee..d57521166 100644 --- a/pkg/constant/constant.go +++ b/pkg/constant/constant.go @@ -42,7 +42,7 @@ const ( IDTokenCookie = "id_token" UMACookie = "uma_token" // case is like this because go net package canonicalizes it - // to this form, see net package + // to this form, see net package. UMAHeader = "X-Uma-Token" UnsecureScheme = "http" SecureScheme = "https" @@ -62,7 +62,7 @@ const ( DurationType = "time.Duration" - // SameSite cookie config options + // SameSite cookie config options. SameSiteStrict = "Strict" SameSiteLax = "Lax" SameSiteNone = "None" diff --git a/pkg/encryption/rotation.go b/pkg/encryption/rotation.go index b77c4b9b6..65b27db0d 100644 --- a/pkg/encryption/rotation.go +++ b/pkg/encryption/rotation.go @@ -40,7 +40,7 @@ type CertificationRotation struct { rotationMetric *prometheus.Counter } -// newCertificateRotator creates a new certificate +// newCertificateRotator creates a new certificate. func NewCertificateRotator(cert, key string, log *zap.Logger, metric *prometheus.Counter) (*CertificationRotation, error) { // step: attempt to load the certificate certificate, err := tls.LoadX509KeyPair(cert, key) @@ -59,7 +59,7 @@ func NewCertificateRotator(cert, key string, log *zap.Logger, metric *prometheus }, nil } -// watch is responsible for adding a file notification and watch on the files for changes +// watch is responsible for adding a file notification and watch on the files for changes. func (c *CertificationRotation) Watch() error { c.log.Info( "adding a file watch on the certificates, certificate", @@ -115,7 +115,7 @@ func (c *CertificationRotation) Watch() error { return nil } -// storeCertificate provides entrypoint to update the certificate +// storeCertificate provides entrypoint to update the certificate. func (c *CertificationRotation) storeCertificate(certifacte tls.Certificate) error { c.Lock() defer c.Unlock() @@ -124,7 +124,7 @@ func (c *CertificationRotation) storeCertificate(certifacte tls.Certificate) err return nil } -// GetCertificate is responsible for retrieving +// GetCertificate is responsible for retrieving. func (c *CertificationRotation) GetCertificate(_ *tls.ClientHelloInfo) (*tls.Certificate, error) { c.RLock() defer c.RUnlock() diff --git a/pkg/encryption/self_signed.go b/pkg/encryption/self_signed.go index 4f568f31b..e84c97cdf 100644 --- a/pkg/encryption/self_signed.go +++ b/pkg/encryption/self_signed.go @@ -51,7 +51,7 @@ type SelfSignedCertificate struct { cancel context.CancelFunc } -// newSelfSignedCertificate creates and returns a self signed certificate manager +// newSelfSignedCertificate creates and returns a self signed certificate manager. func NewSelfSignedCertificate(hostnames []string, expiry time.Duration, log *zap.Logger) (*SelfSignedCertificate, error) { if len(hostnames) == 0 { return nil, apperrors.ErrCertSelfNoHostname @@ -99,7 +99,7 @@ func NewSelfSignedCertificate(hostnames []string, expiry time.Duration, log *zap return svc, nil } -// rotate is responsible for rotation the certificate +// rotate is responsible for rotation the certificate. func (c *SelfSignedCertificate) rotate(ctx context.Context) error { go func() { c.log.Info("starting the self-signed certificate rotation", @@ -136,12 +136,12 @@ func (c *SelfSignedCertificate) rotate(ctx context.Context) error { } // Deprecated:unused -// close is used to shutdown resources +// close is used to shutdown resources. func (c *SelfSignedCertificate) close() { c.cancel() } -// updateCertificate is responsible for update the certificate +// updateCertificate is responsible for update the certificate. func (c *SelfSignedCertificate) updateCertificate(cert tls.Certificate) { c.Lock() defer c.Unlock() @@ -149,7 +149,7 @@ func (c *SelfSignedCertificate) updateCertificate(cert tls.Certificate) { c.certificate = cert } -// GetCertificate is responsible for retrieving +// GetCertificate is responsible for retrieving. func (c *SelfSignedCertificate) GetCertificate(_ *tls.ClientHelloInfo) (*tls.Certificate, error) { c.RLock() defer c.RUnlock() @@ -157,7 +157,7 @@ func (c *SelfSignedCertificate) GetCertificate(_ *tls.ClientHelloInfo) (*tls.Cer return &c.certificate, nil } -// createCertificate is responsible for creating a certificate +// createCertificate is responsible for creating a certificate. func CreateCertificate(key *ed25519.PrivateKey, hostnames []string, expire time.Duration) (tls.Certificate, error) { // @step: create a serial for the certificate serial, err := rand.Int(rand.Reader, new(big.Int).Lsh(big.NewInt(1), constant.SelfSignedMaxSerialBits)) @@ -208,7 +208,7 @@ func CreateCertificate(key *ed25519.PrivateKey, hostnames []string, expire time. return tls.X509KeyPair(certPEM, keyPEM) } -// loadCA loads the certificate authority +// loadCA loads the certificate authority. func LoadCA(cert, key string) (*tls.Certificate, error) { caCert, err := os.ReadFile(cert) diff --git a/pkg/encryption/text_encryption.go b/pkg/encryption/text_encryption.go index 4c94e53ec..2fa18e32f 100644 --- a/pkg/encryption/text_encryption.go +++ b/pkg/encryption/text_encryption.go @@ -11,7 +11,7 @@ import ( "github.com/gogatekeeper/gatekeeper/pkg/apperrors" ) -// encryptDataBlock encrypts the plaintext string with the key +// encryptDataBlock encrypts the plaintext string with the key. func EncryptDataBlock(plaintext, key []byte) ([]byte, error) { block, err := aes.NewCipher(key) @@ -34,7 +34,7 @@ func EncryptDataBlock(plaintext, key []byte) ([]byte, error) { return gcm.Seal(nonce, nonce, plaintext, nil), nil } -// decryptDataBlock decrypts some cipher text +// decryptDataBlock decrypts some cipher text. func DecryptDataBlock(cipherText, key []byte) ([]byte, error) { block, err := aes.NewCipher(key) @@ -59,7 +59,7 @@ func DecryptDataBlock(cipherText, key []byte) ([]byte, error) { return gcm.Open(nil, nonce, input, nil) } -// encodeText encodes the session state information into a value for a cookie to consume +// encodeText encodes the session state information into a value for a cookie to consume. func EncodeText(plaintext string, key string) (string, error) { cipherText, err := EncryptDataBlock([]byte(plaintext), []byte(key)) @@ -70,7 +70,7 @@ func EncodeText(plaintext string, key string) (string, error) { return base64.RawStdEncoding.EncodeToString(cipherText), nil } -// decodeText decodes the session state cookie value +// decodeText decodes the session state cookie value. func DecodeText(state, key string) (string, error) { cipherText, err := base64.RawStdEncoding.DecodeString(state) diff --git a/pkg/google/config/config.go b/pkg/google/config/config.go index e14847c0d..449e06666 100644 --- a/pkg/google/config/config.go +++ b/pkg/google/config/config.go @@ -173,7 +173,6 @@ type Config struct { IsDiscoverURILegacy bool } -// NewDefaultConfig returns a initialized config func NewDefaultConfig() *Config { var hostnames []string if name, err := os.Hostname(); err == nil { @@ -265,7 +264,7 @@ func (r *Config) GetDefaultAllowedQueryParams() map[string]string { return r.DefaultAllowedQueryParams } -// readConfigFile reads and parses the configuration file +// readConfigFile reads and parses the configuration file. func (r *Config) ReadConfigFile(filename string) error { content, err := os.ReadFile(filename) @@ -299,7 +298,7 @@ func (r *Config) Update() error { return nil } -// IsValid validates if the config is valid +// IsValid validates if the config is valid. func (r *Config) IsValid() error { if r.ListenAdmin == r.Listen { r.ListenAdmin = "" @@ -332,17 +331,14 @@ func (r *Config) IsValid() error { return nil } -// HasCustomSignInPage checks if there is a custom sign in page func (r *Config) HasCustomSignInPage() bool { return r.SignInPage != "" } -// HasForbiddenPage checks if there is a custom forbidden page func (r *Config) HasCustomForbiddenPage() bool { return r.ForbiddenPage != "" } -// HasCustomErrorPage checks if there is a custom error page func (r *Config) HasCustomErrorPage() bool { return r.ErrorPage != "" } diff --git a/pkg/keycloak/config/config.go b/pkg/keycloak/config/config.go index 35c82ab9b..8180ef01a 100644 --- a/pkg/keycloak/config/config.go +++ b/pkg/keycloak/config/config.go @@ -183,7 +183,6 @@ type Config struct { IsDiscoverURILegacy bool } -// NewDefaultConfig returns a initialized config func NewDefaultConfig() *Config { var hostnames []string if name, err := os.Hostname(); err == nil { @@ -278,7 +277,7 @@ func (r *Config) GetDefaultAllowedQueryParams() map[string]string { return r.DefaultAllowedQueryParams } -// readConfigFile reads and parses the configuration file +// readConfigFile reads and parses the configuration file. func (r *Config) ReadConfigFile(filename string) error { content, err := os.ReadFile(filename) @@ -312,7 +311,7 @@ func (r *Config) Update() error { return nil } -// IsValid validates if the config is valid +// IsValid validates if the config is valid. func (r *Config) IsValid() error { if r.ListenAdmin == r.Listen { r.ListenAdmin = "" @@ -347,17 +346,14 @@ func (r *Config) IsValid() error { return nil } -// HasCustomSignInPage checks if there is a custom sign in page func (r *Config) HasCustomSignInPage() bool { return r.SignInPage != "" } -// HasForbiddenPage checks if there is a custom forbidden page func (r *Config) HasCustomForbiddenPage() bool { return r.ForbiddenPage != "" } -// HasCustomErrorPage checks if there is a custom error page func (r *Config) HasCustomErrorPage() bool { return r.ErrorPage != "" } diff --git a/pkg/keycloak/proxy/forwarding.go b/pkg/keycloak/proxy/forwarding.go index 2244ea7df..6780e71b5 100644 --- a/pkg/keycloak/proxy/forwarding.go +++ b/pkg/keycloak/proxy/forwarding.go @@ -23,7 +23,7 @@ import ( "go.uber.org/zap" ) -// forwardProxyHandler is responsible for signing outbound requests +// forwardProxyHandler is responsible for signing outbound requests. func forwardProxyHandler( logger *zap.Logger, pat *PAT, diff --git a/pkg/keycloak/proxy/misc.go b/pkg/keycloak/proxy/misc.go index 1a219282b..15ed98652 100644 --- a/pkg/keycloak/proxy/misc.go +++ b/pkg/keycloak/proxy/misc.go @@ -230,7 +230,7 @@ func WithUMAIdentity( return authzFunc(targetPath, umaUser.Permissions) } -// getRPT retrieves relaying party token +// getRPT retrieves relaying party token. func getRPT( ctx context.Context, pat *PAT, diff --git a/pkg/keycloak/proxy/server.go b/pkg/keycloak/proxy/server.go index 305a53de9..ecc3eda2d 100644 --- a/pkg/keycloak/proxy/server.go +++ b/pkg/keycloak/proxy/server.go @@ -171,7 +171,7 @@ func NewProxy(config *config.Config, log *zap.Logger, upstream core.ReverseProxy return svc, nil } -// createLogger is responsible for creating the service logger +// createLogger is responsible for creating the service logger. func createLogger(config *config.Config) (*zap.Logger, error) { httplog.SetOutput(io.Discard) // disable the http logger @@ -202,7 +202,7 @@ func createLogger(config *config.Config) (*zap.Logger, error) { return cfg.Build() } -// useDefaultStack sets the default middleware stack for router +// useDefaultStack sets the default middleware stack for router. func (r *OauthProxy) useDefaultStack(engine chi.Router, accessForbidden func(wrt http.ResponseWriter, req *http.Request) context.Context) { engine.NotFound(handlers.EmptyHandler) @@ -1065,7 +1065,7 @@ func (r *OauthProxy) Run() (context.Context, error) { return ctx, nil } -// Shutdown finishes the proxy service with gracefully period +// Shutdown finishes the proxy service with gracefully period. func (r *OauthProxy) Shutdown() error { ctx, cancel := context.WithTimeout( context.Background(), @@ -1100,7 +1100,7 @@ func (r *OauthProxy) Shutdown() error { return err } -// listenerConfig encapsulate listener options +// listenerConfig encapsulate listener options. type listenerConfig struct { hostnames []string // list of hostnames the service will respond to ca string // the path to a certificate authority @@ -1117,7 +1117,7 @@ type listenerConfig struct { useSelfSignedTLS bool // indicates we are using the self-signed tls } -// makeListenerConfig extracts a listener configuration from a proxy Config +// makeListenerConfig extracts a listener configuration from a proxy Config. func makeListenerConfig(config *config.Config) listenerConfig { var minTLSVersion uint16 switch strings.ToLower(config.TLSMinVersion) { @@ -1148,10 +1148,10 @@ func makeListenerConfig(config *config.Config) listenerConfig { } } -// ErrHostNotConfigured indicates the hostname was not configured +// ErrHostNotConfigured indicates the hostname was not configured. var ErrHostNotConfigured = errors.New("acme/autocert: host not configured") -// createHTTPListener is responsible for creating a listening socket +// createHTTPListener is responsible for creating a listening socket. // //nolint:cyclop func (r *OauthProxy) createHTTPListener(config listenerConfig) (net.Listener, error) { @@ -1304,7 +1304,7 @@ func (r *OauthProxy) createHTTPListener(config listenerConfig) (net.Listener, er return listener, nil } -// createUpstreamProxy create a reverse http proxy from the upstream +// createUpstreamProxy create a reverse http proxy from the upstream. func (r *OauthProxy) createUpstreamProxy(upstream *url.URL) error { dialer := (&net.Dialer{ KeepAlive: r.Config.UpstreamKeepaliveTimeout, @@ -1417,7 +1417,7 @@ func (r *OauthProxy) createUpstreamProxy(upstream *url.URL) error { return nil } -// createTemplates loads the custom template +// createTemplates loads the custom template. func createTemplates( logger *zap.Logger, signInPage string, @@ -1489,7 +1489,7 @@ func (r OpenIDRoundTripper) RoundTrip(req *http.Request) (*http.Response, error) } // newOpenIDProvider initializes the openID configuration, note: the redirection url is deliberately left blank -// in order to retrieve it from the host header on request +// in order to retrieve it from the host header on request. func (r *OauthProxy) NewOpenIDProvider() (*oidc3.Provider, *gocloak.GoCloak, error) { host := fmt.Sprintf( "%s://%s", diff --git a/pkg/proxy/cookie/cookies.go b/pkg/proxy/cookie/cookies.go index 11dec2c81..ca7cba1a3 100644 --- a/pkg/proxy/cookie/cookies.go +++ b/pkg/proxy/cookie/cookies.go @@ -44,7 +44,7 @@ type Manager struct { NoRedirects bool } -// DropCookie drops a cookie into the response +// DropCookie drops a cookie into the response. func (cm *Manager) DropCookie( wrt http.ResponseWriter, name, @@ -88,7 +88,7 @@ func (cm *Manager) DropCookie( } // maxCookieChunkSize calculates max cookie chunk size, which can be used for cookie value -// this seems to be not useful as many browsers have limits of all cookies per domain = 4096 bytes +// this seems to be not useful as many browsers have limits of all cookies per domain = 4096 bytes. func (cm *Manager) GetMaxCookieChunkLength( req *http.Request, cookieName string, @@ -125,7 +125,7 @@ func (cm *Manager) GetMaxCookieChunkLength( return maxCookieChunkLength } -// dropCookieWithChunks drops a cookie from the response, taking into account possible chunks +// dropCookieWithChunks drops a cookie from the response, taking into account possible chunks. func (cm *Manager) dropCookieWithChunks( req *http.Request, wrt http.ResponseWriter, @@ -138,7 +138,7 @@ func (cm *Manager) dropCookieWithChunks( if len(value) <= maxCookieChunkLength { cm.DropCookie(wrt, name, value, duration) } else { - // write divided cookies because payload is too long for single cookie + // write divided cookies because payload is too long for single cookie. cm.DropCookie(wrt, name, value[0:maxCookieChunkLength], duration) for idx := maxCookieChunkLength; idx < len(value); idx += maxCookieChunkLength { @@ -157,27 +157,27 @@ func (cm *Manager) dropCookieWithChunks( } } -// dropAccessTokenCookie drops a access token cookie +// dropAccessTokenCookie drops a access token cookie. func (cm *Manager) DropAccessTokenCookie(req *http.Request, w http.ResponseWriter, value string, duration time.Duration) { cm.dropCookieWithChunks(req, w, cm.CookieAccessName, value, duration) } -// DropRefreshTokenCookie drops a refresh token cookie +// DropRefreshTokenCookie drops a refresh token cookie. func (cm *Manager) DropRefreshTokenCookie(req *http.Request, w http.ResponseWriter, value string, duration time.Duration) { cm.dropCookieWithChunks(req, w, cm.CookieRefreshName, value, duration) } -// dropIdTokenCookie drops a id token cookie +// dropIdTokenCookie drops a id token cookie. func (cm *Manager) DropIDTokenCookie(req *http.Request, w http.ResponseWriter, value string, duration time.Duration) { cm.dropCookieWithChunks(req, w, cm.CookieIDTokenName, value, duration) } -// dropUMATokenCookie drops a uma token cookie +// dropUMATokenCookie drops a uma token cookie. func (cm *Manager) DropUMATokenCookie(req *http.Request, w http.ResponseWriter, value string, duration time.Duration) { cm.dropCookieWithChunks(req, w, cm.CookieUMAName, value, duration) } -// DropStateParameterCookie sets a state parameter cookie into the response +// DropStateParameterCookie sets a state parameter cookie into the response. func (cm *Manager) DropStateParameterCookie(req *http.Request, wrt http.ResponseWriter) string { uuid, err := uuid.NewV4() @@ -200,12 +200,12 @@ func (cm *Manager) DropStateParameterCookie(req *http.Request, wrt http.Response return uuid.String() } -// DropPKCECookie sets a code verifier cookie into the response +// DropPKCECookie sets a code verifier cookie into the response. func (cm *Manager) DropPKCECookie(wrt http.ResponseWriter, codeVerifier string) { cm.DropCookie(wrt, cm.CookiePKCEName, codeVerifier, 0) } -// ClearAllCookies is just a helper function for the below +// ClearAllCookies is just a helper function for the below. func (cm *Manager) ClearAllCookies(req *http.Request, w http.ResponseWriter) { cm.ClearAccessTokenCookie(req, w) cm.ClearRefreshTokenCookie(req, w) @@ -217,7 +217,7 @@ func (cm *Manager) ClearAllCookies(req *http.Request, w http.ResponseWriter) { func (cm *Manager) ClearCookie(req *http.Request, wrt http.ResponseWriter, name string) { cm.DropCookie(wrt, name, "", constant.InvalidCookieDuration) - // clear divided cookies + // clear divided cookies. for idx := 1; idx < 600; idx++ { var _, err = req.Cookie(name + "-" + strconv.Itoa(idx)) @@ -234,38 +234,38 @@ func (cm *Manager) ClearCookie(req *http.Request, wrt http.ResponseWriter, name } } -// clearRefreshSessionCookie clears the session cookie +// clearRefreshSessionCookie clears the session cookie. func (cm *Manager) ClearRefreshTokenCookie(req *http.Request, wrt http.ResponseWriter) { cm.ClearCookie(req, wrt, cm.CookieRefreshName) } -// ClearAccessTokenCookie clears the session cookie +// ClearAccessTokenCookie clears the session cookie. func (cm *Manager) ClearAccessTokenCookie(req *http.Request, wrt http.ResponseWriter) { cm.ClearCookie(req, wrt, cm.CookieAccessName) } -// ClearIDTokenCookie clears the session cookie +// ClearIDTokenCookie clears the session cookie. func (cm *Manager) ClearIDTokenCookie(req *http.Request, wrt http.ResponseWriter) { cm.ClearCookie(req, wrt, cm.CookieIDTokenName) } -// ClearUMATokenCookie clears the session cookie +// ClearUMATokenCookie clears the session cookie. func (cm *Manager) ClearUMATokenCookie(req *http.Request, wrt http.ResponseWriter) { cm.ClearCookie(req, wrt, cm.CookieUMAName) } -// ClearPKCECookie clears the session cookie +// ClearPKCECookie clears the session cookie. func (cm *Manager) ClearPKCECookie(req *http.Request, wrt http.ResponseWriter) { cm.ClearCookie(req, wrt, cm.CookiePKCEName) } -// ClearStateParameterCookie clears the session cookie +// ClearStateParameterCookie clears the session cookie. func (cm *Manager) ClearStateParameterCookie(req *http.Request, wrt http.ResponseWriter) { cm.ClearCookie(req, wrt, cm.CookieRequestURIName) cm.ClearCookie(req, wrt, cm.CookieOAuthStateName) } -// findCookie looks for a cookie in a list of cookies +// findCookie looks for a cookie in a list of cookies. func FindCookie(name string, cookies []*http.Cookie) *http.Cookie { for _, cookie := range cookies { if cookie.Name == name { @@ -276,7 +276,7 @@ func FindCookie(name string, cookies []*http.Cookie) *http.Cookie { return nil } -// filterCookies is responsible for censoring any cookies we don't want sent +// filterCookies is responsible for censoring any cookies we don't want sent. func FilterCookies(req *http.Request, filter []string) error { // @NOTE: there doesn't appear to be a way of removing a cookie from the http.Request as // AddCookie() just append diff --git a/pkg/proxy/core/core.go b/pkg/proxy/core/core.go index bbef36e14..a2b68c678 100644 --- a/pkg/proxy/core/core.go +++ b/pkg/proxy/core/core.go @@ -18,7 +18,6 @@ var ( Version = "" ) -// GetVersion returns the proxy version func GetVersion() string { if Version == "" { tm, err := strconv.ParseInt(compiled, 10, 64) @@ -37,7 +36,6 @@ type OauthProxies interface { Shutdown() error } -// ReverseProxy is a wrapper type ReverseProxy interface { ServeHTTP(rw http.ResponseWriter, req *http.Request) } diff --git a/pkg/proxy/core/helpers.go b/pkg/proxy/core/helpers.go index dbe2b408f..bbef5daca 100644 --- a/pkg/proxy/core/helpers.go +++ b/pkg/proxy/core/helpers.go @@ -14,7 +14,7 @@ import ( "go.uber.org/zap" ) -// RedirectToURL redirects the user and aborts the context +// RedirectToURL redirects the user and aborts the context. func RedirectToURL( logger *zap.Logger, url string, @@ -142,7 +142,7 @@ func EncryptToken( return encrypted, nil } -// revokeProxy is responsible for stopping middleware from proxying the request +// revokeProxy is responsible for stopping middleware from proxying the request. func revokeProxy(logger *zap.Logger, req *http.Request) context.Context { var scope *models.RequestScope ctxVal := req.Context().Value(constant.ContextScopeName) diff --git a/pkg/proxy/core/template.go b/pkg/proxy/core/template.go index 2cc3801a9..034d32a49 100644 --- a/pkg/proxy/core/template.go +++ b/pkg/proxy/core/template.go @@ -10,7 +10,7 @@ import ( "go.uber.org/zap" ) -// AccessForbidden redirects the user to the forbidden page +// AccessForbidden redirects the user to the forbidden page. func AccessForbidden( logger *zap.Logger, httpStatus int, @@ -37,7 +37,6 @@ func AccessForbidden( } } -// renders CustomSignInPage func CustomSignInPage( logger *zap.Logger, page string, diff --git a/pkg/proxy/handlers/handlers.go b/pkg/proxy/handlers/handlers.go index db05960c9..c307079da 100644 --- a/pkg/proxy/handlers/handlers.go +++ b/pkg/proxy/handlers/handlers.go @@ -35,10 +35,10 @@ import ( "go.uber.org/zap" ) -// EmptyHandler is responsible for doing nothing +// EmptyHandler is responsible for doing nothing. func EmptyHandler(_ http.ResponseWriter, _ *http.Request) {} -// HealthHandler is a health check handler for the service +// HealthHandler is a health check handler for the service. func HealthHandler(w http.ResponseWriter, _ *http.Request) { w.Header().Set(constant.VersionHeader, proxycore.GetVersion()) w.WriteHeader(http.StatusOK) @@ -90,7 +90,7 @@ func MethodNotAllowHandlder(w http.ResponseWriter, _ *http.Request) { _, _ = w.Write(nil) } -// ProxyMetricsHandler forwards the request into the prometheus handler +// ProxyMetricsHandler forwards the request into the prometheus handler. func ProxyMetricsHandler( localhostMetrics bool, accessForbidden func(wrt http.ResponseWriter, req *http.Request) context.Context, @@ -107,7 +107,7 @@ func ProxyMetricsHandler( } } -// RetrieveIDToken retrieves the id token from cookie +// RetrieveIDToken retrieves the id token from cookie. func RetrieveIDToken( cookieIDTokenName string, enableEncryptedToken bool, @@ -133,7 +133,7 @@ func RetrieveIDToken( return token, encrypted, err } -// discoveryHandler provides endpoint info +// discoveryHandler provides endpoint info. func DiscoveryHandler( logger *zap.Logger, withOAuthURI func(string) string, @@ -171,7 +171,7 @@ func DiscoveryHandler( } } -// getRedirectionURL returns the redirectionURL for the oauth flow +// getRedirectionURL returns the redirectionURL for the oauth flow. func GetRedirectionURL( logger *zap.Logger, redirectionURL string, @@ -225,7 +225,7 @@ func GetRedirectionURL( } } -// ExpirationHandler checks if the token has expired +// ExpirationHandler checks if the token has expired. func ExpirationHandler( getIdentity func(req *http.Request, tokenCookie string, tokenHeader string) (*models.UserContext, error), cookieAccessName string, @@ -246,7 +246,7 @@ func ExpirationHandler( } } -// TokenHandler display access token to screen +// TokenHandler display access token to screen. func TokenHandler( getIdentity func(req *http.Request, tokenCookie string, tokenHeader string) (*models.UserContext, error), cookieAccessName string, diff --git a/pkg/proxy/middleware/base.go b/pkg/proxy/middleware/base.go index 842f6e81f..0ce23c4fe 100644 --- a/pkg/proxy/middleware/base.go +++ b/pkg/proxy/middleware/base.go @@ -24,11 +24,10 @@ import ( ) const ( - // normalizeFlags is the options to purell normalizeFlags purell.NormalizationFlags = purell.FlagRemoveDotSegments | purell.FlagRemoveDuplicateSlashes ) -// entrypointMiddleware is custom filtering for incoming requests +// entrypointMiddleware is custom filtering for incoming requests. func EntrypointMiddleware(logger *zap.Logger) func(http.Handler) http.Handler { return func(next http.Handler) http.Handler { return http.HandlerFunc(func(wrt http.ResponseWriter, req *http.Request) { @@ -66,7 +65,7 @@ func EntrypointMiddleware(logger *zap.Logger) func(http.Handler) http.Handler { } } -// requestIDMiddleware is responsible for adding a request id if none found +// requestIDMiddleware is responsible for adding a request id if none found. func RequestIDMiddleware(header string) func(http.Handler) http.Handler { return func(next http.Handler) http.Handler { return http.HandlerFunc(func(wrt http.ResponseWriter, req *http.Request) { @@ -83,7 +82,7 @@ func RequestIDMiddleware(header string) func(http.Handler) http.Handler { } } -// loggingMiddleware is a custom http logger +// loggingMiddleware is a custom http logger. func LoggingMiddleware( logger *zap.Logger, verbose bool, @@ -138,7 +137,7 @@ func LoggingMiddleware( } } -// ResponseHeaderMiddleware is responsible for adding response headers +// ResponseHeaderMiddleware is responsible for adding response headers. func ResponseHeaderMiddleware(headers map[string]string) func(http.Handler) http.Handler { return func(next http.Handler) http.Handler { return http.HandlerFunc(func(wrt http.ResponseWriter, req *http.Request) { @@ -152,7 +151,6 @@ func ResponseHeaderMiddleware(headers map[string]string) func(http.Handler) http } } -// DenyMiddleware func DenyMiddleware( logger *zap.Logger, accessForbidden func(wrt http.ResponseWriter, req *http.Request) context.Context, @@ -165,7 +163,7 @@ func DenyMiddleware( } } -// ProxyDenyMiddleware just block everything +// ProxyDenyMiddleware just block everything. func ProxyDenyMiddleware(logger *zap.Logger) func(http.Handler) http.Handler { return func(next http.Handler) http.Handler { return http.HandlerFunc(func(wrt http.ResponseWriter, req *http.Request) { @@ -192,7 +190,6 @@ func ProxyDenyMiddleware(logger *zap.Logger) func(http.Handler) http.Handler { } } -// MethodCheck middleware func MethodCheckMiddleware(logger *zap.Logger) func(http.Handler) http.Handler { return func(next http.Handler) http.Handler { logger.Info("enabling the method check middleware") @@ -372,7 +369,6 @@ func ProxyMiddleware( } } -// ForwardAuthMiddleware func ForwardAuthMiddleware(logger *zap.Logger, oAuthURI string) func(http.Handler) http.Handler { return func(next http.Handler) http.Handler { logger.Info("enabling the forward-auth middleware") diff --git a/pkg/proxy/middleware/security.go b/pkg/proxy/middleware/security.go index 7c7037870..c00c7a3e6 100644 --- a/pkg/proxy/middleware/security.go +++ b/pkg/proxy/middleware/security.go @@ -17,7 +17,7 @@ import ( "go.uber.org/zap" ) -// SecurityMiddleware performs numerous security checks on the request +// SecurityMiddleware performs numerous security checks on the request. func SecurityMiddleware( logger *zap.Logger, allowedHosts []string, @@ -59,7 +59,7 @@ func SecurityMiddleware( } } -// HmacMiddleware verifies hmac +// HmacMiddleware verifies hmac. func HmacMiddleware(logger *zap.Logger, encKey string) func(http.Handler) http.Handler { return func(next http.Handler) http.Handler { return http.HandlerFunc(func(wrt http.ResponseWriter, req *http.Request) { diff --git a/pkg/proxy/models/models.go b/pkg/proxy/models/models.go index 346aae6ac..c6be8edec 100644 --- a/pkg/proxy/models/models.go +++ b/pkg/proxy/models/models.go @@ -2,7 +2,7 @@ package models import "go.uber.org/zap" -// RequestScope is a request level context scope passed between middleware +// RequestScope is a request level context scope passed between middleware. type RequestScope struct { // AccessDenied indicates the request should not be proxied on AccessDenied bool diff --git a/pkg/proxy/models/rest.go b/pkg/proxy/models/rest.go index 34de9778d..bbe04183c 100644 --- a/pkg/proxy/models/rest.go +++ b/pkg/proxy/models/rest.go @@ -1,6 +1,6 @@ package models -// models.TokenResponse +// models.TokenResponse. type TokenResponse struct { TokenType string `json:"token_type"` AccessToken string `json:"access_token"` diff --git a/pkg/proxy/models/user.go b/pkg/proxy/models/user.go index bce7d31a0..ebbbafce6 100644 --- a/pkg/proxy/models/user.go +++ b/pkg/proxy/models/user.go @@ -20,7 +20,7 @@ type RealmRoles struct { Roles []string `json:"roles"` } -// Extract custom claims +// Extract custom claims. type CustClaims struct { Email string `json:"email"` Acr string `json:"acr"` @@ -34,12 +34,12 @@ type CustClaims struct { Authorization Permissions `json:"authorization"` } -// isExpired checks if the token has expired +// isExpired checks if the token has expired. func (r *UserContext) IsExpired() bool { return r.ExpiresAt.Before(time.Now()) } -// String returns a string representation of the user context +// String returns a string representation of the user context. func (r *UserContext) String() string { return fmt.Sprintf( "user: %s, expires: %s, roles: %s", @@ -49,7 +49,7 @@ func (r *UserContext) String() string { ) } -// userContext holds the information extracted the token +// userContext holds the information extracted the token. type UserContext struct { // the id of the user ID string diff --git a/pkg/proxy/session/token.go b/pkg/proxy/session/token.go index 81066f2cf..4d0860f46 100644 --- a/pkg/proxy/session/token.go +++ b/pkg/proxy/session/token.go @@ -25,7 +25,7 @@ import ( "golang.org/x/oauth2" ) -// GetRefreshTokenFromCookie returns the refresh token from the cookie if any +// GetRefreshTokenFromCookie returns the refresh token from the cookie if any. func GetRefreshTokenFromCookie(req *http.Request, cookieName string) (string, error) { token, err := GetTokenInCookie(req, cookieName) if err != nil { @@ -73,7 +73,7 @@ func GetTokenInRequest( return token, bearer, nil } -// getTokenInBearer retrieves a access token from the authorization header +// getTokenInBearer retrieves a access token from the authorization header. func GetTokenInBearer(req *http.Request) (string, error) { token := req.Header.Get(constant.AuthorizationHeader) if token == "" { @@ -92,7 +92,7 @@ func GetTokenInBearer(req *http.Request) (string, error) { return items[1], nil } -// getTokenInHeader retrieves a token from the header +// getTokenInHeader retrieves a token from the header. func GetTokenInHeader(req *http.Request, headerName string) (string, error) { token := req.Header.Get(headerName) if token == "" { @@ -101,7 +101,7 @@ func GetTokenInHeader(req *http.Request, headerName string) (string, error) { return token, nil } -// getTokenInCookie retrieves the access token from the request cookies +// getTokenInCookie retrieves the access token from the request cookies. func GetTokenInCookie(req *http.Request, name string) (string, error) { var token bytes.Buffer @@ -125,7 +125,7 @@ func GetTokenInCookie(req *http.Request, name string) (string, error) { return token.String(), nil } -// GetIdentity retrieves the user identity from a request, either from a session cookie or a bearer token +// GetIdentity retrieves the user identity from a request, either from a session cookie or a bearer token. func GetIdentity( logger *zap.Logger, skipAuthorizationHeaderIdentity bool, @@ -177,7 +177,7 @@ func GetIdentity( } } -// ExtractIdentity parse the jwt token and extracts the various elements is order to construct +// ExtractIdentity parse the jwt token and extracts the various elements is order to construct. func ExtractIdentity(token *jwt.JSONWebToken) (*models.UserContext, error) { stdClaims := &jwt.Claims{} customClaims := models.CustClaims{} @@ -243,7 +243,7 @@ func ExtractIdentity(token *jwt.JSONWebToken) (*models.UserContext, error) { }, nil } -// retrieveRefreshToken retrieves the refresh token from store or cookie +// retrieveRefreshToken retrieves the refresh token from store or cookie. func RetrieveRefreshToken( store storage.Storage, cookieRefreshName string, @@ -270,7 +270,7 @@ func RetrieveRefreshToken( return token, encrypted, err } -// GetAccessCookieExpiration calculates the expiration of the access token cookie +// GetAccessCookieExpiration calculates the expiration of the access token cookie. func GetAccessCookieExpiration( logger *zap.Logger, accessTokenDuration time.Duration, @@ -361,7 +361,7 @@ func GetCodeFlowTokens( return resp.AccessToken, idToken, resp.RefreshToken, nil } -// exchangeAuthenticationCode exchanges the authentication code with the oauth server for a access token +// exchangeAuthenticationCode exchanges the authentication code with the oauth server for a access token. func exchangeAuthenticationCode( ctx context.Context, oConfig *oauth2.Config, diff --git a/pkg/storage/storage.go b/pkg/storage/storage.go index 641f8348a..226805703 100644 --- a/pkg/storage/storage.go +++ b/pkg/storage/storage.go @@ -8,7 +8,7 @@ import ( ) // storage is used to hold the offline refresh token, assuming you don't want to use -// the default practice of a encrypted cookie +// the default practice of a encrypted cookie. type Storage interface { // Set the token to the store Set(ctx context.Context, key string, value string, expiration time.Duration) error @@ -23,7 +23,7 @@ type Storage interface { GetRefreshTokenFromStore(ctx context.Context, token string) (string, error) } -// createStorage creates the store client for use +// createStorage creates the store client for use. func CreateStorage(location string) (Storage, error) { var store Storage var err error diff --git a/pkg/storage/store_redis.go b/pkg/storage/store_redis.go index fa384b101..47bb56aad 100644 --- a/pkg/storage/store_redis.go +++ b/pkg/storage/store_redis.go @@ -30,7 +30,7 @@ type RedisStore struct { Client *redis.Client } -// newRedisStore creates a new redis store +// newRedisStore creates a new redis store. func newRedisStore(url string) (Storage, error) { opts, err := redis.ParseURL(url) if err != nil { @@ -40,7 +40,7 @@ func newRedisStore(url string) (Storage, error) { return RedisStore{Client: client}, nil } -// Set adds a token to the store +// Set adds a token to the store. func (r RedisStore) Set(ctx context.Context, key, value string, expiration time.Duration) error { if err := r.Client.Set(ctx, key, value, expiration); err.Err() != nil { return err.Err() @@ -49,7 +49,7 @@ func (r RedisStore) Set(ctx context.Context, key, value string, expiration time. return nil } -// Checks if key exists in store +// Checks if key exists in store. func (r RedisStore) Exists(ctx context.Context, key string) (bool, error) { val, err := r.Client.Exists(ctx, key).Result() if err != nil { @@ -59,7 +59,7 @@ func (r RedisStore) Exists(ctx context.Context, key string) (bool, error) { return val > 0, nil } -// Get retrieves a token from the store +// Get retrieves a token from the store. func (r RedisStore) Get(ctx context.Context, key string) (string, error) { result := r.Client.Get(ctx, key) if result.Err() != nil { @@ -69,12 +69,12 @@ func (r RedisStore) Get(ctx context.Context, key string) (string, error) { return result.Val(), nil } -// Delete remove the key +// Delete remove the key. func (r RedisStore) Delete(ctx context.Context, key string) error { return r.Client.Del(ctx, key).Err() } -// Close closes of any open resources +// Close closes of any open resources. func (r RedisStore) Close() error { if r.Client != nil { return r.Client.Close() @@ -83,7 +83,7 @@ func (r RedisStore) Close() error { return nil } -// Get retrieves a token from the store, the key we are using here is the access token +// Get retrieves a token from the store, the key we are using here is the access token. func (r RedisStore) GetRefreshTokenFromStore( ctx context.Context, token string, diff --git a/pkg/testsuite/fake_authserver.go b/pkg/testsuite/fake_authserver.go index 1a238f53f..184a84730 100644 --- a/pkg/testsuite/fake_authserver.go +++ b/pkg/testsuite/fake_authserver.go @@ -103,7 +103,6 @@ func NewTestToken(issuer string) *FakeToken { return &FakeToken{Claims: claims} } -// getToken returns a JWT token from the clains func (t *FakeToken) GetToken() (string, error) { input := []byte("") block, _ := pem.Decode([]byte(fakePrivateKey)) @@ -133,7 +132,6 @@ func (t *FakeToken) GetToken() (string, error) { return jwt, nil } -// getUnsignedToken returns a unsigned JWT token from the claims func (t *FakeToken) GetUnsignedToken() (string, error) { input := []byte("") block, _ := pem.Decode([]byte(fakePrivateKey)) @@ -169,22 +167,18 @@ func (t *FakeToken) GetUnsignedToken() (string, error) { return jwt, nil } -// setExpiration sets the expiration of the token func (t *FakeToken) SetExpiration(tm time.Time) { t.Claims.Exp = tm.Unix() } -// addGroups adds groups to then token func (t *FakeToken) addGroups(groups []string) { t.Claims.Groups = groups } -// addRealmRoles adds realms roles to token func (t *FakeToken) addRealmRoles(roles []string) { t.Claims.RealmAccess.Roles = roles } -// addClientRoles adds client roles to the token func (t *FakeToken) addClientRoles(client string, roles []string) { t.Claims.ResourceAccess = make(map[string]RoleClaim) t.Claims.ResourceAccess[client] = RoleClaim{Roles: roles} @@ -300,7 +294,7 @@ type fakeAuthConfig struct { ResourceSetHandlerFailure bool } -// newFakeAuthServer simulates a oauth service +// newFakeAuthServer simulates a oauth service. func newFakeAuthServer(config *fakeAuthConfig) *fakeAuthServer { certBlock, _ := pem.Decode([]byte(fakeCert)) diff --git a/pkg/testsuite/fake_upstream.go b/pkg/testsuite/fake_upstream.go index bb73a04d3..9277f492e 100644 --- a/pkg/testsuite/fake_upstream.go +++ b/pkg/testsuite/fake_upstream.go @@ -12,7 +12,7 @@ import ( "golang.org/x/net/websocket" ) -// fakeUpstreamResponse is the response from fake upstream +// fakeUpstreamResponse is the response from fake upstream. type fakeUpstreamResponse struct { URI string `json:"uri"` Method string `json:"method"` @@ -21,7 +21,7 @@ type fakeUpstreamResponse struct { Body string `json:"body"` } -// FakeUpstreamService acts as a fake upstream service, returns the headers and request +// FakeUpstreamService acts as a fake upstream service, returns the headers and request. type FakeUpstreamService struct{} func (f *FakeUpstreamService) ServeHTTP(wrt http.ResponseWriter, req *http.Request) { diff --git a/pkg/testsuite/middleware_test.go b/pkg/testsuite/middleware_test.go index a1c5f66d0..60e413b38 100644 --- a/pkg/testsuite/middleware_test.go +++ b/pkg/testsuite/middleware_test.go @@ -1997,7 +1997,7 @@ func TestAdmissionHandlerRoles(t *testing.T) { newFakeProxy(cfg, &fakeAuthConfig{}).RunTests(t, requests) } -// check to see if custom headers are hitting the upstream +// check to see if custom headers are hitting the upstream. func TestCustomHeaders(t *testing.T) { requests := []struct { Headers map[string]string diff --git a/pkg/utils/token.go b/pkg/utils/token.go index 69ed94507..3a38ca450 100644 --- a/pkg/utils/token.go +++ b/pkg/utils/token.go @@ -243,7 +243,6 @@ func CheckClaim( return false } -// VerifyOIDCTokens func VerifyOIDCTokens( ctx context.Context, provider *oidc3.Provider, @@ -287,7 +286,6 @@ func VerifyOIDCTokens( return oAccToken, oIDToken, nil } -// NewOAuth2Config returns a oauth2 config func NewOAuth2Config( clientID string, clientSecret string, diff --git a/pkg/utils/utils.go b/pkg/utils/utils.go index 86b2f1be5..0cbc8af1f 100644 --- a/pkg/utils/utils.go +++ b/pkg/utils/utils.go @@ -58,7 +58,6 @@ var ( symbolsFilter = regexp.MustCompilePOSIX("[_$><\\[\\].,\\+-/'%^&*()!\\\\]+") ) -// getRequestHostURL returns the hostname from the request func GetRequestHostURL(req *http.Request) string { scheme := constant.UnsecureScheme @@ -73,7 +72,6 @@ func GetRequestHostURL(req *http.Request) string { return redirect } -// decodeKeyPairs converts a list of strings (key=pair) to a map func DecodeKeyPairs(list []string) (map[string]string, error) { keyPairs := make(map[string]string) @@ -90,7 +88,6 @@ func DecodeKeyPairs(list []string) (map[string]string, error) { return keyPairs, nil } -// IsValidHTTPMethod ensure this is a valid http method type func IsValidHTTPMethod(method string) bool { for _, x := range AllHTTPMethods { if method == x { @@ -101,7 +98,6 @@ func IsValidHTTPMethod(method string) bool { return false } -// defaultTo returns the value of the default func DefaultTo(v, d string) string { if v != "" { return v @@ -110,7 +106,6 @@ func DefaultTo(v, d string) string { return d } -// fileExists check if a file exists func FileExists(filename string) bool { if _, err := os.Stat(filename); err != nil { if os.IsNotExist(err) { @@ -121,7 +116,6 @@ func FileExists(filename string) bool { return true } -// hasAccess checks we have all or any of the needed items in the list func HasAccess(need, have []string, all bool) bool { if len(need) == 0 { return true @@ -148,7 +142,6 @@ func HasAccess(need, have []string, all bool) bool { return matched > 0 } -// containedIn checks if a value in a list of a strings func ContainedIn(value string, list []string) bool { for _, x := range list { if x == value { @@ -159,7 +152,6 @@ func ContainedIn(value string, list []string) bool { return false } -// containsSubString checks if substring exists func ContainsSubString(value string, list []string) bool { for _, x := range list { if strings.Contains(value, x) { @@ -170,7 +162,7 @@ func ContainsSubString(value string, list []string) bool { return false } -// tryDialEndpoint dials the upstream endpoint via plain HTTP +// tryDialEndpoint dials the upstream endpoint via plain HTTP. func TryDialEndpoint(location *url.URL) (net.Conn, error) { switch dialAddress := DialAddress(location); location.Scheme { case constant.UnsecureScheme: @@ -184,18 +176,17 @@ func TryDialEndpoint(location *url.URL) (net.Conn, error) { } } -// isUpgradedConnection checks to see if the request is requesting func IsUpgradedConnection(req *http.Request) bool { return req.Header.Get(constant.HeaderUpgrade) != "" } -// transferBytes transfers bytes between the sink and source +// transferBytes transfers bytes between the sink and source. func TransferBytes(src io.Reader, dest io.Writer, wg *sync.WaitGroup) (int64, error) { defer wg.Done() return io.Copy(dest, src) } -// tryUpdateConnection attempt to upgrade the connection to a http pdy stream +// tryUpdateConnection attempt to upgrade the connection to a http pdy stream. func TryUpdateConnection(req *http.Request, writer http.ResponseWriter, endpoint *url.URL) error { // step: dial the endpoint server, err := TryDialEndpoint(endpoint) @@ -238,7 +229,7 @@ func TryUpdateConnection(req *http.Request, writer http.ResponseWriter, endpoint return nil } -// dialAddress extracts the dial address from the url +// dialAddress extracts the dial address from the url. func DialAddress(location *url.URL) string { items := strings.Split(location.Host, ":") @@ -255,7 +246,6 @@ func DialAddress(location *url.URL) string { return location.Host } -// toHeader is a helper method to play nice in the headers func ToHeader(v string) string { symbols := symbolsFilter.Split(v, -1) list := make([]string, 0, len(symbols)) @@ -268,7 +258,7 @@ func ToHeader(v string) string { return strings.Join(list, "-") } -// capitalize capitalizes the first letter of a word +// capitalize capitalizes the first letter of a word. func Capitalize(word string) string { if word == "" { return "" @@ -278,7 +268,7 @@ func Capitalize(word string) string { return string(unicode.ToUpper(r)) + word[n:] } -// mergeMaps simples copies the keys from source to destination +// mergeMaps simples copies the keys from source to destination. func MergeMaps(dest, source map[string]string) map[string]string { for k, v := range source { dest[k] = v @@ -288,7 +278,7 @@ func MergeMaps(dest, source map[string]string) map[string]string { } // getWithin calculates a duration of x percent of the time period, i.e. something -// expires in 1 hours, get me a duration within 80% +// expires in 1 hours, get me a duration within 80%. func GetWithin(expires time.Time, within float64) time.Duration { left := expires.UTC().Sub(time.Now().UTC()).Seconds() @@ -301,18 +291,18 @@ func GetWithin(expires time.Time, within float64) time.Duration { return time.Duration(seconds) * time.Second } -// getHashKey returns a hash of the encodes jwt token +// getHashKey returns a hash of the encoded jwt token. func GetHashKey(token string) string { hash := sha.Sum512([]byte(token)) return base64.RawStdEncoding.EncodeToString(hash[:]) } -// printError display the command line usage and error +// printError display the command line usage and error. func PrintError(message string, args ...interface{}) cli.ExitCoder { return cli.Exit(fmt.Sprintf("[error] "+message, args...), 1) } -// realIP retrieves the client ip address from a http request +// realIP retrieves the client ip address from a http request. func RealIP(req *http.Request) string { rAddr := req.RemoteAddr @@ -351,7 +341,7 @@ func GenerateHmac(req *http.Request, encKey string) (string, error) { return hexHmac, nil } -// WithOAuthURI returns the oauth uri +// WithOAuthURI returns the oauth uri. func WithOAuthURI(baseURI string, oauthURI string) func(uri string) string { return func(uri string) string { uri = strings.TrimPrefix(uri, "/") From cdb8479ff9365ac5f9795873fa09970574b96339 Mon Sep 17 00:00:00 2001 From: Pavol Ipoth Date: Fri, 3 Jan 2025 21:00:37 +0100 Subject: [PATCH 4/4] Update deps 3.0.2 --- go.mod | 8 +-- go.sum | 89 +++----------------------- pkg/authorization/external_keycloak.go | 2 +- pkg/keycloak/proxy/handlers.go | 2 +- pkg/keycloak/proxy/middleware.go | 2 +- pkg/keycloak/proxy/misc.go | 2 +- pkg/keycloak/proxy/oauth_proxy.go | 2 +- pkg/keycloak/proxy/server.go | 2 +- 8 files changed, 19 insertions(+), 90 deletions(-) diff --git a/go.mod b/go.mod index ca87dfe9f..df4ce19ba 100644 --- a/go.mod +++ b/go.mod @@ -1,7 +1,7 @@ module github.com/gogatekeeper/gatekeeper require ( - github.com/Nerzal/gocloak/v12 v12.0.0 + github.com/Nerzal/gocloak/v13 v13.9.0 github.com/PuerkitoBio/goquery v1.10.0 github.com/PuerkitoBio/purell v1.2.1 github.com/alicebob/miniredis/v2 v2.33.0 @@ -31,7 +31,7 @@ require ( go.uber.org/automaxprocs v1.6.0 go.uber.org/zap v1.27.0 golang.org/x/crypto v0.31.0 - golang.org/x/net v0.30.0 + golang.org/x/net v0.33.0 golang.org/x/oauth2 v0.23.0 golang.org/x/sync v0.10.0 gopkg.in/yaml.v2 v2.4.0 @@ -62,8 +62,7 @@ require ( github.com/go-logr/stdr v1.2.2 // indirect github.com/go-task/slim-sprig/v3 v3.0.0 // indirect github.com/gobwas/glob v0.2.3 // indirect - github.com/golang-jwt/jwt/v4 v4.5.0 // indirect - github.com/golang/glog v1.2.2 // indirect + github.com/golang-jwt/jwt/v5 v5.0.0 // indirect github.com/google/flatbuffers v24.3.25+incompatible // indirect github.com/google/go-cmp v0.6.0 // indirect github.com/google/pprof v0.0.0-20241101162523-b92577c0c142 // indirect @@ -102,7 +101,6 @@ require ( golang.org/x/sys v0.28.0 // indirect golang.org/x/text v0.21.0 // indirect golang.org/x/tools v0.26.0 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20240814211410-ddb44dafa142 // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20241021214115-324edc3d5d38 // indirect google.golang.org/grpc v1.67.1 // indirect google.golang.org/protobuf v1.35.1 // indirect diff --git a/go.sum b/go.sum index ee49106d9..a9d863615 100644 --- a/go.sum +++ b/go.sum @@ -4,18 +4,14 @@ github.com/Microsoft/go-winio v0.6.2 h1:F2VQgta7ecxGYO8k3ZZz3RS8fVIXVxONVUPlNERo github.com/Microsoft/go-winio v0.6.2/go.mod h1:yd8OoFMLzJbo9gZq8j5qaps8bJ9aShtEA8Ipt1oGCvU= github.com/Microsoft/hcsshim v0.11.7 h1:vl/nj3Bar/CvJSYo7gIQPyRWc9f3c6IeSNavBTSZNZQ= github.com/Microsoft/hcsshim v0.11.7/go.mod h1:MV8xMfmECjl5HdO7U/3/hFVnkmSBjAjmA09d4bExKcU= -github.com/Nerzal/gocloak/v12 v12.0.0 h1:oOddyLpf+CxdGHFx5bABn4yCAtIGDwJkvJP4hFSospY= -github.com/Nerzal/gocloak/v12 v12.0.0/go.mod h1:EAIc7luf3+dwMMHNWC9/X9vAA+KZJl5qfSWDIu7IlSs= +github.com/Nerzal/gocloak/v13 v13.9.0 h1:YWsJsdM5b0yhM2Ba3MLydiOlujkBry4TtdzfIzSVZhw= +github.com/Nerzal/gocloak/v13 v13.9.0/go.mod h1:YYuDcXZ7K2zKECyVP7pPqjKxx2AzYSpKDj8d6GuyM10= github.com/OneOfOne/xxhash v1.2.8 h1:31czK/TI9sNkxIKfaUfGlU47BAxQ0ztGgd9vPyqimf8= github.com/OneOfOne/xxhash v1.2.8/go.mod h1:eZbhyaAYD41SGSSsnmcpxVoRiQ/MPUTjUdIIOT9Um7Q= -github.com/PuerkitoBio/goquery v1.9.2 h1:4/wZksC3KgkQw7SQgkKotmKljk0M6V8TUvA8Wb4yPeE= -github.com/PuerkitoBio/goquery v1.9.2/go.mod h1:GHPCaP0ODyyxqcNoFGYlAprUFH81NuRPd0GX3Zu2Mvk= github.com/PuerkitoBio/goquery v1.10.0 h1:6fiXdLuUvYs2OJSvNRqlNPoBm6YABE226xrbavY5Wv4= github.com/PuerkitoBio/goquery v1.10.0/go.mod h1:TjZZl68Q3eGHNBA8CWaxAN7rOU1EbDz3CWuolcO5Yu4= github.com/PuerkitoBio/purell v1.2.1 h1:QsZ4TjvwiMpat6gBCBxEQI0rcS9ehtkKtSpiUnd9N28= github.com/PuerkitoBio/purell v1.2.1/go.mod h1:ZwHcC/82TOaovDi//J/804umJFFmbOHPngi8iYYv/Eo= -github.com/agnivade/levenshtein v1.1.1 h1:QY8M92nrzkmr798gCo3kmMyqXFzdQVpxLlGPRBij0P8= -github.com/agnivade/levenshtein v1.1.1/go.mod h1:veldBMzWxcCG2ZvUTKD2kJNRdCk5hVbJomOvKkmgYbo= github.com/agnivade/levenshtein v1.2.0 h1:U9L4IOT0Y3i0TIlUIDJ7rVUziKi/zPbrJGaFrtYH3SY= github.com/agnivade/levenshtein v1.2.0/go.mod h1:QVVI16kDrtSuwcpd0p1+xMC6Z/VfhtCyDIjcwga4/DU= github.com/alicebob/gopher-json v0.0.0-20230218143504-906a9b012302 h1:uvdUDbHQHO85qeSydJtItA4T55Pw6BtAejd0APRJOCE= @@ -30,7 +26,6 @@ github.com/armon/go-proxyproto v0.1.0 h1:TWWcSsjco7o2itn6r25/5AqKBiWmsiuzsUDLT/M github.com/armon/go-proxyproto v0.1.0/go.mod h1:Xj90dce2VKbHzRAeiVQAMBtj4M5oidoXJ8lmgyW21mw= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= -github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc h1:biVzkmvwrH8WK8raXaxBx6fRVTlJILwEwQGL1I/ByEI= github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8= github.com/boombuler/barcode v1.0.2 h1:79yrbttoZrLGkL/oOI8hBrUKucwOL0oOjUgEguGMcJ4= github.com/boombuler/barcode v1.0.2/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8= @@ -48,14 +43,10 @@ github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UF github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/containerd/cgroups v1.1.0 h1:v8rEWFl6EoqHB+swVNjVoCJE8o3jX7e8nqBGPLaDFBM= github.com/containerd/cgroups v1.1.0/go.mod h1:6ppBcbh/NOOUU+dMKrykgaBnK9lCIBxHqJDGwsa1mIw= -github.com/containerd/containerd v1.7.21 h1:USGXRK1eOC/SX0L195YgxTHb0a00anxajOzgfN0qrCA= -github.com/containerd/containerd v1.7.21/go.mod h1:e3Jz1rYRUZ2Lt51YrH9Rz0zPyJBOlSvB3ghr2jbVD8g= github.com/containerd/containerd v1.7.23 h1:H2CClyUkmpKAGlhQp95g2WXHfLYc7whAuvZGBNYOOwQ= github.com/containerd/containerd v1.7.23/go.mod h1:7QUzfURqZWCZV7RLNEn1XjUCQLEf0bkaK4GjUaZehxw= github.com/containerd/continuity v0.4.3 h1:6HVkalIp+2u1ZLH1J/pYX2oBVXlJZvh1X1A7bEZ9Su8= github.com/containerd/continuity v0.4.3/go.mod h1:F6PTNCKepoxEaXLQp3wDAjygEnImnZ/7o4JzpodfroQ= -github.com/containerd/errdefs v0.1.0 h1:m0wCRBiu1WJT/Fr+iOoQHMQS/eP5myQ8lCv4Dz5ZURM= -github.com/containerd/errdefs v0.1.0/go.mod h1:YgWiiHtLmSeBrvpw+UfPijzbLaB77mEG1WwJTDETIV0= github.com/containerd/errdefs v0.3.0 h1:FSZgGOeK4yuT/+DnF07/Olde/q4KBoMsaamhXxIMDp4= github.com/containerd/errdefs v0.3.0/go.mod h1:+YBYIdtsnF4Iw6nWZhJcqGSg/dwvV7tyJ/kCkyJ2k+M= github.com/containerd/log v0.1.0 h1:TCJt7ioM2cr/tfR8GPbGf9/VRAX8D2B4PjzCpfX540I= @@ -64,8 +55,6 @@ github.com/containerd/platforms v0.2.1 h1:zvwtM3rz2YHPQsF2CHYM8+KtB5dvhISiXh5ZpS github.com/containerd/platforms v0.2.1/go.mod h1:XHCb+2/hzowdiut9rkudds9bE5yJ7npe7dG/wG+uFPw= github.com/coreos/go-oidc/v3 v3.11.0 h1:Ia3MxdwpSw702YW0xgfmP1GVCMA9aEFWu12XUZ3/OtI= github.com/coreos/go-oidc/v3 v3.11.0/go.mod h1:gE3LgjOgFoHi9a4ce4/tJczr0Ai2/BoDhf0r5lltWI0= -github.com/cpuguy83/go-md2man/v2 v2.0.4 h1:wfIWP927BUkWJb2NmU/kNDYIBTh/ziUX91+lVfRxZq4= -github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/cpuguy83/go-md2man/v2 v2.0.5 h1:ZtcqGrnekaHpVLArFSe4HK5DoKx1T0rq2DwVB0alcyc= github.com/cpuguy83/go-md2man/v2 v2.0.5/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= @@ -78,13 +67,10 @@ github.com/dgraph-io/ristretto v0.1.1 h1:6CWw5tJNgpegArSHpNHJKldNeq03FQCwYvfMVWa github.com/dgraph-io/ristretto v0.1.1/go.mod h1:S1GPSBCYCIhmVNfcth17y2zZtQT6wzkzgwUve0VDWWA= github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f h1:lO4WD4F/rVNCu3HqELle0jiPLLBs70cWOduZpkS1E78= github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f/go.mod h1:cuUVRXasLTGF7a8hSLbxyZXjz+1KgoB3wDUb6vlszIc= -github.com/dgryski/trifles v0.0.0-20200323201526-dd97f9abfb48 h1:fRzb/w+pyskVMQ+UbP35JkH8yB7MYb4q/qhBarqZE6g= -github.com/dgryski/trifles v0.0.0-20200323201526-dd97f9abfb48/go.mod h1:if7Fbed8SFyPtHLHbg49SI7NAdJiC5WIA09pe59rfAA= github.com/dgryski/trifles v0.0.0-20230903005119-f50d829f2e54 h1:SG7nF6SRlWhcT7cNTs5R6Hk4V2lcmLz2NsG2VnInyNo= +github.com/dgryski/trifles v0.0.0-20230903005119-f50d829f2e54/go.mod h1:if7Fbed8SFyPtHLHbg49SI7NAdJiC5WIA09pe59rfAA= github.com/dustin/go-humanize v1.0.1 h1:GzkhY7T5VNhEkwH0PVJgjz+fX1rhBrR7pRT3mDkpeCY= github.com/dustin/go-humanize v1.0.1/go.mod h1:Mu1zIs6XwVuF/gI1OepvI0qD18qycQx+mFykh5fBlto= -github.com/elazarl/goproxy v0.0.0-20240726154733-8b0c20506380 h1:1NyRx2f4W4WBRyg0Kys0ZbaNmDDzZ2R/C7DTi+bbsJ0= -github.com/elazarl/goproxy v0.0.0-20240726154733-8b0c20506380/go.mod h1:thX175TtLTzLj3p7N/Q9IiKZ7NF+p72cvL91emV0hzo= github.com/elazarl/goproxy v0.0.0-20240909085733-6741dbfc16a1 h1:g7YUigN4dW2+zpdusdTTghZ+5Py3BaUMAStvL8Nk+FY= github.com/elazarl/goproxy v0.0.0-20240909085733-6741dbfc16a1/go.mod h1:thX175TtLTzLj3p7N/Q9IiKZ7NF+p72cvL91emV0hzo= github.com/elazarl/goproxy/ext v0.0.0-20190711103511-473e67f1d7d2 h1:dWB6v3RcOy03t/bUadywsbyrQwCqZeNIEX6M1OtSZOM= @@ -95,8 +81,6 @@ github.com/fortytw2/leaktest v1.3.0 h1:u8491cBMTQ8ft8aeV+adlcytMZylmA5nnwwkRZjI8 github.com/fortytw2/leaktest v1.3.0/go.mod h1:jDsjWgpAGjm2CA7WthBh/CdZYEPF31XHquHwclZch5g= github.com/foxcpp/go-mockdns v1.1.0 h1:jI0rD8M0wuYAxL7r/ynTrCQQq0BVqfB99Vgk7DlmewI= github.com/foxcpp/go-mockdns v1.1.0/go.mod h1:IhLeSFGed3mJIAXPH2aiRQB+kqz7oqu8ld2qVbOu7Wk= -github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA= -github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM= github.com/fsnotify/fsnotify v1.8.0 h1:dAwr6QBTBZIkG8roQaJjGof0pp0EeF+tNV7YBP3F/8M= github.com/fsnotify/fsnotify v1.8.0/go.mod h1:8jBTzvmWwFyi3Pb8djgCCO5IBqzKJ/Jwo8TRcHyHii0= github.com/go-chi/chi/v5 v5.1.0 h1:acVI1TYaD+hhedDJ3r54HyA6sExp3HfXq7QWEEY/xMw= @@ -120,8 +104,8 @@ github.com/gofrs/uuid v4.4.0+incompatible h1:3qXRTX8/NbyulANqlc0lchS1gqAVxRgsuW1 github.com/gofrs/uuid v4.4.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM= github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= -github.com/golang-jwt/jwt/v4 v4.5.0 h1:7cYmW1XlMY7h7ii7UhUyChSgS5wUJEnm9uZVTGqOWzg= -github.com/golang-jwt/jwt/v4 v4.5.0/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0= +github.com/golang-jwt/jwt/v5 v5.0.0 h1:1n1XNM9hk7O9mnQoNBGolZvzebBQ7p93ULHRc28XJUE= +github.com/golang-jwt/jwt/v5 v5.0.0/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk= github.com/golang/glog v1.2.2 h1:1+mZ9upx1Dh6FmUTFR1naJ77miKiXgALjWOZ3NVFPmY= github.com/golang/glog v1.2.2/go.mod h1:6AhwSGph0fcJtXVM/PEHPqZlFeoLxhs7/t5UDAwmO+w= github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE= @@ -135,8 +119,6 @@ github.com/google/flatbuffers v24.3.25+incompatible/go.mod h1:1AeVuKshWv4vARoZat github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= -github.com/google/pprof v0.0.0-20240903155634-a8630aee4ab9 h1:q5g0N9eal4bmJwXHC5z0QCKs8qhS35hFfq0BAYsIwZI= -github.com/google/pprof v0.0.0-20240903155634-a8630aee4ab9/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144= github.com/google/pprof v0.0.0-20241101162523-b92577c0c142 h1:sAGdeJj0bnMgUNVeUpp6AYlVdCt3/GdI3pGRqsNSQLs= github.com/google/pprof v0.0.0-20241101162523-b92577c0c142/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144= github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= @@ -153,8 +135,6 @@ github.com/jochasinga/relay v0.0.0-20161125200856-6a088273228f h1:QWP/EhlAPeJGlv github.com/jochasinga/relay v0.0.0-20161125200856-6a088273228f/go.mod h1:qlpuzDguMQeZebM9+/rTCxDTXmN3oN1ctP+zcX3AejM= github.com/jtolds/gls v4.20.0+incompatible h1:xdiiI2gbIgH/gLH7ADydsJ1uDOEzR8yvV7C0MuV77Wo= github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU= -github.com/klauspost/compress v1.17.9 h1:6KIumPrER1LHsvBVuDa0r5xaG0Es51mhhB9BQB2qeMA= -github.com/klauspost/compress v1.17.9/go.mod h1:Di0epgTjJY877eYKx5yC51cX2A2Vl2ibi7bDH9ttBbw= github.com/klauspost/compress v1.17.11 h1:In6xLpyWOi1+C7tXUUWv2ot1QvBjxevKAaI6IXrJmUc= github.com/klauspost/compress v1.17.11/go.mod h1:pMDklpSncoRMuLFrf1W9Ss9KT+0rH90U12bZKk7uwG0= github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= @@ -175,16 +155,10 @@ github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= github.com/oleiade/reflections v1.1.0 h1:D+I/UsXQB4esMathlt0kkZRJZdUDmhv5zGi/HOwYTWo= github.com/oleiade/reflections v1.1.0/go.mod h1:mCxx0QseeVCHs5Um5HhJeCKVC7AwS8kO67tky4rdisA= -github.com/onsi/ginkgo/v2 v2.20.2 h1:7NVCeyIWROIAheY21RLS+3j2bb52W0W82tkberYytp4= -github.com/onsi/ginkgo/v2 v2.20.2/go.mod h1:K9gyxPIlb+aIvnZ8bd9Ak+YP18w3APlR+5coaZoE2ag= github.com/onsi/ginkgo/v2 v2.21.0 h1:7rg/4f3rB88pb5obDgNZrNHrQ4e6WpjonchcpuBRnZM= github.com/onsi/ginkgo/v2 v2.21.0/go.mod h1:7Du3c42kxCUegi0IImZ1wUQzMBVecgIHjR1C+NkhLQo= -github.com/onsi/gomega v1.34.2 h1:pNCwDkzrsv7MS9kpaQvVb1aVLahQXyJ/Tv5oAZMI3i8= -github.com/onsi/gomega v1.34.2/go.mod h1:v1xfxRgk0KIsG+QOdm7p8UosrOzPYRo60fd3B/1Dukc= github.com/onsi/gomega v1.35.1 h1:Cwbd75ZBPxFSuZ6T+rN/WCb/gOc6YgFBXLlZLhC7Ds4= github.com/onsi/gomega v1.35.1/go.mod h1:PvZbdDc8J6XJEpDK4HCuRBm8a6Fzp9/DmhC9C7yFlog= -github.com/open-policy-agent/opa v0.68.0 h1:Jl3U2vXRjwk7JrHmS19U3HZO5qxQRinQbJ2eCJYSqJQ= -github.com/open-policy-agent/opa v0.68.0/go.mod h1:5E5SvaPwTpwt2WM177I9Z3eT7qUpmOGjk1ZdHs+TZ4w= github.com/open-policy-agent/opa v0.70.0 h1:B3cqCN2iQAyKxK6+GI+N40uqkin+wzIrM7YA60t9x1U= github.com/open-policy-agent/opa v0.70.0/go.mod h1:Y/nm5NY0BX0BqjBriKUiV81sCl8XOjjvqQG7dXrggtI= github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= @@ -202,30 +176,22 @@ github.com/pquerna/otp v1.4.0 h1:wZvl1TIVxKRThZIBiwOOHOGP/1+nZyWBil9Y2XNEDzg= github.com/pquerna/otp v1.4.0/go.mod h1:dkJfzwRKNiegxyNb54X/3fLwhCynbMspSyWKnvi1AEg= github.com/prashantv/gostub v1.1.0 h1:BTyx3RfQjRHnUWaGF9oQos79AlQ5k8WNktv7VGvVH4g= github.com/prashantv/gostub v1.1.0/go.mod h1:A5zLQHz7ieHGG7is6LLXLz7I8+3LZzsrV0P1IAHhP5U= -github.com/prometheus/client_golang v1.20.2 h1:5ctymQzZlyOON1666svgwn3s6IKWgfbjsejTMiXIyjg= -github.com/prometheus/client_golang v1.20.2/go.mod h1:PIEt8X02hGcP8JWbeHyeZ53Y/jReSnHgO035n//V5WE= github.com/prometheus/client_golang v1.20.5 h1:cxppBPuYhUnsO6yo/aoRol4L7q7UFfdm+bR9r+8l63Y= github.com/prometheus/client_golang v1.20.5/go.mod h1:PIEt8X02hGcP8JWbeHyeZ53Y/jReSnHgO035n//V5WE= github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E= github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY= -github.com/prometheus/common v0.58.0 h1:N+N8vY4/23r6iYfD3UQZUoJPnUYAo7v6LG5XZxjZTXo= -github.com/prometheus/common v0.58.0/go.mod h1:GpWM7dewqmVYcd7SmRaiWVe9SSqjf0UrwnYnpEZNuT0= github.com/prometheus/common v0.60.1 h1:FUas6GcOw66yB/73KC+BOZoFJmbo/1pojoILArPAaSc= github.com/prometheus/common v0.60.1/go.mod h1:h0LYf1R1deLSKtD4Vdg8gy4RuOvENW2J/h19V5NADQw= github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0learggepc= github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk= github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475 h1:N/ElC8H3+5XpJzTSTfLsJV/mx9Q9g7kxmchpfZyxgzM= github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4= -github.com/redis/go-redis/v9 v9.6.1 h1:HHDteefn6ZkTtY5fGUE8tj8uy85AHk6zP7CpzIAM0y4= -github.com/redis/go-redis/v9 v9.6.1/go.mod h1:0C0c6ycQsdpVNQpxb1njEQIqkx5UcsM8FJCQLgE9+RA= github.com/redis/go-redis/v9 v9.7.0 h1:HhLSs+B6O021gwzl+locl0zEDnyNkxMtf/Z3NNBMa9E= github.com/redis/go-redis/v9 v9.7.0/go.mod h1:f6zhXITC7JUJIlPEiBOTXxJgPLdZcA93GewI7inzyWw= github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8= github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4= github.com/rs/cors v1.11.1 h1:eU3gRzXLRK57F5rKMGMZURNdIG4EoAmX8k94r9wXWHA= github.com/rs/cors v1.11.1/go.mod h1:XyqrcTp5zjWr1wsJ8PIRZssZ8b/WMcMf71DJnit4EMU= -github.com/russross/blackfriday v1.6.0 h1:KqfZb0pUVN2lYqZUYRddxF4OR8ZMURnJIG5Y3VRLtww= -github.com/russross/blackfriday v1.6.0/go.mod h1:ti0ldHuxg49ri4ksnFxlkCfN+hvslNlmVHqNRXXJNAY= github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/segmentio/ksuid v1.0.4 h1:sBo2BdShXjmcugAMwjugoGUdUV0pcxY5mW4xKRn3v4c= @@ -250,12 +216,8 @@ github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsT github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= github.com/tchap/go-patricia/v2 v2.3.1 h1:6rQp39lgIYZ+MHmdEq4xzuk1t7OdC35z/xm0BGhTkes= github.com/tchap/go-patricia/v2 v2.3.1/go.mod h1:VZRHKAb53DLaG+nA9EaYYiaEx6YztwDlLElMsnSHD4k= -github.com/unrolled/secure v1.15.0 h1:q7x+pdp8jAHnbzxu6UheP8fRlG/rwYTb8TPuQ3rn9Og= -github.com/unrolled/secure v1.15.0/go.mod h1:BmF5hyM6tXczk3MpQkFf1hpKSRqCyhqcbiQtiAF7+40= github.com/unrolled/secure v1.17.0 h1:Io7ifFgo99Bnh0J7+Q+qcMzWM6kaDPCA5FroFZEdbWU= github.com/unrolled/secure v1.17.0/go.mod h1:BmF5hyM6tXczk3MpQkFf1hpKSRqCyhqcbiQtiAF7+40= -github.com/urfave/cli/v2 v2.27.4 h1:o1owoI+02Eb+K107p27wEX9Bb8eqIoZCfLXloLUSWJ8= -github.com/urfave/cli/v2 v2.27.4/go.mod h1:m4QzxcD2qpra4z7WhzEGn74WZLViBnMpb1ToCAKdGRQ= github.com/urfave/cli/v2 v2.27.5 h1:WoHEJLdsXr6dDWoJgMq/CboDmyY/8HMMH1fTECbih+w= github.com/urfave/cli/v2 v2.27.5/go.mod h1:3Sevf16NykTbInEnD0yKkjDAeZDS0A6bzhBH5hrMvTQ= github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb h1:zGWFAtiMcyryUHoUjUJX0/lt1H2+i2Ka2n+D3DImSNo= @@ -271,34 +233,22 @@ github.com/yuin/gopher-lua v1.1.1 h1:kYKnWBjvbNP4XLT3+bPEwAXJx262OhaHDWDVOPjL46M github.com/yuin/gopher-lua v1.1.1/go.mod h1:GBR0iDaNXjAgGg9zfCvksxSRnQx76gclCIb7kdAd1Pw= go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0= go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.54.0 h1:TT4fX+nBOA/+LUkobKGW1ydGcn+G3vRw9+g5HwCphpk= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.54.0/go.mod h1:L7UH0GbB0p47T4Rri3uHjbpCFYrVrwc1I25QhNPiGK8= go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.56.0 h1:UP6IpuHFkUgOQL9FFQFrZ+5LiwhhYRbi7VZSIx6Nj5s= go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.56.0/go.mod h1:qxuZLtbq5QDtdeSHsS7bcf6EH6uO6jUAgk764zd3rhM= -go.opentelemetry.io/otel v1.29.0 h1:PdomN/Al4q/lN6iBJEN3AwPvUiHPMlt93c8bqTG5Llw= -go.opentelemetry.io/otel v1.29.0/go.mod h1:N/WtXPs1CNCUEx+Agz5uouwCba+i+bJGFicT8SR4NP8= go.opentelemetry.io/otel v1.31.0 h1:NsJcKPIW0D0H3NgzPDHmo0WW6SptzPdqg/L1zsIm2hY= go.opentelemetry.io/otel v1.31.0/go.mod h1:O0C14Yl9FgkjqcCZAsE053C13OaddMYr/hz6clDkEJE= go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.28.0 h1:3Q/xZUyC1BBkualc9ROb4G8qkH90LXEIICcs5zv1OYY= go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.28.0/go.mod h1:s75jGIWA9OfCMzF0xr+ZgfrB5FEbbV7UuYo32ahUiFI= go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.28.0 h1:R3X6ZXmNPRR8ul6i3WgFURCHzaXjHdm0karRG/+dj3s= go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.28.0/go.mod h1:QWFXnDavXWwMx2EEcZsf3yxgEKAqsxQ+Syjp+seyInw= -go.opentelemetry.io/otel/metric v1.29.0 h1:vPf/HFWTNkPu1aYeIsc98l4ktOQaL6LeSoeV2g+8YLc= -go.opentelemetry.io/otel/metric v1.29.0/go.mod h1:auu/QWieFVWx+DmQOUMgj0F8LHWdgalxXqvp7BII/W8= go.opentelemetry.io/otel/metric v1.31.0 h1:FSErL0ATQAmYHUIzSezZibnyVlft1ybhy4ozRPcF2fE= go.opentelemetry.io/otel/metric v1.31.0/go.mod h1:C3dEloVbLuYoX41KpmAhOqNriGbA+qqH6PQ5E5mUfnY= -go.opentelemetry.io/otel/sdk v1.29.0 h1:vkqKjk7gwhS8VaWb0POZKmIEDimRCMsopNYnriHyryo= -go.opentelemetry.io/otel/sdk v1.29.0/go.mod h1:pM8Dx5WKnvxLCb+8lG1PRNIDxu9g9b9g59Qr7hfAAok= go.opentelemetry.io/otel/sdk v1.31.0 h1:xLY3abVHYZ5HSfOg3l2E5LUj2Cwva5Y7yGxnSW9H5Gk= go.opentelemetry.io/otel/sdk v1.31.0/go.mod h1:TfRbMdhvxIIr/B2N2LQW2S5v9m3gOQ/08KsbbO5BPT0= -go.opentelemetry.io/otel/trace v1.29.0 h1:J/8ZNK4XgR7a21DZUAsbF8pZ5Jcw1VhACmnYt39JTi4= -go.opentelemetry.io/otel/trace v1.29.0/go.mod h1:eHl3w0sp3paPkYstJOmAimxhiFXPg+MMTlEh3nsQgWQ= go.opentelemetry.io/otel/trace v1.31.0 h1:ffjsj1aRouKewfr85U2aGagJ46+MvodynlQ1HYdmJys= go.opentelemetry.io/otel/trace v1.31.0/go.mod h1:TXZkRk7SM2ZQLtR6eoAWQFIHPvzQ06FJAsO1tJg480A= go.opentelemetry.io/proto/otlp v1.3.1 h1:TrMUixzpM0yuc/znrFTP9MMRh8trP93mkCiDVeXrui0= go.opentelemetry.io/proto/otlp v1.3.1/go.mod h1:0X1WI4de4ZsLrrJNLAQbFeLCm3T7yBkR0XqQ7niQU+8= -go.uber.org/automaxprocs v1.5.3 h1:kWazyxZUrS3Gs4qUpbwo5kEIMGe/DAvi5Z4tl2NW4j8= -go.uber.org/automaxprocs v1.5.3/go.mod h1:eRbA25aqJrxAbsLO0xy5jVwPt7FQnRgjW+efnwa1WM0= go.uber.org/automaxprocs v1.6.0 h1:O3y2/QNTOdbF+e/dpXNNW7Rx2hZ4sTIPyybbxyNqTUs= go.uber.org/automaxprocs v1.6.0/go.mod h1:ifeIMSnPZuznNm6jmdzmU3/bfk01Fe2fotchwEFJ8r8= go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto= @@ -309,30 +259,25 @@ go.uber.org/zap v1.27.0 h1:aJMhYGrd5QSmlpLMr2MftRKl7t8J8PTZPA732ud/XR8= go.uber.org/zap v1.27.0/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= -golang.org/x/crypto v0.28.0 h1:GBDwsMXVQi34v5CCYUm2jkJvu4cbtru2U4TN2PSyQnw= -golang.org/x/crypto v0.28.0/go.mod h1:rmgy+3RHxRZMyY0jjAJShp2zgEdOqj2AO7U0pYmeQ7U= golang.org/x/crypto v0.31.0 h1:ihbySMvVjLAeSH1IbfcRTkD/iNscyz8rGzjF/E5hV6U= golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= -golang.org/x/mod v0.20.0 h1:utOm6MM3R3dnawAiJgn0y+xvuYRsm1RKM/4giyfDgV0= -golang.org/x/mod v0.20.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/mod v0.21.0 h1:vvrHzRwRfVKSiLrG+d4FMl/Qi4ukBCE6kZlTUkDYRT0= +golang.org/x/mod v0.21.0/go.mod h1:6SkKJ3Xj0I0BrPOZoBy3bdMptDDU9oJrpohJ3eWZ1fY= golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.9.0/go.mod h1:d48xBJpPfHeWQsugry2m+kC02ZBRGRgulfHnEXEuWns= -golang.org/x/net v0.30.0 h1:AcW1SDZMkb8IpzCdQUaIq2sP4sZ4zw+55h6ynffypl4= -golang.org/x/net v0.30.0/go.mod h1:2wGyMJ5iFasEhkwi13ChkO/t1ECNC4X4eBKkVFyYFlU= +golang.org/x/net v0.33.0 h1:74SYHlV8BIgHIFC/LrYkOGIwL19eTYXQ5wc6TBuO36I= +golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4= golang.org/x/oauth2 v0.23.0 h1:PbgcYx2W7i4LvjJWEbf0ngHV6qJYr86PkAV3bXdLEbs= golang.org/x/oauth2 v0.23.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.8.0 h1:3NFvSEYkUoMifnESzZl15y791HH1qU2xm6eCJU5ZPXQ= -golang.org/x/sync v0.8.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sync v0.10.0 h1:3NQrjDixjgGwUOCaF8w2+VYHv0Ve/vGYSbdkTa98gmQ= golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -343,8 +288,6 @@ golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.26.0 h1:KHjCJyddX0LoSTb3J+vWpupP9p0oznkqVk/IfjymZbo= -golang.org/x/sys v0.26.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.28.0 h1:Fksou7UEQUWlKvIdsqzJmUmCX3cZuD2+P3XyyzwMhlA= golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= @@ -356,37 +299,25 @@ golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= -golang.org/x/text v0.19.0 h1:kTxAhCbGbxhK0IwgSKiMO5awPoDQ0RpfiVYBfK860YM= -golang.org/x/text v0.19.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY= golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo= golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ= -golang.org/x/time v0.6.0 h1:eTDhh4ZXt5Qf0augr54TN6suAUudPcawVZeIAPU7D4U= -golang.org/x/time v0.6.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/time v0.7.0 h1:ntUhktv3OPE6TgYxXWv9vKvUSJyIFJlyohwbkEwPrKQ= +golang.org/x/time v0.7.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190328211700-ab21143f2384/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= -golang.org/x/tools v0.24.0 h1:J1shsA93PJUEVaUSaay7UXAyE8aimq3GW0pjlolpa24= -golang.org/x/tools v0.24.0/go.mod h1:YhNqVBIfWHdzvTLs0d8LCuMhkKUgSUKldakyV7W/WDQ= golang.org/x/tools v0.26.0 h1:v/60pFQmzmT9ExmjDv2gGIfi3OqfKoEP6I5+umXlbnQ= golang.org/x/tools v0.26.0/go.mod h1:TPVVj70c7JJ3WCazhD8OdXcZg/og+b9+tH/KxylGwH0= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -google.golang.org/genproto/googleapis/api v0.0.0-20240805194559-2c9e96a0b5d4 h1:ABEBT/sZ7We8zd7A5f3KO6zMQe+s3901H7l8Whhijt0= -google.golang.org/genproto/googleapis/api v0.0.0-20240805194559-2c9e96a0b5d4/go.mod h1:4+X6GvPs+25wZKbQq9qyAXrwIRExv7w0Ea6MgZLZiDM= +google.golang.org/genproto v0.0.0-20231211222908-989df2bf70f3 h1:1hfbdAfFbkmpg41000wDVqr7jUpK/Yo+LPnIxxGzmkg= google.golang.org/genproto/googleapis/api v0.0.0-20240814211410-ddb44dafa142 h1:wKguEg1hsxI2/L3hUYrpo1RVi48K+uTyzKqprwLXsb8= google.golang.org/genproto/googleapis/api v0.0.0-20240814211410-ddb44dafa142/go.mod h1:d6be+8HhtEtucleCbxpPW9PA9XwISACu8nvpPqF0BVo= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240903143218-8af14fe29dc1 h1:pPJltXNxVzT4pK9yD8vR9X75DaWYYmLGMsEvBfFQZzQ= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240903143218-8af14fe29dc1/go.mod h1:UqMtugtsSgubUsoxbuAoiCXvqvErP7Gf0so0mK9tHxU= google.golang.org/genproto/googleapis/rpc v0.0.0-20241021214115-324edc3d5d38 h1:zciRKQ4kBpFgpfC5QQCVtnnNAcLIqweL7plyZRQHVpI= google.golang.org/genproto/googleapis/rpc v0.0.0-20241021214115-324edc3d5d38/go.mod h1:GX3210XPVPUjJbTUbvwI8f2IpZDMZuPJWDzDuebbviI= -google.golang.org/grpc v1.66.0 h1:DibZuoBznOxbDQxRINckZcUvnCEvrW9pcWIE2yF9r1c= -google.golang.org/grpc v1.66.0/go.mod h1:s3/l6xSSCURdVfAnL+TqCNMyTDAGN6+lZeVxnZR128Y= google.golang.org/grpc v1.67.1 h1:zWnc1Vrcno+lHZCOofnIMvycFcc0QRGIzm9dhnDX68E= google.golang.org/grpc v1.67.1/go.mod h1:1gLDyUQU7CTLJI90u3nXZ9ekeghjeM7pTDZlqFNg2AA= -google.golang.org/protobuf v1.34.2 h1:6xV6lTsCfpGD21XK49h7MhtcApnLqkfYgPcdHftf6hg= -google.golang.org/protobuf v1.34.2/go.mod h1:qYOHts0dSfpeUzUFpOMr/WGzszTmLH+DiWniOlNbLDw= google.golang.org/protobuf v1.35.1 h1:m3LfL6/Ca+fqnjnlqQXNpFPABW1UD7mjh8KO2mKFytA= google.golang.org/protobuf v1.35.1/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= diff --git a/pkg/authorization/external_keycloak.go b/pkg/authorization/external_keycloak.go index 460b7bb82..dd2abbf3b 100644 --- a/pkg/authorization/external_keycloak.go +++ b/pkg/authorization/external_keycloak.go @@ -4,7 +4,7 @@ import ( "context" "time" - "github.com/Nerzal/gocloak/v12" + "github.com/Nerzal/gocloak/v13" "github.com/gogatekeeper/gatekeeper/pkg/apperrors" "github.com/gogatekeeper/gatekeeper/pkg/proxy/models" ) diff --git a/pkg/keycloak/proxy/handlers.go b/pkg/keycloak/proxy/handlers.go index ef1ce3da9..608df608c 100644 --- a/pkg/keycloak/proxy/handlers.go +++ b/pkg/keycloak/proxy/handlers.go @@ -28,7 +28,7 @@ import ( "strings" "time" - "github.com/Nerzal/gocloak/v12" + "github.com/Nerzal/gocloak/v13" oidc3 "github.com/coreos/go-oidc/v3/oidc" "github.com/go-jose/go-jose/v4" "github.com/go-jose/go-jose/v4/jwt" diff --git a/pkg/keycloak/proxy/middleware.go b/pkg/keycloak/proxy/middleware.go index 2a95a09d4..a5be09ca5 100644 --- a/pkg/keycloak/proxy/middleware.go +++ b/pkg/keycloak/proxy/middleware.go @@ -25,7 +25,7 @@ import ( "net/url" "time" - "github.com/Nerzal/gocloak/v12" + "github.com/Nerzal/gocloak/v13" oidc3 "github.com/coreos/go-oidc/v3/oidc" "github.com/gogatekeeper/gatekeeper/pkg/authorization" "github.com/gogatekeeper/gatekeeper/pkg/constant" diff --git a/pkg/keycloak/proxy/misc.go b/pkg/keycloak/proxy/misc.go index 15ed98652..c0007b468 100644 --- a/pkg/keycloak/proxy/misc.go +++ b/pkg/keycloak/proxy/misc.go @@ -22,7 +22,7 @@ import ( "strings" "time" - "github.com/Nerzal/gocloak/v12" + "github.com/Nerzal/gocloak/v13" "github.com/cenkalti/backoff/v4" oidc3 "github.com/coreos/go-oidc/v3/oidc" "github.com/go-jose/go-jose/v4/jwt" diff --git a/pkg/keycloak/proxy/oauth_proxy.go b/pkg/keycloak/proxy/oauth_proxy.go index e75642e8c..afa53230c 100644 --- a/pkg/keycloak/proxy/oauth_proxy.go +++ b/pkg/keycloak/proxy/oauth_proxy.go @@ -6,7 +6,7 @@ import ( "net/url" "sync" - "github.com/Nerzal/gocloak/v12" + "github.com/Nerzal/gocloak/v13" oidc3 "github.com/coreos/go-oidc/v3/oidc" "github.com/gogatekeeper/gatekeeper/pkg/keycloak/config" "github.com/gogatekeeper/gatekeeper/pkg/proxy/cookie" diff --git a/pkg/keycloak/proxy/server.go b/pkg/keycloak/proxy/server.go index ecc3eda2d..29ce2e1ab 100644 --- a/pkg/keycloak/proxy/server.go +++ b/pkg/keycloak/proxy/server.go @@ -41,7 +41,7 @@ import ( httplog "log" - "github.com/Nerzal/gocloak/v12" + "github.com/Nerzal/gocloak/v13" proxyproto "github.com/armon/go-proxyproto" backoff "github.com/cenkalti/backoff/v4" oidc3 "github.com/coreos/go-oidc/v3/oidc"