Merge branch 'master' into pr/squalus/488

Author: bnfinet

.github/workflows/coverage.yml

@@ -18,7 +18,7 @@ jobs:
       fail-fast: false
       matrix:
         # go: ['1.14', '1.15']
-        go: ['1.16']
+        go: ['1.18']
 
     steps:
       - uses: actions/setup-go@v2

.travis.yml

@@ -7,7 +7,7 @@ services:
   - docker
 
 go:
-  - "1.16"
+  - "1.18"
 
 env:
   - ISTRAVIS=true

CHANGELOG.md

@@ -4,8 +4,14 @@
 
 Coming soon! Please document any work in progress here as part of your PR. It will be moved to the next tag when released.
 
+## v0.39.0
+
 - [add support for listening on unix domain sockets](https://github.com/vouch/vouch-proxy/pull/488)
 
+## v0.38.0
+
+- upgrade golang to `v1.18` from `v1.16`
+
 ## v0.37.0
 
 - [allow configurable Write, Read and Idle timeouts for the http server](https://github.com/vouch/vouch-proxy/pull/468)

CONTRIBUTING.md

@@ -1,3 +1,27 @@
+# Setting up a Development Environment
+
+## Running Tests 
+
+```bash
+ export VOUCH_ROOT=`pwd` # if not using GOPATH
+ ./do.sh test
+```
+
+After running these tests manually once (which creates a test key pair), it is possible to run the tests with VSCode Test Explorer.
+
+To get it to work, we must set some environment variables in `.vscode/settings.json` which otherwise would be set by `do.sh`:
+
+```json
+{
+    "go.testEnvVars": {
+        "VOUCH_ROOT": "${workspaceFolder}",
+        "VOUCH_CONFIG": "${workspaceFolder}/config/testing/test_config.yml",
+        "TEST_PRIVATE_KEY_FILE": "${workspaceFolder}/config/testing/rsa.key",
+        "TEST_PUBLIC_KEY_FILE": "${workspaceFolder}/config/testing/rsa.pub",
+    }
+}
+```
+
 ### Contributing to Vouch Proxy by submitting a Pull Request
 
 **_I really love Vouch Proxy! I wish it did XXXX..._**

Dockerfile

@@ -1,6 +1,6 @@
 # quay.io/vouch/vouch-proxy
 # https://github.com/vouch/vouch-proxy
-FROM golang:1.16 AS builder
+FROM golang:1.18 AS builder
 
 ARG UID=999
 ARG GID=999

Dockerfile.alpine

@@ -1,6 +1,6 @@
 # quay.io/vouch/vouch-proxy
 # https://github.com/vouch/vouch-proxy
-FROM golang:1.16 AS builder
+FROM golang:1.18 AS builder
 
 ARG UID=999
 ARG GID=999

README.md

@@ -75,7 +75,7 @@ VP can send the visitor's email, name and other information which the IdP provid
 
 ## Installation and Configuration
 
-Vouch Proxy relies on the ability to share a cookie between the Vouch Proxy server and the application it's protecting. Typically this will be done by running Vouch on a subdomain such as `vouch.yourdomain.com` with apps running at `app1.yourdomain.com` and `app2.yourdomain.com`. The protected domain is `.yourdomain.com` and the Vouch Proxy cookie must be set in this domain by setting [vouch.domains](https://github.com/vouch/vouch-proxy/blob/master/config/config.yml_example#L23-L33) to include `yourdomain.com` or sometimes by setting [vouch.cookie.domain](https://github.com/vouch/vouch-proxy/blob/master/config/config.yml_example#L81-L82) to `yourdomain.com`.
+Vouch Proxy relies on the ability to share a cookie between the Vouch Proxy server and the application it's protecting. Typically this will be done by running Vouch on a subdomain such as `vouch.yourdomain.com` with apps running at `app1.yourdomain.com` and `app2.yourdomain.com`. The protected domain is `.yourdomain.com` and the Vouch Proxy cookie must be set in this domain by setting [vouch.domains](https://github.com/vouch/vouch-proxy/blob/master/config/config.yml_example#L38-L48) to include `yourdomain.com` or sometimes by setting [vouch.cookie.domain](https://github.com/vouch/vouch-proxy/blob/master/config/config.yml_example#L109-L114) to `yourdomain.com`.
 
 - `cp ./config/config.yml_example_$OAUTH_PROVIDER ./config/config.yml`
 - create OAuth credentials for Vouch Proxy at [google](https://console.developers.google.com/apis/credentials) or [github](https://developer.github.com/apps/building-integrations/setting-up-and-registering-oauth-apps/about-authorization-options-for-oauth-apps/), etc
@@ -467,7 +467,6 @@ TLDR:
   - and follow the instructions at the end to redact your Nginx config
 - all of those go into a [gist](https://gist.github.com/)
 - then [open a new issue](https://github.com/vouch/vouch-proxy/issues/new) in this repository
-- or visit our IRC channel [#vouch](irc.libera.chat/#vouch) on libera.chat
 
 A bug report can be generated from a docker environment using the `quay.io/vouch/vouch-proxy:alpine` image...
 

config/config.yml_example_github

@@ -36,6 +36,9 @@ vouch:
 oauth:
   # create a new OAuth application at:
   # https://github.com/settings/applications/new
+  #
+  # callback_url is configured at github.com when setting up the app
+  # Set to e.g. https://vouch.yourdomain.com/auth or https://yourdomain.com/vp_in_a_path/auth
   provider: github
   client_id: xxxxxxxxxxxxxxxxxxxx
   client_secret: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

do.sh

@@ -13,7 +13,7 @@ fi
 
 IMAGE=quay.io/vouch/vouch-proxy:latest
 ALPINE=quay.io/vouch/vouch-proxy:alpine-latest
-GOIMAGE=golang:1.16
+GOIMAGE=golang:1.18
 NAME=vouch-proxy
 HTTPPORT=9090
 GODOC_PORT=5050
@@ -25,28 +25,24 @@ run () {
 build () {
   local VERSION=$(git describe --always --long)
   local DT=$(date -u +"%Y-%m-%dT%H:%M:%SZ") # ISO-8601
-  local FQDN=$(_hostname)
+  local UQDN=$(_hostname)
   local SEMVER=$(git tag --list --sort="v:refname" | tail -n -1)
   local BRANCH=$(git rev-parse --abbrev-ref HEAD)
   local UNAME=$(uname)
-  go build -v -ldflags=" -X main.version=${VERSION} -X main.uname=${UNAME} -X main.builddt=${DT} -X main.host=${FQDN} -X main.semver=${SEMVER} -X main.branch=${BRANCH}" .
+  go build -v -ldflags=" -X main.version=${VERSION} -X main.uname=${UNAME} -X main.builddt=${DT} -X main.host=${UQDN} -X main.semver=${SEMVER} -X main.branch=${BRANCH}" .
 }
 
 _hostname() {
   local FQDN
-  local HOSTNAME_CMD
+  local UQDN
+  FQDN=$(hostname)
+  UQDN=${FQDN/.*/}
 
-  case $(uname) in
-    FreeBSD) HOSTNAME_CMD="hostname";;
-          *) HOSTNAME_CMD="hostname --fqdn"
-  esac
-
-  FQDN=$($HOSTNAME_CMD)
-  if [ -z "$FQDN" ]; then
-    >&2 echo "error: Could determine the fully qualified domain name using command $HOSTNAME_CMD"
+  if [ -z "$UQDN" ]; then
+    >&2 echo "error: Could determine the fully qualified domain name."
     return 1
   fi
-  echo $FQDN 
+  echo "$UQDN"
   return 0;
 }
 
@@ -62,7 +58,7 @@ dbuild () {
   docker build -f Dockerfile -t $IMAGE .
 }
 
-dbuildalpine () {  
+dbuildalpine () {
   docker build -f Dockerfile.alpine -t $ALPINE .
 }
 
@@ -83,10 +79,10 @@ drun () {
   fi
 
 
-  CMD="docker run --rm -i -t 
-    -p ${HTTPPORT}:${HTTPPORT} 
-    --name $NAME 
-    -v ${SDIR}/config:/config 
+  CMD="docker run --rm -i -t
+    -p ${HTTPPORT}:${HTTPPORT}
+    --name $NAME
+    -v ${SDIR}/config:/config
     $WITHCERTS
     $IMAGE $* "
 
@@ -126,7 +122,7 @@ bug_report() {
   CONFIG=config/config.yml
   REDACT=$*
 
-  if [ -z "$REDACT" ]; then 
+  if [ -z "$REDACT" ]; then
     cat <<EOF
 
     bug_report cleans the ${CONFIG} and the Vouch Proxy logs of secrets and any additional strings (usually domains and email addresses)
@@ -138,7 +134,7 @@ bug_report() {
 EOF
     exit 1;
   fi
-  echo -e "#\n# If sensitive information is still visible in the output, first try appending the string.." 
+  echo -e "#\n# If sensitive information is still visible in the output, first try appending the string.."
   echo -e "#\n#    '$0 bug_report badstring1 badstring2'\n#\n"
   echo -e "#\n# Please consider submitting a PR for the './do.sh _redact' routine if you feel that it should be improved.\n#"
   echo -e "\n-------------------------\n\n#\n# redacted Vouch Proxy ${CONFIG}\n# $(date -I)\n#\n"
@@ -244,7 +240,7 @@ test_logging() {
     let "levelcount+=1"
   done
   echo "passed"
-  
+
   echo "testing loglevel set from config file"
   levelcount=0
   for ll in ${levels[*]}; do
@@ -328,8 +324,8 @@ _print_license() {
 /*
 
 Copyright $YEAR The Vouch Proxy Authors.
-Use of this source code is governed by The MIT License (MIT) that 
-can be found in the LICENSE file. Software distributed under The 
+Use of this source code is governed by The MIT License (MIT) that
+can be found in the LICENSE file. Software distributed under The
 MIT License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES
 OR CONDITIONS OF ANY KIND, either express or implied.
 
@@ -369,7 +365,7 @@ selfcert() {
   # openssl genrsa -out $SDIR/certs/server.key 2048
   openssl ecparam -genkey -name secp384r1 -out $SDIR/certs/server.key
   openssl req -new -x509 -sha256 -key $SDIR/certs/server.key -out $SDIR/certs/server.crt -days 3650
-  echo -e "created self signed certs in '$SDIR/certs'\n"  
+  echo -e "created self signed certs in '$SDIR/certs'\n"
 }
 
 usage() {

go.mod

@@ -1,33 +1,54 @@
 module github.com/vouch/vouch-proxy
 
-go 1.16
+go 1.18
 
 require (
-	cloud.google.com/go v0.89.0 // indirect
-	github.com/bmizerany/perks v0.0.0-20141205001514-d9a9656a3a4b // indirect
-	github.com/dgryski/go-gk v0.0.0-20200319235926-a69029f61654 // indirect
 	github.com/golang-jwt/jwt v3.2.2+incompatible
-	github.com/google/go-cmp v0.5.6
+	github.com/google/go-cmp v0.5.9
 	github.com/gorilla/sessions v1.2.1
-	github.com/influxdata/tdigest v0.0.1 // indirect
 	github.com/julienschmidt/httprouter v1.3.0
 	github.com/karupanerura/go-mock-http-response v0.0.0-20171201120521-7c242a447d45
 	github.com/kelseyhightower/envconfig v1.4.0
-	github.com/mailru/easyjson v0.7.7 // indirect
-	github.com/mitchellh/mapstructure v1.4.1
-	github.com/nirasan/go-oauth-pkce-code-verifier v0.0.0-20170819232839-0fbfe93532da
+	github.com/mitchellh/mapstructure v1.5.0
+	github.com/nirasan/go-oauth-pkce-code-verifier v0.0.0-20220510032225-4f9f17eaec4c
 	github.com/patrickmn/go-cache v2.1.0+incompatible
-	github.com/spf13/cast v1.4.0 // indirect
-	github.com/spf13/viper v1.8.1
-	github.com/streadway/quantile v0.0.0-20150917103942-b0c588724d25 // indirect
-	github.com/stretchr/testify v1.7.0
+	github.com/spf13/viper v1.15.0
+	github.com/stretchr/testify v1.8.1
 	github.com/theckman/go-securerandom v0.1.1
 	github.com/tsenart/vegeta v12.7.0+incompatible
-	go.uber.org/atomic v1.9.0 // indirect
-	go.uber.org/multierr v1.7.0 // indirect
-	go.uber.org/zap v1.18.1
-	golang.org/x/net v0.0.0-20220812174116-3211cb980234
-	golang.org/x/oauth2 v0.0.0-20210628180205-a41e5a781914
+	go.uber.org/zap v1.24.0
+	golang.org/x/net v0.5.0
+	golang.org/x/oauth2 v0.4.0
 )
 
-replace go.uber.org/atomic => go.uber.org/atomic v1.9.0
+require (
+	cloud.google.com/go/compute v1.15.1 // indirect
+	cloud.google.com/go/compute/metadata v0.2.3 // indirect
+	github.com/bmizerany/perks v0.0.0-20141205001514-d9a9656a3a4b // indirect
+	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/dgryski/go-gk v0.0.0-20200319235926-a69029f61654 // indirect
+	github.com/fsnotify/fsnotify v1.6.0 // indirect
+	github.com/golang/protobuf v1.5.2 // indirect
+	github.com/gorilla/securecookie v1.1.1 // indirect
+	github.com/hashicorp/hcl v1.0.0 // indirect
+	github.com/influxdata/tdigest v0.0.1 // indirect
+	github.com/josharian/intern v1.0.0 // indirect
+	github.com/magiconair/properties v1.8.7 // indirect
+	github.com/mailru/easyjson v0.7.7 // indirect
+	github.com/pelletier/go-toml/v2 v2.0.6 // indirect
+	github.com/pmezard/go-difflib v1.0.0 // indirect
+	github.com/spf13/afero v1.9.3 // indirect
+	github.com/spf13/cast v1.5.0 // indirect
+	github.com/spf13/jwalterweatherman v1.1.0 // indirect
+	github.com/spf13/pflag v1.0.5 // indirect
+	github.com/streadway/quantile v0.0.0-20150917103942-b0c588724d25 // indirect
+	github.com/subosito/gotenv v1.4.2 // indirect
+	go.uber.org/atomic v1.10.0 // indirect
+	go.uber.org/multierr v1.9.0 // indirect
+	golang.org/x/sys v0.4.0 // indirect
+	golang.org/x/text v0.6.0 // indirect
+	google.golang.org/appengine v1.6.7 // indirect
+	google.golang.org/protobuf v1.28.1 // indirect
+	gopkg.in/ini.v1 v1.67.0 // indirect
+	gopkg.in/yaml.v3 v3.0.1 // indirect
+)