1.0 release

.gitignore

@@ -22,3 +22,5 @@ _cgo_export.*
 _testmain.go
 
 *.exe
+dist
+.godeps

.travis.yml

@@ -1,9 +1,12 @@
 language: go
-install:
-  - go get github.com/bmizerany/assert
-  - go get github.com/bitly/go-simplejson
-  - go get github.com/mreiferson/go-options
-  - go get github.com/BurntSushi/toml
+go:
+  - 1.2.2
+  - 1.3.3
+script:
+  - curl -s https://raw.githubusercontent.com/pote/gpm/v1.3.1/bin/gpm > gpm
+  - chmod +x gpm
+  - ./gpm install
+  - ./test.sh
 notifications:
   email: false
 

Godeps

@@ -0,0 +1,4 @@
+github.com/BurntSushi/toml              3883ac1ce943878302255f538fce319d23226223
+github.com/bitly/go-simplejson          3378bdcb5cebedcbf8b5750edee28010f128fe24
+github.com/mreiferson/go-options        ee94b57f2fbf116075426f853e5abbcdfeca8b3d
+github.com/bmizerany/assert             e17e99893cb6509f428e1728281c2ad60a6b31e3

README.md

@@ -8,6 +8,8 @@ individual accounts, or a whole google apps domain.
 [![Build Status](https://secure.travis-ci.org/bitly/google_auth_proxy.png?branch=master)](http://travis-ci.org/bitly/google_auth_proxy)
 
 
+![sign_in_page](https://cloud.githubusercontent.com/assets/45028/4970624/7feb7dd8-6886-11e4-93e0-c9904af44ea8.png)
+
 ## Architecture
 
 ```
@@ -22,8 +24,10 @@ individual accounts, or a whole google apps domain.
 
 ## Installation
 
-1. [Install Go](http://golang.org/doc/install)
-2. `$ go get github.com/bitly/google_auth_proxy`. This should put the binary in `$GOROOT/bin`
+1. Download [Prebuilt Binary](https://github.com/bitly/google_auth_proxy/releases) or build from `master` with `$ go get github.com/bitly/google_auth_proxy` which should put the binary in `$GOROOT/bin`
+2. Register an OAuth Application with Google
+3. Configure Google Auth Proxy using config file, command line options, or environment variables
+4. Deploy behind a SSL endpoint (example provided for Nginx)
 
 ## OAuth Configuration
 

contrib/google_auth_proxy.cfg.example

@@ -41,4 +41,4 @@
 # cookie_secret = ""
 # cookie_domain = ""
 # cookie_expire = "168h"
-# cookie_https_only = false
+# cookie_https_only = true

dist.sh

@@ -0,0 +1,30 @@
+#!/bin/bash
+
+# build binary distributions for linux/amd64 and darwin/amd64
+set -e 
+
+DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+echo "working dir $DIR"
+mkdir -p $DIR/dist
+mkdir -p $DIR/.godeps
+export GOPATH=$DIR/.godeps:$GOPATH
+gpm install
+
+os=$(go env GOOS)
+arch=$(go env GOARCH)
+version=$(cat $DIR/version.go | grep "const VERSION" | awk '{print $NF}' | sed 's/"//g')
+goversion=$(go version | awk '{print $3}')
+
+echo "... running tests"
+./test.sh || exit 1
+
+for os in linux darwin; do
+    echo "... building v$version for $os/$arch"
+    BUILD=$(mktemp -d -t google_auth_proxy)
+    TARGET="google_auth_proxy-$version.$os-$arch.$goversion"
+    GOOS=$os GOARCH=$arch CGO_ENABLED=0 go build -o $BUILD/$TARGET/google_auth_proxy || exit 1
+    pushd $BUILD
+    tar czvf $TARGET.tar.gz $TARGET
+    mv $TARGET.tar.gz $DIR/dist
+    popd
+done

main.go

@@ -37,7 +37,7 @@ func main() {
 	flagSet.String("cookie-secret", "", "the seed string for secure cookies")
 	flagSet.String("cookie-domain", "", "an optional cookie domain to force cookies to (ie: .yourcompany.com)*")
 	flagSet.Duration("cookie-expire", time.Duration(168)*time.Hour, "expire timeframe for cookie")
-	flagSet.Bool("cookie-https-only", false, "set HTTPS only cookie")
+	flagSet.Bool("cookie-https-only", true, "set HTTPS only cookie")
 
 	flagSet.Parse(os.Args[1:])
 

oauthproxy.go

@@ -55,6 +55,11 @@ func NewOauthProxy(opts *Options, validator func(string) bool) *OauthProxy {
 	redirectUrl.Path = oauthCallbackPath
 
 	log.Printf("OauthProxy configured for %s", opts.ClientID)
+	domain := opts.CookieDomain
+	if domain == "" {
+		domain = "<default>"
+	}
+	log.Printf("Cookie settings: https_only: %v expiry: %s domain:%s", opts.CookieHttpsOnly, opts.CookieExpire, domain)
 	return &OauthProxy{
 		CookieKey:       "_oauthproxy",
 		CookieSeed:      opts.CookieSecret,
@@ -229,10 +234,12 @@ func (p *OauthProxy) SignInPage(rw http.ResponseWriter, req *http.Request, code
 		SignInMessage string
 		Htpasswd      bool
 		Redirect      string
+		Version       string
 	}{
 		SignInMessage: p.SignInMessage,
 		Htpasswd:      p.HtpasswdFile != nil,
 		Redirect:      req.URL.RequestURI(),
+		Version:       VERSION,
 	}
 	templates.ExecuteTemplate(rw, "sign_in.html", t)
 }

options.go

@@ -29,7 +29,12 @@ type Options struct {
 }
 
 func NewOptions() *Options {
-	return &Options{}
+	return &Options{
+		HttpAddress:     "127.0.0.1:4180",
+		CookieHttpsOnly: true,
+		PassBasicAuth:   true,
+		CookieExpire:    time.Duration(168) * time.Hour,
+	}
 }
 
 func (o *Options) Validate() error {

templates.go

@@ -76,6 +76,23 @@ func getTemplates() *template.Template {
 		margin:0;
 		box-sizing: border-box;
 	}
+	footer {
+		display:block;
+		font-size:10px;
+		color:#aaa;
+		text-align:center;
+		margin-bottom:10px;
+	}
+	footer a {
+		display:inline-block;
+		height:25px;
+		line-height:25px;
+		color:#aaa;
+		text-decoration:underline;
+	}
+	footer a:hover {
+		color:#aaa;
+	}
 	</style>
 </head>
 <body>
@@ -99,6 +116,9 @@ func getTemplates() *template.Template {
 	</form>
 	</div>
 	{{ end }}
+	<footer>
+	Secured with <a href="https://github.com/bitly/google_auth_proxy#google_auth_proxy">Google Auth Proxy</a> version {{.Version}}
+	</footer>
 </body>
 </html>
 {{end}}`)

test.sh

@@ -0,0 +1,5 @@
+#!/bin/bash
+set -e
+
+go test -timeout 60s ./...
+GOMAXPROCS=4 go test -timeout 60s -race ./...

version.go

@@ -1,3 +1,3 @@
 package main
 
-const VERSION = "0.1.0"
+const VERSION = "1.0"