Merge pull request #85 from jehiah/oauth2_proxy_85

Naming Is Hard - project name change

.gitignore

@@ -1,4 +1,5 @@
 google_auth_proxy
+oauth2_proxy
 # Go.gitignore
 # Compiled Object files, Static and Dynamic libs (Shared Objects)
 *.o

README.md

@@ -1,39 +1,40 @@
-google_auth_proxy
+oaut2_proxy
 =================
 
+(This project was formerly known as Google Auth Proxy)
 
-A reverse proxy that provides authentication using Google and other OAuth2
-providers to validate individual accounts, or a whole google apps domain.
+A reverse proxy that provides authentication using Providers (Google, Github, and others)
+to validate individual accounts, or a whole email domain.
 
-[![Build Status](https://secure.travis-ci.org/bitly/google_auth_proxy.png?branch=master)](http://travis-ci.org/bitly/google_auth_proxy)
+[![Build Status](https://secure.travis-ci.org/bitly/oauth2_proxy.png?branch=master)](http://travis-ci.org/bitly/oauth2_proxy)
 
 
 ![sign_in_page](https://cloud.githubusercontent.com/assets/45028/4970624/7feb7dd8-6886-11e4-93e0-c9904af44ea8.png)
 
 ## Architecture
 
 ```
-    _______       ___________________       __________
-    |Nginx| ----> |google_auth_proxy| ----> |upstream| 
-    -------       -------------------       ----------
-                          ||
-                          \/
-                  [google oauth2 api]
+    _______       ______________       __________
+    |Nginx| ----> |oauth2_proxy| ----> |upstream| 
+    -------       --------------       ----------
+                        ||
+                        \/
+              [provider OAuth2 API]
 ```
 
 
 ## Installation
 
-1. Download [Prebuilt Binary](https://github.com/bitly/google_auth_proxy/releases) or build from `master` with `$ go get github.com/bitly/google_auth_proxy` which should put the binary in `$GOROOT/bin`
-2. Register an OAuth Application with Google
+1. Download [Prebuilt Binary](https://github.com/bitly/oauth2_proxy/releases) or build from `master` with `$ go get github.com/bitly/oauth2_proxy` which should put the binary in `$GOROOT/bin`
+2. Register an OAuth Application with a Provider
 3. Configure Google Auth Proxy using config file, command line options, or environment variables
 4. Deploy behind a SSL endpoint (example provided for Nginx)
 
 ## OAuth Configuration
 
 You will need to register an OAuth application with Google (or [another
 provider](#providers)), and configure it with Redirect URI(s) for the domain
-you intend to run `google_auth_proxy` on.
+you intend to run `OAUTH2_PROXY` on.
 
 For Google, the registration steps are:
 
@@ -43,7 +44,7 @@ For Google, the registration steps are:
    * The Application Type should be **Web application**
    * Enter your domain in the Authorized Javascript Origins `https://internal.yourcompany.com`
    * Enter the correct Authorized Redirect URL `https://internal.yourcompany.com/oauth2/callback`
-     * NOTE: `google_auth_proxy` will _only_ callback on the path `/oauth2/callback`
+     * NOTE: `oauth2_proxy` will _only_ callback on the path `/oauth2/callback`
 4. Under "APIs & Auth" choose "Consent Screen"
    * Fill in the necessary fields and Save (this is _required_)
 5. Take note of the **Client ID** and **Client Secret**
@@ -59,19 +60,19 @@ For LinkedIn, the registration steps are:
 
 ## Configuration
 
-`google_auth_proxy` can be configured via [config file](#config-file), [command line options](#command-line-options) or [environment variables](#environment-variables).
+`oauth2_proxy` can be configured via [config file](#config-file), [command line options](#command-line-options) or [environment variables](#environment-variables).
 
 ### Config File
 
-An example [google_auth_proxy.cfg](contrib/google_auth_proxy.cfg.example) config file is in the contrib directory. It can be used by specifying `-config=/etc/google_auth_proxy.cfg`
+An example [OAUTH2_PROXY.cfg](contrib/oauth2_proxy.cfg.example) config file is in the contrib directory. It can be used by specifying `-config=/etc/oauth2_proxy.cfg`
 
 ### Command Line Options
 
 ```
-Usage of google_auth_proxy:
+Usage of oauth2_proxy:
   -authenticated-emails-file="": authenticate against emails via file (one per line)
-  -client-id="": the Google OAuth Client ID: ie: "123456.apps.googleusercontent.com"
-  -client-secret="": the OAuth Client Secret
+  -client-id="": the OAuth Client ID: ie: "123456.apps.googleusercontent.com"
+  -client-secret="": the Client Secret
   -config="": path to config file
   -cookie-domain="": an optional cookie domain to force cookies to (ie: .yourcompany.com)*
   -cookie-expire=168h0m0s: expire timeframe for cookie
@@ -105,12 +106,12 @@ See below for provider specific options
 
 ### Environment variables
 
-The environment variables `GOOGLE_AUTH_PROXY_CLIENT_ID`, `GOOGLE_AUTH_PROXY_CLIENT_SECRET`, `GOOGLE_AUTH_PROXY_COOKIE_SECRET`, `GOOGLE_AUTH_PROXY_COOKIE_DOMAIN` and `GOOGLE_AUTH_PROXY_COOKIE_EXPIRE` can be used in place of the corresponding command-line arguments.
+The environment variables `OAUTH2_PROXY_CLIENT_ID`, `OAUTH2_PROXY_CLIENT_SECRET`, `OAUTH2_PROXY_COOKIE_SECRET`, `OAUTH2_PROXY_COOKIE_DOMAIN` and `OAUTH2_PROXY_COOKIE_EXPIRE` can be used in place of the corresponding command-line arguments.
 
 ### Example Nginx Configuration
 
-This example has a [Nginx](http://nginx.org/) SSL endpoint proxying to `google_auth_proxy` on port `4180`. 
-`google_auth_proxy` then authenticates requests for an upstream application running on port `8080`. The external 
+This example has a [Nginx](http://nginx.org/) SSL endpoint proxying to `oauth2_proxy` on port `4180`. 
+`oauth2_proxy` then authenticates requests for an upstream application running on port `8080`. The external 
 endpoint for this example would be `https://internal.yourcompany.com/`.
 
 An example Nginx config follows. Note the use of `Strict-Transport-Security` header to pin requests to SSL 
@@ -136,10 +137,10 @@ server {
 }
 ```
 
-The command line to run `google_auth_proxy` would look like this:
+The command line to run `oauth2_proxy` would look like this:
 
 ```bash
-./google_auth_proxy \
+./oauth2_proxy \
    --google-apps-domain="yourcompany.com"  \
    --upstream=http://127.0.0.1:8080/ \
    --cookie-secret=... \
@@ -151,7 +152,7 @@ The command line to run `google_auth_proxy` would look like this:
 
 ## Endpoint Documentation
 
-Google Auth Proxy responds directly to the following endpoints. All other endpoints will be proxied upstream when authenticated.
+OAuth2 Proxy responds directly to the following endpoints. All other endpoints will be proxied upstream when authenticated.
 
 * /robots.txt - returns a 200 OK response that disallows all User-agents from all paths; see [robotstxt.org](http://www.robotstxt.org/) for more info
 * /ping - returns an 200 OK response
@@ -161,17 +162,18 @@ Google Auth Proxy responds directly to the following endpoints. All other endpoi
 
 ## Logging Format
 
-Google Auth Proxy logs requests to stdout in a format similar to Apache Combined Log.
+OAuth2 Proxy Proxy logs requests to stdout in a format similar to Apache Combined Log.
 
 ```
 <REMOTE_ADDRESS> - <[email protected]> [19/Mar/2015:17:20:19 -0400] <HOST_HEADER> GET <UPSTREAM_HOST> "/path/" HTTP/1.1 "<USER_AGENT>" <RESPONSE_CODE> <RESPONSE_BYTES> <REQUEST_DURATION>
 ```
 
-## <a name="providers"></a>Providers other than Google
+## <a name="providers"></a>Providers
 
-Other providers besides Google can be specified by the `providers` flag/config
+Authentication providers can be specified by the `providers` flag/config
 directive. Right now this includes:
 
+* `google` - (default) [Google](https://console.developers.google.com/project)
 * `myusa` - The [MyUSA](https://alpha.my.usa.gov) authentication service
   ([GitHub](https://github.com/18F/myusa))
 * `linkedin` - The [LinkedIn](https://developer.linkedin.com/docs/signin-with-linkedin) Sign In service.

dist.sh

@@ -20,9 +20,9 @@ echo "... running tests"
 
 for os in linux darwin; do
     echo "... building v$version for $os/$arch"
-    BUILD=$(mktemp -d -t google_auth_proxy)
-    TARGET="google_auth_proxy-$version.$os-$arch.$goversion"
-    GOOS=$os GOARCH=$arch CGO_ENABLED=0 go build -o $BUILD/$TARGET/google_auth_proxy || exit 1
+    BUILD=$(mktemp -d -t oauth2_proxy)
+    TARGET="oauth2_proxy-$version.$os-$arch.$goversion"
+    GOOS=$os GOARCH=$arch CGO_ENABLED=0 go build -o $BUILD/$TARGET/oauth2_proxy || exit 1
     pushd $BUILD
     tar czvf $TARGET.tar.gz $TARGET
     mv $TARGET.tar.gz $DIR/dist

main.go

@@ -18,7 +18,7 @@ import (
 
 func main() {
 	log.SetFlags(log.Ldate | log.Ltime | log.Lshortfile)
-	flagSet := flag.NewFlagSet("google_auth_proxy", flag.ExitOnError)
+	flagSet := flag.NewFlagSet("oauth2_proxy", flag.ExitOnError)
 
 	googleAppsDomains := StringArray{}
 	upstreams := StringArray{}
@@ -38,7 +38,7 @@ func main() {
 	flagSet.Var(&googleAppsDomains, "google-apps-domain", "authenticate against the given Google apps domain (may be given multiple times)")
 	flagSet.String("github-org", "", "restrict logins to members of this organisation")
 	flagSet.String("github-team", "", "restrict logins to members of this team")
-	flagSet.String("client-id", "", "the Google OAuth Client ID: ie: \"123456.apps.googleusercontent.com\"")
+	flagSet.String("client-id", "", "the OAuth Client ID: ie: \"123456.apps.googleusercontent.com\"")
 	flagSet.String("client-secret", "", "the OAuth Client Secret")
 	flagSet.String("authenticated-emails-file", "", "authenticate against emails via file (one per line)")
 	flagSet.String("htpasswd-file", "", "additionally authenticate against a htpasswd file. Entries must be created with \"htpasswd -s\" for SHA encryption")
@@ -65,7 +65,7 @@ func main() {
 	flagSet.Parse(os.Args[1:])
 
 	if *showVersion {
-		fmt.Printf("google_auth_proxy v%s (built with %s)\n", VERSION, runtime.Version())
+		fmt.Printf("oauth2_proxy v%s (built with %s)\n", VERSION, runtime.Version())
 		return
 	}
 

oauthproxy.go

@@ -16,7 +16,7 @@ import (
 	"strings"
 	"time"
 
-	"github.com/bitly/google_auth_proxy/providers"
+	"github.com/bitly/oauth2_proxy/providers"
 )
 
 const robotsPath = "/robots.txt"

oauthproxy_test.go

@@ -1,7 +1,7 @@
 package main
 
 import (
-	"github.com/bitly/google_auth_proxy/providers"
+	"github.com/bitly/oauth2_proxy/providers"
 	"github.com/bmizerany/assert"
 	"io/ioutil"
 	"log"

options.go

@@ -7,15 +7,15 @@ import (
 	"strings"
 	"time"
 
-	"github.com/bitly/google_auth_proxy/providers"
+	"github.com/bitly/oauth2_proxy/providers"
 )
 
 // Configuration Options that can be set by Command Line Flag, or Config File
 type Options struct {
 	HttpAddress  string `flag:"http-address" cfg:"http_address"`
 	RedirectUrl  string `flag:"redirect-url" cfg:"redirect_url"`
-	ClientID     string `flag:"client-id" cfg:"client_id" env:"GOOGLE_AUTH_PROXY_CLIENT_ID"`
-	ClientSecret string `flag:"client-secret" cfg:"client_secret" env:"GOOGLE_AUTH_PROXY_CLIENT_SECRET"`
+	ClientID     string `flag:"client-id" cfg:"client_id" env:"OAUTH2_PROXY_CLIENT_ID"`
+	ClientSecret string `flag:"client-secret" cfg:"client_secret" env:"OAUTH2_PROXY_CLIENT_SECRET"`
 
 	AuthenticatedEmailsFile string   `flag:"authenticated-emails-file" cfg:"authenticated_emails_file"`
 	GoogleAppsDomains       []string `flag:"google-apps-domain" cfg:"google_apps_domains"`
@@ -25,10 +25,10 @@ type Options struct {
 	DisplayHtpasswdForm     bool     `flag:"display-htpasswd-form" cfg:"display_htpasswd_form"`
 	CustomTemplatesDir      string   `flag:"custom-templates-dir" cfg:"custom_templates_dir"`
 
-	CookieSecret    string        `flag:"cookie-secret" cfg:"cookie_secret" env:"GOOGLE_AUTH_PROXY_COOKIE_SECRET"`
-	CookieDomain    string        `flag:"cookie-domain" cfg:"cookie_domain" env:"GOOGLE_AUTH_PROXY_COOKIE_DOMAIN"`
-	CookieExpire    time.Duration `flag:"cookie-expire" cfg:"cookie_expire" env:"GOOGLE_AUTH_PROXY_COOKIE_EXPIRE"`
-	CookieRefresh   time.Duration `flag:"cookie-refresh" cfg:"cookie_refresh" env:"GOOGLE_AUTH_PROXY_COOKIE_REFRESH"`
+	CookieSecret    string        `flag:"cookie-secret" cfg:"cookie_secret" env:"OAUTH2_PROXY_COOKIE_SECRET"`
+	CookieDomain    string        `flag:"cookie-domain" cfg:"cookie_domain" env:"OAUTH2_PROXY_COOKIE_DOMAIN"`
+	CookieExpire    time.Duration `flag:"cookie-expire" cfg:"cookie_expire" env:"OAUTH2_PROXY_COOKIE_EXPIRE"`
+	CookieRefresh   time.Duration `flag:"cookie-refresh" cfg:"cookie_refresh" env:"OAUTH2_PROXY_COOKIE_REFRESH"`
 	CookieHttpsOnly bool          `flag:"cookie-https-only" cfg:"cookie_https_only"` // deprecated use cookie-secure
 	CookieSecure    bool          `flag:"cookie-secure" cfg:"cookie_secure"`
 	CookieHttpOnly  bool          `flag:"cookie-httponly" cfg:"cookie_httponly"`

providers/internal_util.go

@@ -1,7 +1,7 @@
 package providers
 
 import (
-	"github.com/bitly/google_auth_proxy/api"
+	"github.com/bitly/oauth2_proxy/api"
 	"log"
 	"net/http"
 )

providers/linkedin.go

@@ -8,7 +8,7 @@ import (
 	"net/http"
 	"net/url"
 
-	"github.com/bitly/google_auth_proxy/api"
+	"github.com/bitly/oauth2_proxy/api"
 )
 
 type LinkedInProvider struct {

providers/myusa.go

@@ -5,7 +5,7 @@ import (
 	"net/http"
 	"net/url"
 
-	"github.com/bitly/google_auth_proxy/api"
+	"github.com/bitly/oauth2_proxy/api"
 )
 
 type MyUsaProvider struct {

templates.go

@@ -130,7 +130,7 @@ func getTemplates() *template.Template {
 	</div>
 	{{ end }}
 	<footer>
-	Secured with <a href="https://github.com/bitly/google_auth_proxy#google_auth_proxy">Google Auth Proxy</a> version {{.Version}}
+	Secured with <a href="https://github.com/bitly/oauth2_proxy#oauth2_proxy">OAuth2 Proxy</a> version {{.Version}}
 	</footer>
 </body>
 </html>