Comments (7)
/cc @aeneasr since you asked for a more thorough explanation and/or design document for my PR.
from oathkeeper.
Friendly ping @aeneasr .
from oathkeeper.
Friendly ping @zepatrik maybe you can also chime in here.
from oathkeeper.
This looks pretty nice! Would it make sense to re-use the matching logic of httprouter? I think they solved this already, basically, and it's really fast!
from oathkeeper.
I haven’t looked into httprouter so I’d need to have a look at it.
from oathkeeper.
It looks like httprouter is doing the same thing, except it seems to be a bit more advanced in terms of matching. What is the same though is that wildcard matching (or in our case regex and glob) can only be done at the end of a URL. Another similarity is that they also seem to be adding the method into the Trie.
One big difference though is that they don’t insert the host name into the Trie. Rather, you’d need to create a new router (and therefore a new Trie) for each domain.
I’d need to look into the code a bit closer to see if there’s pieces we could use as a module or if they can otherwise be adapted into this codebase. Since it doesn’t look like that project is super active and that the Trie structure we’d use is like a bit different I’m leaning towards the latter.
from oathkeeper.
After looking at the code it seems very similar to what I’ve already implemented, and I don’t think we’d be able to reuse it as is. However, it probably does have some useful bit that can be used to improve the code I’ve already written.
So @aeneasr, my question now is how can we best try to move this forward?
from oathkeeper.
Related Issues (20)
- X-Forwarded headers missing from oauth2-client-credentials authenticator request on v.0.40.3, breaking hydra TLS termination HOT 1
- Authenticator: Bearer_token w. "query_parameter" selector consumes request body
- Observed memory leak in v0.40.3 HOT 4
- Configure JWT authenticator not to logging sensitive data
- Allow/deny `remote(_json)` authorizers depending response content
- Allow API key pre-authorization in oauth2_introspection authenticator HOT 2
- "any" matching option for "required_scope" in JWT authenticator HOT 1
- Docs wrong for `bearer_token` Subject default location
- upstream reference closed: github.com/GoogleContainerTools/distroless/issues/1342
- Authorizer "remote" throws exception "invalid Read on closed Body" if request body is present in request HOT 13
- Basic Authorization header result in Unauthorized when using `anonymous` authenticator handler
- Oathkeeper does not support X-Forwarded headers properly HOT 3
- Reference to .MatchContext.RegexpCaptureGroups doesn't render in access rules authenticator config
- Decision API is not respecting the token_from config
- Outdated OTEL dependencies prevent import
- None of the provided URLs returned a valid JSON Web Key Set HOT 1
- Implement a `delegate` authenticator
- Git as a repository for access rules & granularity: check against specific ingress against specific accessrule files HOT 1
- Duplicate requests using decisions endpoint via NGINX
- Oathkeeper returns encoded cookie
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from oathkeeper.