feat(handlers): authz authrequest authelia url (#5181)

This adjusts the AuthRequest Authz implementation behave similarly to the other implementations in as much as Authelia can return the relevant redirection to the proxy and the proxy just utilizes it if possible. In addition it swaps the HAProxy examples over to the ForwardAuth implementation as that's now supported.

Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>

1 files changed, 13 insertions, 43 deletions

diff --git a/internal/handlers/handler_authz_builder.go b/internal/handlers/handler_authz_builder.go
index 98aa39215..dffa91b34 100644
--- a/internal/handlers/handler_authz_builder.go
+++ b/internal/handlers/handler_authz_builder.go
@@ -1,9 +1,10 @@
 package handlers
 
 import (
-	"fmt"
 	"time"
 
+	"github.com/valyala/fasthttp"
+
 	"github.com/authelia/authelia/v4/internal/configuration/schema"
 	"github.com/authelia/authelia/v4/internal/utils"
 )
@@ -22,31 +23,10 @@ func (b *AuthzBuilder) WithStrategies(strategies ...AuthnStrategy) *AuthzBuilder
 	return b
 }
 
-// WithStrategyCookie adds the Cookie header strategy to the strategies in this builder.
-func (b *AuthzBuilder) WithStrategyCookie(refreshInterval time.Duration) *AuthzBuilder {
-	b.strategies = append(b.strategies, NewCookieSessionAuthnStrategy(refreshInterval))
-
-	return b
-}
-
-// WithStrategyAuthorization adds the Authorization header strategy to the strategies in this builder.
-func (b *AuthzBuilder) WithStrategyAuthorization() *AuthzBuilder {
-	b.strategies = append(b.strategies, NewHeaderAuthorizationAuthnStrategy())
-
-	return b
-}
-
-// WithStrategyProxyAuthorization adds the Proxy-Authorization header strategy to the strategies in this builder.
-func (b *AuthzBuilder) WithStrategyProxyAuthorization() *AuthzBuilder {
-	b.strategies = append(b.strategies, NewHeaderProxyAuthorizationAuthnStrategy())
-
-	return b
-}
-
 // WithImplementationLegacy configures this builder to output an Authz which is used with the Legacy
 // implementation which is a mix of the other implementations and usually works with most proxies.
 func (b *AuthzBuilder) WithImplementationLegacy() *AuthzBuilder {
-	b.impl = AuthzImplLegacy
+	b.implementation = AuthzImplLegacy
 
 	return b
 }
@@ -54,7 +34,7 @@ func (b *AuthzBuilder) WithImplementationLegacy() *AuthzBuilder {
 // WithImplementationForwardAuth configures this builder to output an Authz which is used with the ForwardAuth
 // implementation traditionally used by Traefik, Caddy, and Skipper.
 func (b *AuthzBuilder) WithImplementationForwardAuth() *AuthzBuilder {
-	b.impl = AuthzImplForwardAuth
+	b.implementation = AuthzImplForwardAuth
 
 	return b
 }
@@ -62,7 +42,7 @@ func (b *AuthzBuilder) WithImplementationForwardAuth() *AuthzBuilder {
 // WithImplementationAuthRequest configures this builder to output an Authz which is used with the AuthRequest
 // implementation traditionally used by NGINX.
 func (b *AuthzBuilder) WithImplementationAuthRequest() *AuthzBuilder {
-	b.impl = AuthzImplAuthRequest
+	b.implementation = AuthzImplAuthRequest
 
 	return b
 }
@@ -70,7 +50,7 @@ func (b *AuthzBuilder) WithImplementationAuthRequest() *AuthzBuilder {
 // WithImplementationExtAuthz configures this builder to output an Authz which is used with the ExtAuthz
 // implementation traditionally used by Envoy.
 func (b *AuthzBuilder) WithImplementationExtAuthz() *AuthzBuilder {
-	b.impl = AuthzImplExtAuthz
+	b.implementation = AuthzImplExtAuthz
 
 	return b
 }
@@ -95,12 +75,6 @@ func (b *AuthzBuilder) WithConfig(config *schema.Configuration) *AuthzBuilder {
 
 	b.config = AuthzConfig{
 		RefreshInterval: refreshInterval,
-		Domains: []AuthzDomain{
-			{
-				Name:      fmt.Sprintf(".%s", config.Session.Domain),
-				PortalURL: nil,
-			},
-		},
 	}
 
 	return b
@@ -140,24 +114,19 @@ func (b *AuthzBuilder) WithEndpointConfig(config schema.ServerAuthzEndpoint) *Au
 	return b
 }
 
-// WithAuthzConfig allows configuring the Authz config by providing a AuthzConfig directly. Recommended this is only
-// used in testing and WithConfig is used instead.
-func (b *AuthzBuilder) WithAuthzConfig(config AuthzConfig) *AuthzBuilder {
-	b.config = config
-
-	return b
-}
-
 // Build returns a new Authz from the currently configured options in this builder.
 func (b *AuthzBuilder) Build() (authz *Authz) {
 	authz = &Authz{
 		config:           b.config,
 		strategies:       b.strategies,
 		handleAuthorized: handleAuthzAuthorizedStandard,
+		implementation:   b.implementation,
 	}
 
+	authz.config.StatusCodeBadRequest = fasthttp.StatusBadRequest
+
 	if len(authz.strategies) == 0 {
-		switch b.impl {
+		switch b.implementation {
 		case AuthzImplLegacy:
 			authz.strategies = []AuthnStrategy{NewHeaderLegacyAuthnStrategy(), NewCookieSessionAuthnStrategy(b.config.RefreshInterval)}
 		case AuthzImplAuthRequest:
@@ -167,9 +136,9 @@ func (b *AuthzBuilder) Build() (authz *Authz) {
 		}
 	}
 
-	switch b.impl {
+	switch b.implementation {
 	case AuthzImplLegacy:
-		authz.legacy = true
+		authz.config.StatusCodeBadRequest = fasthttp.StatusUnauthorized
 		authz.handleGetObject = handleAuthzGetObjectLegacy
 		authz.handleUnauthorized = handleAuthzUnauthorizedLegacy
 		authz.handleGetAutheliaURL = handleAuthzPortalURLLegacy
@@ -180,6 +149,7 @@ func (b *AuthzBuilder) Build() (authz *Authz) {
 	case AuthzImplAuthRequest:
 		authz.handleGetObject = handleAuthzGetObjectAuthRequest
 		authz.handleUnauthorized = handleAuthzUnauthorizedAuthRequest
+		authz.handleGetAutheliaURL = handleAuthzPortalURLFromQuery
 	case AuthzImplExtAuthz:
 		authz.handleGetObject = handleAuthzGetObjectExtAuthz
 		authz.handleUnauthorized = handleAuthzUnauthorizedExtAuthz