v0.8.0

BREAKING CHANGES

• now all types are written in with capital letters

FEATURES

• Now hmac authorization of type url can get the url from the path (default behavior), or from a header value
• Now all the extra information in the logs is inside the 'extra' field of the log
• a code refactor has been done to make it more efficient

v0.7.0

FEATURES:

• add match authorization type: now you can check if the param of the authorization makes match with a regex pattern

v0.6.1

FIXES:

• fix error response in last requirement check: Previously the error of the last check was left assigned, making the response 500

v0.6.0

FEATURES:

• better check of hmac sign: Previously the hmac url signature was not consistent if you add extra fields, preventing the correct extraction of the expiration time, now it correctly separates the exp field from the signature
• check of the signature fields: Previously you could not check the fields that were in the signature, now you can check a list of fields

v0.5.0

FEATURES:

• custom response definition: Previously, the response that was given in case the request was accepted or denied was fixed, now you can define it in both cases in the response field of the configuration.
• custom request auth requirement list: Previously the configuration only had one authorization method, so the condition for the request to be accepted only depended on that method, now you can define a list of requirements, each requirement has a list of authorizations, the request must pass all the defined requirements to be accepted, and to pass a requirement it must pass all the authorizations on its list or just one depending on the type of requirement (all|any).
• ip list authorization: Previously you could only check if the value of the defined parameter was a valid hmac, now you can also check if the value is an IP belonging to the CIDR you define, and if it is a list you can remove all the IPs that belong to the list of trusted networks you define until you only have the IP to check left, you can also make it behave in reverse.

BREAKING CHANGES:

• upgrade to v1alpha2 api:
  • list of authorizations: Previously, the authorization field existed, it was deleted and now the authorizations field was added. This field is a list that contains objects of the authorization type with the same fields as before.
  • hmac field now is part of authorization objects: Previously the hmac field was a root field of the configuration, now it is part of the authorization objects.
  • the response statusCode field must be defined
  • the requestAuthRequirements field must have at least 1 requirement defined, and the requirements must have at least 1 authorization name listed

v0.4.0

Changes:

• hmac.url.earlyEncode and hmac.url.lowerEncode have been implemented: this allows users to decide whether to URL-encode the path before validating it. It's useful for CDNs like Akamai. Moreover it's possible to decide using %XX or %xx case for encoding as this changes the HMAC

• Some logs added for debugging purposes

Contributors:
@achetronic @sebastocorp

doorkeeper-helm-chart-0.4.0

A Helm chart for Doorkeeper, a tiny HTTP server to be used as external authentication service for Envoy

v0.3.0

Changes:

• Switch configuration from environment variables to a file: this allows to extend the project in the future adding new features with ease.
  • The configuration file admits environment variables expansion
• Add modifiers support to act before request is processed: this allows users to perform path or headers modifications, etc. The idea is to be able to ignore modifications done by CDNs before sending the request to the backend (for example, added prefixes)

Contributors:
@achetronic @sebastocorp

doorkeeper-helm-chart-0.3.0

A Helm chart for Doorkeeper, a tiny HTTP server to be used as external authentication service for Envoy

v0.2.0

Changes:

• Add PodDisruptionBudget and HorizontalPodAutoscaler to Helm charts

Contributors:
@achetronic