Migrate goproxy handler to OIDCRegistry

kbukum1 · kbukum1 · commit 41a4d7c63975 · 2026-04-02T20:19:08.000-05:00
Replace manual OIDC credential map and mutex with the shared
OIDCRegistry type. Goproxy already used url-with-host-fallback
as the key, so this is a pure structural refactor with no
behavior change.
diff --git a/internal/handlers/goproxy_server_handler.go b/internal/handlers/goproxy_server_handler.go
@@ -2,7 +2,6 @@ package handlers
 
 import (
 	"net/http"
-	"sync"
 
 	"github.com/elazarl/goproxy"
 
@@ -13,9 +12,8 @@ import (
 )
 
 type GoProxyServerHandler struct {
-	credentials     []goProxyServerCredentials
-	oidcCredentials map[string]*oidc.OIDCCredential
-	mutex           sync.RWMutex
+	credentials  []goProxyServerCredentials
+	oidcRegistry *oidc.OIDCRegistry
 }
 
 type goProxyServerCredentials struct {
@@ -28,8 +26,8 @@ type goProxyServerCredentials struct {
 // NewGoProxyServerHandler returns a new GoProxyServerHandler.
 func NewGoProxyServerHandler(creds config.Credentials) *GoProxyServerHandler {
 	handler := GoProxyServerHandler{
-		credentials:     []goProxyServerCredentials{},
-		oidcCredentials: make(map[string]*oidc.OIDCCredential),
+		credentials:  []goProxyServerCredentials{},
+		oidcRegistry: oidc.NewOIDCRegistry(),
 	}
 
 	for _, cred := range creds {
@@ -40,16 +38,7 @@ func NewGoProxyServerHandler(creds config.Credentials) *GoProxyServerHandler {
 		url := cred.GetString("url")
 		host := cred.GetString("host")
 
-		oidcCredential, _ := oidc.CreateOIDCCredential(cred)
-		if oidcCredential != nil {
-			urlOrHost := url
-			if urlOrHost == "" {
-				urlOrHost = host
-			}
-			if urlOrHost != "" {
-				handler.oidcCredentials[urlOrHost] = oidcCredential
-				logging.RequestLogf(nil, "registered %s OIDC credentials for goproxy server: %s", oidcCredential.Provider(), urlOrHost)
-			}
+		if _, _, ok := handler.oidcRegistry.Register(cred, []string{"url"}, "goproxy server"); ok {
 			continue
 		}
 
@@ -76,7 +65,7 @@ func (h *GoProxyServerHandler) HandleRequest(req *http.Request, ctx *goproxy.Pro
 	}
 
 	// Try OIDC credentials first
-	if oidc.TryAuthOIDCRequestWithPrefix(&h.mutex, h.oidcCredentials, req, ctx) {
+	if h.oidcRegistry.TryAuth(req, ctx) {
 		return req, nil
 	}
 
