authentik/cmd/proxy/main.go

package main

import (
	"fmt"
	"net/url"
	"os"

	log "github.com/sirupsen/logrus"
	"github.com/spf13/cobra"

	"goauthentik.io/internal/common"
	"goauthentik.io/internal/config"
	"goauthentik.io/internal/debug"
	"goauthentik.io/internal/outpost/ak"
	"goauthentik.io/internal/outpost/ak/healthcheck"
	"goauthentik.io/internal/outpost/proxyv2"
)

const helpMessage = `authentik proxy

Required environment variables:
- AUTHENTIK_HOST: URL to connect to (format "http://authentik.company")
- AUTHENTIK_TOKEN: Token to authenticate with
- AUTHENTIK_INSECURE: Skip SSL Certificate verification

Optionally, you can set these:
- AUTHENTIK_HOST_BROWSER: URL to use in the browser, when it differs from AUTHENTIK_HOST`

var rootCmd = &cobra.Command{
	Long: helpMessage,
	PersistentPreRun: func(cmd *cobra.Command, args []string) {
		log.SetLevel(log.DebugLevel)
		log.SetFormatter(&log.JSONFormatter{
			FieldMap: log.FieldMap{
				log.FieldKeyMsg:  "event",
				log.FieldKeyTime: "timestamp",
			},
			DisableHTMLEscape: true,
		})
	},
	Run: func(cmd *cobra.Command, args []string) {
		debug.EnableDebugServer()
		akURL := config.Get().AuthentikHost
		if akURL == "" {
			fmt.Println("env AUTHENTIK_HOST not set!")
			fmt.Println(helpMessage)
			os.Exit(1)
		}
		akToken := config.Get().AuthentikToken
		if akToken == "" {
			fmt.Println("env AUTHENTIK_TOKEN not set!")
			fmt.Println(helpMessage)
			os.Exit(1)
		}

		akURLActual, err := url.Parse(akURL)
		if err != nil {
			fmt.Println(err)
			fmt.Println(helpMessage)
			os.Exit(1)
		}

		ex := common.Init()
		defer common.Defer()
		go func() {
			for {
				<-ex
				os.Exit(0)
			}
		}()

		ac := ak.NewAPIController(*akURLActual, akToken)
		if ac == nil {
			os.Exit(1)
		}
		defer ac.Shutdown()

		ac.Server = proxyv2.NewProxyServer(ac)

		err = ac.Start()
		if err != nil {
			log.WithError(err).Panic("Failed to run server")
		}

		for {
			<-ex
		}
	},
}

func main() {
	rootCmd.AddCommand(healthcheck.Command)
	err := rootCmd.Execute()
	if err != nil {
		os.Exit(1)
	}
}
outpost: separate ak-api and proxy further for future outposts 2021-01-16 20:41:39 +00:00			`package main`
Proxy v2 (#189) 2020-09-02 22:04:12 +00:00
			`import (`
proxy: improve reconnect logic, send version, properly version proxy 2020-09-18 23:29:49 +00:00			`"fmt"`
Proxy v2 (#189) 2020-09-02 22:04:12 +00:00			`"net/url"`
			`"os"`

outpost: separate ak-api and proxy further for future outposts 2021-01-16 20:41:39 +00:00			`log "github.com/sirupsen/logrus"`
root: optimise healthchecks (#5337) * tests: remove redundant healthchecks Signed-off-by: Jens Langhammer <jens@goauthentik.io> * internal: do healthcheck within proxy instead of wget to use correct port Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix docs Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix tags Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io> 2023-04-21 10:32:48 +00:00			`"github.com/spf13/cobra"`
outpost: separate ak-api and proxy further for future outposts 2021-01-16 20:41:39 +00:00
root: add more common utils Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-06-16 15:29:01 +00:00			`"goauthentik.io/internal/common"`
outposts: use common config loader for outposts to support loading values from file closes #4383 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2023-01-08 13:19:08 +00:00			`"goauthentik.io/internal/config"`
internal: add optional debug server listening on 9900 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2022-01-25 16:04:28 +00:00			`"goauthentik.io/internal/debug"`
root: initial merging of outpost and main project Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-06-16 10:02:02 +00:00			`"goauthentik.io/internal/outpost/ak"`
root: optimise healthchecks (#5337) * tests: remove redundant healthchecks Signed-off-by: Jens Langhammer <jens@goauthentik.io> * internal: do healthcheck within proxy instead of wget to use correct port Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix docs Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix tags Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io> 2023-04-21 10:32:48 +00:00			`"goauthentik.io/internal/outpost/ak/healthcheck"`
outposts/proxyv2 (#1365) * outposts/proxyv2: initial commit Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> add rs256 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> more stuff Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> add forward auth an sign_out Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> match cookie name Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> re-add support for rs256 for backwards compat Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> add error handler Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> ensure unique user-agent is used Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> set cookie duration based on id_token expiry Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> build proxy v2 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> add ssl Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> add basic auth and custom header support Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> add application cert loading Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> implement whitelist Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> add redis Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> migrate embedded outpost to v2 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> remove old proxy Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> providers/proxy: make token expiration configurable Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> add metrics Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> fix tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * providers/proxy: only allow one redirect URI Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix docker build for proxy Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * remove default port offset Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add AUTHENTIK_HOST_BROWSER Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * tests: fix e2e/integration tests not using proper tags Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * remove references of old port Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix user_attributes not being loaded correctly Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * cleanup dependencies Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * cleanup Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-09-08 18:04:56 +00:00			`"goauthentik.io/internal/outpost/proxyv2"`
Proxy v2 (#189) 2020-09-02 22:04:12 +00:00			`)`

wip: rename to authentik (#361) * root: initial rename * web: rename custom element prefix * root: rename external functions with pb_ prefix * root: fix formatting * root: replace domain with goauthentik.io * proxy: update path * root: rename remaining prefixes * flows: rename file extension * root: pbadmin -> akadmin * docs: fix image filenames * lifecycle: ignore migration files * ci: copy default config from current source before loading last tagged * : new sentry dsn tests: fix missing python3.9-dev package * root: add additional migrations for service accounts created by outposts * core: mark system-created service accounts with attribute * policies/expression: fix pb_ replacement not working * web: fix last linting errors, add lit-analyse * policies/expressions: fix lint errors * web: fix sidebar display on screens where not all items fit * proxy: attempt to fix proxy pipeline * proxy: use go env GOPATH to get gopath * lib: fix user_default naming inconsistency * docs: add upgrade docs * docs: update screenshots to use authentik * admin: fix create button on empty-state of outpost * web: fix modal submit not refreshing SiteShell and Table * web: fix height of app-card and height of generic icon * web: fix rendering of subtext * admin: fix version check error not being caught * web: fix worker count not being shown * docs: update screenshots * root: new icon * web: fix lint error * admin: fix linting error * root: migrate coverage config to pyproject 2020-12-05 21:08:42 +00:00			const helpMessage = `authentik proxy
proxy: improve reconnect logic, send version, properly version proxy 2020-09-18 23:29:49 +00:00
			`Required environment variables:`
outpost: separate ak-api and proxy further for future outposts 2021-01-16 20:41:39 +00:00			`- AUTHENTIK_HOST: URL to connect to (format "http://authentik.company")`
			`- AUTHENTIK_TOKEN: Token to authenticate with`
outposts/proxyv2 (#1365) * outposts/proxyv2: initial commit Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> add rs256 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> more stuff Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> add forward auth an sign_out Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> match cookie name Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> re-add support for rs256 for backwards compat Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> add error handler Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> ensure unique user-agent is used Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> set cookie duration based on id_token expiry Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> build proxy v2 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> add ssl Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> add basic auth and custom header support Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> add application cert loading Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> implement whitelist Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> add redis Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> migrate embedded outpost to v2 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> remove old proxy Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> providers/proxy: make token expiration configurable Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> add metrics Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> fix tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * providers/proxy: only allow one redirect URI Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix docker build for proxy Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * remove default port offset Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add AUTHENTIK_HOST_BROWSER Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * tests: fix e2e/integration tests not using proper tags Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * remove references of old port Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix user_attributes not being loaded correctly Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * cleanup dependencies Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * cleanup Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-09-08 18:04:56 +00:00			`- AUTHENTIK_INSECURE: Skip SSL Certificate verification`

			`Optionally, you can set these:`
internal: centralise config for listeners to use same config system everywhere (#3367) * centralise config for listeners to use same config system everywhere Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> #3360 * add docs Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2022-08-03 19:33:27 +00:00			- AUTHENTIK_HOST_BROWSER: URL to use in the browser, when it differs from AUTHENTIK_HOST`
proxy: improve reconnect logic, send version, properly version proxy 2020-09-18 23:29:49 +00:00
root: optimise healthchecks (#5337) * tests: remove redundant healthchecks Signed-off-by: Jens Langhammer <jens@goauthentik.io> * internal: do healthcheck within proxy instead of wget to use correct port Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix docs Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix tags Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io> 2023-04-21 10:32:48 +00:00			`var rootCmd = &cobra.Command{`
			`Long: helpMessage,`
			`PersistentPreRun: func(cmd *cobra.Command, args []string) {`
			`log.SetLevel(log.DebugLevel)`
			`log.SetFormatter(&log.JSONFormatter{`
			`FieldMap: log.FieldMap{`
			`log.FieldKeyMsg: "event",`
			`log.FieldKeyTime: "timestamp",`
			`},`
			`DisableHTMLEscape: true,`
			`})`
			`},`
			`Run: func(cmd *cobra.Command, args []string) {`
			`debug.EnableDebugServer()`
			`akURL := config.Get().AuthentikHost`
			`if akURL == "" {`
			`fmt.Println("env AUTHENTIK_HOST not set!")`
			`fmt.Println(helpMessage)`
			`os.Exit(1)`
			`}`
			`akToken := config.Get().AuthentikToken`
			`if akToken == "" {`
			`fmt.Println("env AUTHENTIK_TOKEN not set!")`
			`fmt.Println(helpMessage)`
			`os.Exit(1)`
			`}`
Proxy v2 (#189) 2020-09-02 22:04:12 +00:00
root: optimise healthchecks (#5337) * tests: remove redundant healthchecks Signed-off-by: Jens Langhammer <jens@goauthentik.io> * internal: do healthcheck within proxy instead of wget to use correct port Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix docs Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix tags Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io> 2023-04-21 10:32:48 +00:00			`akURLActual, err := url.Parse(akURL)`
			`if err != nil {`
			`fmt.Println(err)`
			`fmt.Println(helpMessage)`
			`os.Exit(1)`
			`}`
Proxy v2 (#189) 2020-09-02 22:04:12 +00:00
root: optimise healthchecks (#5337) * tests: remove redundant healthchecks Signed-off-by: Jens Langhammer <jens@goauthentik.io> * internal: do healthcheck within proxy instead of wget to use correct port Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix docs Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix tags Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io> 2023-04-21 10:32:48 +00:00			`ex := common.Init()`
			`defer common.Defer()`
			`go func() {`
			`for {`
			`<-ex`
			`os.Exit(0)`
			`}`
			`}()`

			`ac := ak.NewAPIController(*akURLActual, akToken)`
			`if ac == nil {`
			`os.Exit(1)`
internal: fix outposts not reacting to signals while starting Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2022-08-05 16:13:09 +00:00			`}`
root: optimise healthchecks (#5337) * tests: remove redundant healthchecks Signed-off-by: Jens Langhammer <jens@goauthentik.io> * internal: do healthcheck within proxy instead of wget to use correct port Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix docs Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix tags Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io> 2023-04-21 10:32:48 +00:00			`defer ac.Shutdown()`
Proxy v2 (#189) 2020-09-02 22:04:12 +00:00
root: optimise healthchecks (#5337) * tests: remove redundant healthchecks Signed-off-by: Jens Langhammer <jens@goauthentik.io> * internal: do healthcheck within proxy instead of wget to use correct port Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix docs Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix tags Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io> 2023-04-21 10:32:48 +00:00			`ac.Server = proxyv2.NewProxyServer(ac)`
Proxy v2 (#189) 2020-09-02 22:04:12 +00:00
root: optimise healthchecks (#5337) * tests: remove redundant healthchecks Signed-off-by: Jens Langhammer <jens@goauthentik.io> * internal: do healthcheck within proxy instead of wget to use correct port Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix docs Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix tags Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io> 2023-04-21 10:32:48 +00:00			`err = ac.Start()`
			`if err != nil {`
			`log.WithError(err).Panic("Failed to run server")`
			`}`
outpost: separate ak-api and proxy further for future outposts 2021-01-16 20:41:39 +00:00
root: optimise healthchecks (#5337) * tests: remove redundant healthchecks Signed-off-by: Jens Langhammer <jens@goauthentik.io> * internal: do healthcheck within proxy instead of wget to use correct port Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix docs Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix tags Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io> 2023-04-21 10:32:48 +00:00			`for {`
			`<-ex`
			`}`
			`},`
			`}`
Proxy v2 (#189) 2020-09-02 22:04:12 +00:00
root: optimise healthchecks (#5337) * tests: remove redundant healthchecks Signed-off-by: Jens Langhammer <jens@goauthentik.io> * internal: do healthcheck within proxy instead of wget to use correct port Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix docs Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix tags Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io> 2023-04-21 10:32:48 +00:00			`func main() {`
			`rootCmd.AddCommand(healthcheck.Command)`
			`err := rootCmd.Execute()`
			`if err != nil {`
			`os.Exit(1)`
Proxy v2 (#189) 2020-09-02 22:04:12 +00:00			`}`
			`}`