2021-01-16 20:41:39 +00:00
|
|
|
package ak
|
2020-09-02 22:04:12 +00:00
|
|
|
|
|
|
|
import (
|
|
|
|
"crypto/tls"
|
|
|
|
"fmt"
|
|
|
|
"net/http"
|
|
|
|
"net/url"
|
|
|
|
"os"
|
|
|
|
"strings"
|
|
|
|
"time"
|
|
|
|
|
|
|
|
"github.com/go-openapi/strfmt"
|
|
|
|
"github.com/gorilla/websocket"
|
|
|
|
"github.com/recws-org/recws"
|
2021-06-16 10:02:02 +00:00
|
|
|
pkg "goauthentik.io/internal/outpost"
|
2020-09-02 22:04:12 +00:00
|
|
|
)
|
|
|
|
|
2021-04-23 12:07:44 +00:00
|
|
|
func (ac *APIController) initWS(akURL url.URL, outpostUUID strfmt.UUID) {
|
2020-09-02 22:04:12 +00:00
|
|
|
pathTemplate := "%s://%s/ws/outpost/%s/"
|
2021-04-23 12:07:44 +00:00
|
|
|
scheme := strings.ReplaceAll(akURL.Scheme, "http", "ws")
|
2020-09-02 22:04:12 +00:00
|
|
|
|
2021-04-13 17:57:33 +00:00
|
|
|
authHeader := fmt.Sprintf("Bearer %s", ac.token)
|
2020-10-18 11:46:03 +00:00
|
|
|
|
2020-09-02 22:04:12 +00:00
|
|
|
header := http.Header{
|
2020-10-18 11:46:03 +00:00
|
|
|
"Authorization": []string{authHeader},
|
2021-05-12 17:02:04 +00:00
|
|
|
"User-Agent": []string{pkg.UserAgent()},
|
2020-09-02 22:04:12 +00:00
|
|
|
}
|
|
|
|
|
2020-12-05 21:08:42 +00:00
|
|
|
value, set := os.LookupEnv("AUTHENTIK_INSECURE")
|
2020-09-18 23:29:49 +00:00
|
|
|
if !set {
|
|
|
|
value = "false"
|
|
|
|
}
|
2020-09-02 22:04:12 +00:00
|
|
|
|
2020-09-18 23:29:49 +00:00
|
|
|
ws := &recws.RecConn{
|
2020-09-02 22:04:12 +00:00
|
|
|
NonVerbose: true,
|
|
|
|
TLSClientConfig: &tls.Config{
|
2020-09-18 23:29:49 +00:00
|
|
|
InsecureSkipVerify: strings.ToLower(value) == "true",
|
2020-09-02 22:04:12 +00:00
|
|
|
},
|
|
|
|
}
|
2021-04-23 12:07:44 +00:00
|
|
|
ws.Dial(fmt.Sprintf(pathTemplate, scheme, akURL.Host, outpostUUID.String()), header)
|
2020-09-02 22:04:12 +00:00
|
|
|
|
2021-02-11 22:48:54 +00:00
|
|
|
ac.logger.WithField("logger", "authentik.outpost.ak-ws").WithField("outpost", outpostUUID.String()).Debug("connecting to authentik")
|
2020-09-02 22:04:12 +00:00
|
|
|
|
|
|
|
ac.wsConn = ws
|
2020-09-18 23:29:49 +00:00
|
|
|
// Send hello message with our version
|
|
|
|
msg := websocketMessage{
|
|
|
|
Instruction: WebsocketInstructionHello,
|
|
|
|
Args: map[string]interface{}{
|
2021-05-12 17:02:04 +00:00
|
|
|
"version": pkg.VERSION,
|
|
|
|
"buildHash": pkg.BUILD(),
|
|
|
|
"uuid": ac.instanceUUID.String(),
|
2020-09-18 23:29:49 +00:00
|
|
|
},
|
|
|
|
}
|
|
|
|
err := ws.WriteJSON(msg)
|
|
|
|
if err != nil {
|
2021-02-11 22:48:54 +00:00
|
|
|
ac.logger.WithField("logger", "authentik.outpost.ak-ws").WithError(err).Warning("Failed to hello to authentik")
|
2020-09-18 23:29:49 +00:00
|
|
|
}
|
2020-09-02 22:04:12 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// Shutdown Gracefully stops all workers, disconnects from websocket
|
|
|
|
func (ac *APIController) Shutdown() {
|
|
|
|
// Cleanly close the connection by sending a close message and then
|
|
|
|
// waiting (with timeout) for the server to close the connection.
|
|
|
|
err := ac.wsConn.WriteMessage(websocket.CloseMessage, websocket.FormatCloseMessage(websocket.CloseNormalClosure, ""))
|
|
|
|
if err != nil {
|
|
|
|
ac.logger.Println("write close:", err)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func (ac *APIController) startWSHandler() {
|
2021-01-16 21:08:11 +00:00
|
|
|
logger := ac.logger.WithField("loop", "ws-handler")
|
2020-09-02 22:04:12 +00:00
|
|
|
for {
|
2020-09-18 23:29:49 +00:00
|
|
|
if !ac.wsConn.IsConnected() {
|
|
|
|
continue
|
|
|
|
}
|
2020-09-02 22:04:12 +00:00
|
|
|
var wsMsg websocketMessage
|
|
|
|
err := ac.wsConn.ReadJSON(&wsMsg)
|
|
|
|
if err != nil {
|
2021-05-12 16:01:46 +00:00
|
|
|
logger.WithError(err).Warning("ws write error, reconnecting")
|
2020-09-18 19:54:23 +00:00
|
|
|
ac.wsConn.CloseAndReconnect()
|
2020-09-18 23:29:49 +00:00
|
|
|
continue
|
2020-09-02 22:04:12 +00:00
|
|
|
}
|
|
|
|
if wsMsg.Instruction == WebsocketInstructionTriggerUpdate {
|
2020-10-17 14:48:53 +00:00
|
|
|
time.Sleep(ac.reloadOffset)
|
2021-01-16 21:08:11 +00:00
|
|
|
logger.Debug("Got update trigger...")
|
2021-01-16 20:41:39 +00:00
|
|
|
err := ac.Server.Refresh()
|
2020-09-02 22:04:12 +00:00
|
|
|
if err != nil {
|
2021-01-16 21:08:11 +00:00
|
|
|
logger.WithError(err).Debug("Failed to update")
|
2020-09-02 22:04:12 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func (ac *APIController) startWSHealth() {
|
2021-04-19 18:43:13 +00:00
|
|
|
ticker := time.NewTicker(time.Second * 10)
|
|
|
|
for ; true; <-ticker.C {
|
2020-09-18 23:29:49 +00:00
|
|
|
if !ac.wsConn.IsConnected() {
|
|
|
|
continue
|
|
|
|
}
|
2020-09-02 22:04:12 +00:00
|
|
|
aliveMsg := websocketMessage{
|
|
|
|
Instruction: WebsocketInstructionHello,
|
2020-09-18 23:29:49 +00:00
|
|
|
Args: map[string]interface{}{
|
2021-05-12 17:02:04 +00:00
|
|
|
"version": pkg.VERSION,
|
|
|
|
"buildHash": pkg.BUILD(),
|
|
|
|
"uuid": ac.instanceUUID.String(),
|
2020-09-18 23:29:49 +00:00
|
|
|
},
|
2020-09-02 22:04:12 +00:00
|
|
|
}
|
|
|
|
err := ac.wsConn.WriteJSON(aliveMsg)
|
2021-02-07 17:30:05 +00:00
|
|
|
ac.logger.WithField("loop", "ws-health").Trace("hello'd")
|
2020-09-02 22:04:12 +00:00
|
|
|
if err != nil {
|
2021-05-12 16:01:46 +00:00
|
|
|
ac.logger.WithField("loop", "ws-health").WithError(err).Warning("ws write error, reconnecting")
|
2020-09-18 19:54:23 +00:00
|
|
|
ac.wsConn.CloseAndReconnect()
|
2020-09-18 23:29:49 +00:00
|
|
|
continue
|
2020-09-02 22:04:12 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
2021-05-10 23:07:26 +00:00
|
|
|
|
|
|
|
func (ac *APIController) startIntervalUpdater() {
|
|
|
|
logger := ac.logger.WithField("loop", "interval-updater")
|
|
|
|
ticker := time.NewTicker(time.Second * 150)
|
|
|
|
for ; true; <-ticker.C {
|
|
|
|
err := ac.Server.Refresh()
|
|
|
|
if err != nil {
|
|
|
|
logger.WithError(err).Debug("Failed to update")
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|