authentik/outpost/pkg/ak/api_ws.go

package ak

import (
	"crypto/tls"
	"fmt"
	"net/http"
	"net/url"
	"os"
	"strings"
	"time"

	"github.com/go-openapi/strfmt"
	"github.com/gorilla/websocket"
	"github.com/recws-org/recws"
	"goauthentik.io/outpost/pkg"
)

func (ac *APIController) initWS(pbURL url.URL, outpostUUID strfmt.UUID) {
	pathTemplate := "%s://%s/ws/outpost/%s/"
	scheme := strings.ReplaceAll(pbURL.Scheme, "http", "ws")

	authHeader := fmt.Sprintf("Bearer %s", ac.token)

	header := http.Header{
		"Authorization": []string{authHeader},
		"User-Agent":    []string{fmt.Sprintf("authentik-proxy@%s", pkg.VERSION)},
	}

	value, set := os.LookupEnv("AUTHENTIK_INSECURE")
	if !set {
		value = "false"
	}

	ws := &recws.RecConn{
		NonVerbose: true,
		TLSClientConfig: &tls.Config{
			InsecureSkipVerify: strings.ToLower(value) == "true",
		},
	}
	ws.Dial(fmt.Sprintf(pathTemplate, scheme, pbURL.Host, outpostUUID.String()), header)

	ac.logger.WithField("logger", "authentik.outpost.ak-ws").WithField("outpost", outpostUUID.String()).Debug("connecting to authentik")

	ac.wsConn = ws
	// Send hello message with our version
	msg := websocketMessage{
		Instruction: WebsocketInstructionHello,
		Args: map[string]interface{}{
			"version": pkg.VERSION,
		},
	}
	err := ws.WriteJSON(msg)
	if err != nil {
		ac.logger.WithField("logger", "authentik.outpost.ak-ws").WithError(err).Warning("Failed to hello to authentik")
	}
}

// Shutdown Gracefully stops all workers, disconnects from websocket
func (ac *APIController) Shutdown() {
	// Cleanly close the connection by sending a close message and then
	// waiting (with timeout) for the server to close the connection.
	err := ac.wsConn.WriteMessage(websocket.CloseMessage, websocket.FormatCloseMessage(websocket.CloseNormalClosure, ""))
	if err != nil {
		ac.logger.Println("write close:", err)
		return
	}
	return
}

func (ac *APIController) startWSHandler() {
	logger := ac.logger.WithField("loop", "ws-handler")
	for {
		if !ac.wsConn.IsConnected() {
			continue
		}
		var wsMsg websocketMessage
		err := ac.wsConn.ReadJSON(&wsMsg)
		if err != nil {
			logger.Println("read:", err)
			ac.wsConn.CloseAndReconnect()
			continue
		}
		if wsMsg.Instruction == WebsocketInstructionTriggerUpdate {
			time.Sleep(ac.reloadOffset)
			logger.Debug("Got update trigger...")
			err := ac.Server.Refresh()
			if err != nil {
				logger.WithError(err).Debug("Failed to update")
			}
		}
	}
}

func (ac *APIController) startWSHealth() {
	for ; true; <-time.Tick(time.Second * 10) {
		if !ac.wsConn.IsConnected() {
			continue
		}
		aliveMsg := websocketMessage{
			Instruction: WebsocketInstructionHello,
			Args: map[string]interface{}{
				"version": pkg.VERSION,
			},
		}
		err := ac.wsConn.WriteJSON(aliveMsg)
		ac.logger.WithField("loop", "ws-health").Trace("hello'd")
		if err != nil {
			ac.logger.WithField("loop", "ws-health").Println("write:", err)
			ac.wsConn.CloseAndReconnect()
			continue
		}
	}
}
outpost: separate ak-api and proxy further for future outposts 2021-01-16 20:41:39 +00:00			`package ak`
Proxy v2 (#189) 2020-09-02 22:04:12 +00:00
			`import (`
			`"crypto/tls"`
			`"fmt"`
			`"net/http"`
			`"net/url"`
			`"os"`
			`"strings"`
			`"time"`

			`"github.com/go-openapi/strfmt"`
			`"github.com/gorilla/websocket"`
			`"github.com/recws-org/recws"`
outposts: update go module domain 2021-01-16 20:45:24 +00:00			`"goauthentik.io/outpost/pkg"`
Proxy v2 (#189) 2020-09-02 22:04:12 +00:00			`)`

			`func (ac *APIController) initWS(pbURL url.URL, outpostUUID strfmt.UUID) {`
			`pathTemplate := "%s://%s/ws/outpost/%s/"`
			`scheme := strings.ReplaceAll(pbURL.Scheme, "http", "ws")`

*: add support for bearer authentication on API Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-04-13 17:57:33 +00:00			`authHeader := fmt.Sprintf("Bearer %s", ac.token)`
proxy: fix WS Authorization Header being sent with the wrong format 2020-10-18 11:46:03 +00:00
Proxy v2 (#189) 2020-09-02 22:04:12 +00:00			`header := http.Header{`
proxy: fix WS Authorization Header being sent with the wrong format 2020-10-18 11:46:03 +00:00			`"Authorization": []string{authHeader},`
wip: rename to authentik (#361) * root: initial rename * web: rename custom element prefix * root: rename external functions with pb_ prefix * root: fix formatting * root: replace domain with goauthentik.io * proxy: update path * root: rename remaining prefixes * flows: rename file extension * root: pbadmin -> akadmin * docs: fix image filenames * lifecycle: ignore migration files * ci: copy default config from current source before loading last tagged * : new sentry dsn tests: fix missing python3.9-dev package * root: add additional migrations for service accounts created by outposts * core: mark system-created service accounts with attribute * policies/expression: fix pb_ replacement not working * web: fix last linting errors, add lit-analyse * policies/expressions: fix lint errors * web: fix sidebar display on screens where not all items fit * proxy: attempt to fix proxy pipeline * proxy: use go env GOPATH to get gopath * lib: fix user_default naming inconsistency * docs: add upgrade docs * docs: update screenshots to use authentik * admin: fix create button on empty-state of outpost * web: fix modal submit not refreshing SiteShell and Table * web: fix height of app-card and height of generic icon * web: fix rendering of subtext * admin: fix version check error not being caught * web: fix worker count not being shown * docs: update screenshots * root: new icon * web: fix lint error * admin: fix linting error * root: migrate coverage config to pyproject 2020-12-05 21:08:42 +00:00			`"User-Agent": []string{fmt.Sprintf("authentik-proxy@%s", pkg.VERSION)},`
Proxy v2 (#189) 2020-09-02 22:04:12 +00:00			`}`

wip: rename to authentik (#361) * root: initial rename * web: rename custom element prefix * root: rename external functions with pb_ prefix * root: fix formatting * root: replace domain with goauthentik.io * proxy: update path * root: rename remaining prefixes * flows: rename file extension * root: pbadmin -> akadmin * docs: fix image filenames * lifecycle: ignore migration files * ci: copy default config from current source before loading last tagged * : new sentry dsn tests: fix missing python3.9-dev package * root: add additional migrations for service accounts created by outposts * core: mark system-created service accounts with attribute * policies/expression: fix pb_ replacement not working * web: fix last linting errors, add lit-analyse * policies/expressions: fix lint errors * web: fix sidebar display on screens where not all items fit * proxy: attempt to fix proxy pipeline * proxy: use go env GOPATH to get gopath * lib: fix user_default naming inconsistency * docs: add upgrade docs * docs: update screenshots to use authentik * admin: fix create button on empty-state of outpost * web: fix modal submit not refreshing SiteShell and Table * web: fix height of app-card and height of generic icon * web: fix rendering of subtext * admin: fix version check error not being caught * web: fix worker count not being shown * docs: update screenshots * root: new icon * web: fix lint error * admin: fix linting error * root: migrate coverage config to pyproject 2020-12-05 21:08:42 +00:00			`value, set := os.LookupEnv("AUTHENTIK_INSECURE")`
proxy: improve reconnect logic, send version, properly version proxy 2020-09-18 23:29:49 +00:00			`if !set {`
			`value = "false"`
			`}`
Proxy v2 (#189) 2020-09-02 22:04:12 +00:00
proxy: improve reconnect logic, send version, properly version proxy 2020-09-18 23:29:49 +00:00			`ws := &recws.RecConn{`
Proxy v2 (#189) 2020-09-02 22:04:12 +00:00			`NonVerbose: true,`
			`TLSClientConfig: &tls.Config{`
proxy: improve reconnect logic, send version, properly version proxy 2020-09-18 23:29:49 +00:00			`InsecureSkipVerify: strings.ToLower(value) == "true",`
Proxy v2 (#189) 2020-09-02 22:04:12 +00:00			`},`
			`}`
			`ws.Dial(fmt.Sprintf(pathTemplate, scheme, pbURL.Host, outpostUUID.String()), header)`

outpost: improve logging output, ensure fields match api server 2021-02-11 22:48:54 +00:00			`ac.logger.WithField("logger", "authentik.outpost.ak-ws").WithField("outpost", outpostUUID.String()).Debug("connecting to authentik")`
Proxy v2 (#189) 2020-09-02 22:04:12 +00:00
			`ac.wsConn = ws`
proxy: improve reconnect logic, send version, properly version proxy 2020-09-18 23:29:49 +00:00			`// Send hello message with our version`
			`msg := websocketMessage{`
			`Instruction: WebsocketInstructionHello,`
			`Args: map[string]interface{}{`
			`"version": pkg.VERSION,`
			`},`
			`}`
			`err := ws.WriteJSON(msg)`
			`if err != nil {`
outpost: improve logging output, ensure fields match api server 2021-02-11 22:48:54 +00:00			`ac.logger.WithField("logger", "authentik.outpost.ak-ws").WithError(err).Warning("Failed to hello to authentik")`
proxy: improve reconnect logic, send version, properly version proxy 2020-09-18 23:29:49 +00:00			`}`
Proxy v2 (#189) 2020-09-02 22:04:12 +00:00			`}`

			`// Shutdown Gracefully stops all workers, disconnects from websocket`
			`func (ac *APIController) Shutdown() {`
			`// Cleanly close the connection by sending a close message and then`
			`// waiting (with timeout) for the server to close the connection.`
			`err := ac.wsConn.WriteMessage(websocket.CloseMessage, websocket.FormatCloseMessage(websocket.CloseNormalClosure, ""))`
			`if err != nil {`
			`ac.logger.Println("write close:", err)`
			`return`
			`}`
			`return`
			`}`

			`func (ac *APIController) startWSHandler() {`
outpost: improve logging 2021-01-16 21:08:11 +00:00			`logger := ac.logger.WithField("loop", "ws-handler")`
Proxy v2 (#189) 2020-09-02 22:04:12 +00:00			`for {`
proxy: improve reconnect logic, send version, properly version proxy 2020-09-18 23:29:49 +00:00			`if !ac.wsConn.IsConnected() {`
			`continue`
			`}`
Proxy v2 (#189) 2020-09-02 22:04:12 +00:00			`var wsMsg websocketMessage`
			`err := ac.wsConn.ReadJSON(&wsMsg)`
			`if err != nil {`
outpost: improve logging 2021-01-16 21:08:11 +00:00			`logger.Println("read:", err)`
proxy: improve logging and reconnecting 2020-09-18 19:54:23 +00:00			`ac.wsConn.CloseAndReconnect()`
proxy: improve reconnect logic, send version, properly version proxy 2020-09-18 23:29:49 +00:00			`continue`
Proxy v2 (#189) 2020-09-02 22:04:12 +00:00			`}`
			`if wsMsg.Instruction == WebsocketInstructionTriggerUpdate {`
proxy: add random reload offset for HA 2020-10-17 14:48:53 +00:00			`time.Sleep(ac.reloadOffset)`
outpost: improve logging 2021-01-16 21:08:11 +00:00			`logger.Debug("Got update trigger...")`
outpost: separate ak-api and proxy further for future outposts 2021-01-16 20:41:39 +00:00			`err := ac.Server.Refresh()`
Proxy v2 (#189) 2020-09-02 22:04:12 +00:00			`if err != nil {`
outpost: improve logging 2021-01-16 21:08:11 +00:00			`logger.WithError(err).Debug("Failed to update")`
Proxy v2 (#189) 2020-09-02 22:04:12 +00:00			`}`
			`}`
			`}`
			`}`

			`func (ac *APIController) startWSHealth() {`
			`for ; true; <-time.Tick(time.Second * 10) {`
proxy: improve reconnect logic, send version, properly version proxy 2020-09-18 23:29:49 +00:00			`if !ac.wsConn.IsConnected() {`
			`continue`
			`}`
Proxy v2 (#189) 2020-09-02 22:04:12 +00:00			`aliveMsg := websocketMessage{`
			`Instruction: WebsocketInstructionHello,`
proxy: improve reconnect logic, send version, properly version proxy 2020-09-18 23:29:49 +00:00			`Args: map[string]interface{}{`
			`"version": pkg.VERSION,`
			`},`
Proxy v2 (#189) 2020-09-02 22:04:12 +00:00			`}`
			`err := ac.wsConn.WriteJSON(aliveMsg)`
outpost: cap reconnect backoff at 60 seconds, reset backoff on successful connection 2021-02-07 17:30:05 +00:00			`ac.logger.WithField("loop", "ws-health").Trace("hello'd")`
Proxy v2 (#189) 2020-09-02 22:04:12 +00:00			`if err != nil {`
proxy: improve logging and reconnecting 2020-09-18 19:54:23 +00:00			`ac.logger.WithField("loop", "ws-health").Println("write:", err)`
			`ac.wsConn.CloseAndReconnect()`
proxy: improve reconnect logic, send version, properly version proxy 2020-09-18 23:29:49 +00:00			`continue`
Proxy v2 (#189) 2020-09-02 22:04:12 +00:00			`}`
			`}`
			`}`