authentik/cmd/proxy/server.go

package main

import (
	"fmt"
	"net/url"
	"os"
	"strconv"

	log "github.com/sirupsen/logrus"

	"goauthentik.io/internal/common"
	"goauthentik.io/internal/outpost/ak"
	"goauthentik.io/internal/outpost/proxyv2"
)

const helpMessage = `authentik proxy

Required environment variables:
- AUTHENTIK_HOST: URL to connect to (format "http://authentik.company")
- AUTHENTIK_TOKEN: Token to authenticate with
- AUTHENTIK_INSECURE: Skip SSL Certificate verification

Optionally, you can set these:
- AUTHENTIK_HOST_BROWSER: URL to use in the browser, when it differs from AUTHENTIK_HOST
- AUTHENTIK_PORT_OFFSET: Offset to add to the listening ports, i.e. value of 100 makes proxy listen on 9100`

func main() {
	log.SetLevel(log.DebugLevel)
	akURL, found := os.LookupEnv("AUTHENTIK_HOST")
	if !found {
		fmt.Println("env AUTHENTIK_HOST not set!")
		fmt.Println(helpMessage)
		os.Exit(1)
	}
	akToken, found := os.LookupEnv("AUTHENTIK_TOKEN")
	if !found {
		fmt.Println("env AUTHENTIK_TOKEN not set!")
		fmt.Println(helpMessage)
		os.Exit(1)
	}
	portOffset := 0
	portOffsetS := os.Getenv("AUTHENTIK_PORT_OFFSET")
	if portOffsetS != "" {
		v, err := strconv.Atoi(portOffsetS)
		if err != nil {
			fmt.Println(err.Error())
		}
		portOffset = v
	}

	akURLActual, err := url.Parse(akURL)
	if err != nil {
		fmt.Println(err)
		fmt.Println(helpMessage)
		os.Exit(1)
	}

	ex := common.Init()
	defer common.Defer()

	ac := ak.NewAPIController(*akURLActual, akToken)
	if ac == nil {
		os.Exit(1)
	}

	ac.Server = proxyv2.NewProxyServer(ac, portOffset)

	err = ac.Start()
	if err != nil {
		log.WithError(err).Panic("Failed to run server")
	}

	for {
		<-ex
		ac.Shutdown()
		os.Exit(0)
	}
}
outpost: separate ak-api and proxy further for future outposts 2021-01-16 20:41:39 +00:00			`package main`
Proxy v2 (#189) 2020-09-02 22:04:12 +00:00
			`import (`
proxy: improve reconnect logic, send version, properly version proxy 2020-09-18 23:29:49 +00:00			`"fmt"`
Proxy v2 (#189) 2020-09-02 22:04:12 +00:00			`"net/url"`
			`"os"`
outposts/proxy: fix securecookie: no codecs provided error with redis Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-09-09 08:23:46 +00:00			`"strconv"`
Proxy v2 (#189) 2020-09-02 22:04:12 +00:00
outpost: separate ak-api and proxy further for future outposts 2021-01-16 20:41:39 +00:00			`log "github.com/sirupsen/logrus"`

root: add more common utils Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-06-16 15:29:01 +00:00			`"goauthentik.io/internal/common"`
root: initial merging of outpost and main project Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-06-16 10:02:02 +00:00			`"goauthentik.io/internal/outpost/ak"`
outposts/proxyv2 (#1365) * outposts/proxyv2: initial commit Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> add rs256 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> more stuff Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> add forward auth an sign_out Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> match cookie name Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> re-add support for rs256 for backwards compat Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> add error handler Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> ensure unique user-agent is used Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> set cookie duration based on id_token expiry Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> build proxy v2 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> add ssl Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> add basic auth and custom header support Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> add application cert loading Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> implement whitelist Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> add redis Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> migrate embedded outpost to v2 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> remove old proxy Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> providers/proxy: make token expiration configurable Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> add metrics Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> fix tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * providers/proxy: only allow one redirect URI Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix docker build for proxy Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * remove default port offset Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add AUTHENTIK_HOST_BROWSER Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * tests: fix e2e/integration tests not using proper tags Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * remove references of old port Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix user_attributes not being loaded correctly Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * cleanup dependencies Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * cleanup Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-09-08 18:04:56 +00:00			`"goauthentik.io/internal/outpost/proxyv2"`
Proxy v2 (#189) 2020-09-02 22:04:12 +00:00			`)`

wip: rename to authentik (#361) * root: initial rename * web: rename custom element prefix * root: rename external functions with pb_ prefix * root: fix formatting * root: replace domain with goauthentik.io * proxy: update path * root: rename remaining prefixes * flows: rename file extension * root: pbadmin -> akadmin * docs: fix image filenames * lifecycle: ignore migration files * ci: copy default config from current source before loading last tagged * : new sentry dsn tests: fix missing python3.9-dev package * root: add additional migrations for service accounts created by outposts * core: mark system-created service accounts with attribute * policies/expression: fix pb_ replacement not working * web: fix last linting errors, add lit-analyse * policies/expressions: fix lint errors * web: fix sidebar display on screens where not all items fit * proxy: attempt to fix proxy pipeline * proxy: use go env GOPATH to get gopath * lib: fix user_default naming inconsistency * docs: add upgrade docs * docs: update screenshots to use authentik * admin: fix create button on empty-state of outpost * web: fix modal submit not refreshing SiteShell and Table * web: fix height of app-card and height of generic icon * web: fix rendering of subtext * admin: fix version check error not being caught * web: fix worker count not being shown * docs: update screenshots * root: new icon * web: fix lint error * admin: fix linting error * root: migrate coverage config to pyproject 2020-12-05 21:08:42 +00:00			const helpMessage = `authentik proxy
proxy: improve reconnect logic, send version, properly version proxy 2020-09-18 23:29:49 +00:00
			`Required environment variables:`
outpost: separate ak-api and proxy further for future outposts 2021-01-16 20:41:39 +00:00			`- AUTHENTIK_HOST: URL to connect to (format "http://authentik.company")`
			`- AUTHENTIK_TOKEN: Token to authenticate with`
outposts/proxyv2 (#1365) * outposts/proxyv2: initial commit Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> add rs256 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> more stuff Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> add forward auth an sign_out Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> match cookie name Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> re-add support for rs256 for backwards compat Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> add error handler Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> ensure unique user-agent is used Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> set cookie duration based on id_token expiry Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> build proxy v2 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> add ssl Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> add basic auth and custom header support Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> add application cert loading Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> implement whitelist Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> add redis Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> migrate embedded outpost to v2 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> remove old proxy Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> providers/proxy: make token expiration configurable Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> add metrics Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> fix tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * providers/proxy: only allow one redirect URI Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix docker build for proxy Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * remove default port offset Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add AUTHENTIK_HOST_BROWSER Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * tests: fix e2e/integration tests not using proper tags Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * remove references of old port Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix user_attributes not being loaded correctly Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * cleanup dependencies Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * cleanup Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-09-08 18:04:56 +00:00			`- AUTHENTIK_INSECURE: Skip SSL Certificate verification`

			`Optionally, you can set these:`
outposts/proxy: fix securecookie: no codecs provided error with redis Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-09-09 08:23:46 +00:00			`- AUTHENTIK_HOST_BROWSER: URL to use in the browser, when it differs from AUTHENTIK_HOST`
			- AUTHENTIK_PORT_OFFSET: Offset to add to the listening ports, i.e. value of 100 makes proxy listen on 9100`
proxy: improve reconnect logic, send version, properly version proxy 2020-09-18 23:29:49 +00:00
outpost: separate ak-api and proxy further for future outposts 2021-01-16 20:41:39 +00:00			`func main() {`
			`log.SetLevel(log.DebugLevel)`
root: add more common utils Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-06-16 15:29:01 +00:00			`akURL, found := os.LookupEnv("AUTHENTIK_HOST")`
Proxy v2 (#189) 2020-09-02 22:04:12 +00:00			`if !found {`
wip: rename to authentik (#361) * root: initial rename * web: rename custom element prefix * root: rename external functions with pb_ prefix * root: fix formatting * root: replace domain with goauthentik.io * proxy: update path * root: rename remaining prefixes * flows: rename file extension * root: pbadmin -> akadmin * docs: fix image filenames * lifecycle: ignore migration files * ci: copy default config from current source before loading last tagged * : new sentry dsn tests: fix missing python3.9-dev package * root: add additional migrations for service accounts created by outposts * core: mark system-created service accounts with attribute * policies/expression: fix pb_ replacement not working * web: fix last linting errors, add lit-analyse * policies/expressions: fix lint errors * web: fix sidebar display on screens where not all items fit * proxy: attempt to fix proxy pipeline * proxy: use go env GOPATH to get gopath * lib: fix user_default naming inconsistency * docs: add upgrade docs * docs: update screenshots to use authentik * admin: fix create button on empty-state of outpost * web: fix modal submit not refreshing SiteShell and Table * web: fix height of app-card and height of generic icon * web: fix rendering of subtext * admin: fix version check error not being caught * web: fix worker count not being shown * docs: update screenshots * root: new icon * web: fix lint error * admin: fix linting error * root: migrate coverage config to pyproject 2020-12-05 21:08:42 +00:00			`fmt.Println("env AUTHENTIK_HOST not set!")`
proxy: improve reconnect logic, send version, properly version proxy 2020-09-18 23:29:49 +00:00			`fmt.Println(helpMessage)`
			`os.Exit(1)`
Proxy v2 (#189) 2020-09-02 22:04:12 +00:00			`}`
root: add more common utils Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-06-16 15:29:01 +00:00			`akToken, found := os.LookupEnv("AUTHENTIK_TOKEN")`
Proxy v2 (#189) 2020-09-02 22:04:12 +00:00			`if !found {`
wip: rename to authentik (#361) * root: initial rename * web: rename custom element prefix * root: rename external functions with pb_ prefix * root: fix formatting * root: replace domain with goauthentik.io * proxy: update path * root: rename remaining prefixes * flows: rename file extension * root: pbadmin -> akadmin * docs: fix image filenames * lifecycle: ignore migration files * ci: copy default config from current source before loading last tagged * : new sentry dsn tests: fix missing python3.9-dev package * root: add additional migrations for service accounts created by outposts * core: mark system-created service accounts with attribute * policies/expression: fix pb_ replacement not working * web: fix last linting errors, add lit-analyse * policies/expressions: fix lint errors * web: fix sidebar display on screens where not all items fit * proxy: attempt to fix proxy pipeline * proxy: use go env GOPATH to get gopath * lib: fix user_default naming inconsistency * docs: add upgrade docs * docs: update screenshots to use authentik * admin: fix create button on empty-state of outpost * web: fix modal submit not refreshing SiteShell and Table * web: fix height of app-card and height of generic icon * web: fix rendering of subtext * admin: fix version check error not being caught * web: fix worker count not being shown * docs: update screenshots * root: new icon * web: fix lint error * admin: fix linting error * root: migrate coverage config to pyproject 2020-12-05 21:08:42 +00:00			`fmt.Println("env AUTHENTIK_TOKEN not set!")`
proxy: improve reconnect logic, send version, properly version proxy 2020-09-18 23:29:49 +00:00			`fmt.Println(helpMessage)`
			`os.Exit(1)`
Proxy v2 (#189) 2020-09-02 22:04:12 +00:00			`}`
outposts/proxy: fix securecookie: no codecs provided error with redis Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-09-09 08:23:46 +00:00			`portOffset := 0`
			`portOffsetS := os.Getenv("AUTHENTIK_PORT_OFFSET")`
			`if portOffsetS != "" {`
			`v, err := strconv.Atoi(portOffsetS)`
			`if err != nil {`
			`fmt.Println(err.Error())`
			`}`
			`portOffset = v`
			`}`
Proxy v2 (#189) 2020-09-02 22:04:12 +00:00
root: add more common utils Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-06-16 15:29:01 +00:00			`akURLActual, err := url.Parse(akURL)`
Proxy v2 (#189) 2020-09-02 22:04:12 +00:00			`if err != nil {`
proxy: improve reconnect logic, send version, properly version proxy 2020-09-18 23:29:49 +00:00			`fmt.Println(err)`
			`fmt.Println(helpMessage)`
			`os.Exit(1)`
Proxy v2 (#189) 2020-09-02 22:04:12 +00:00			`}`

root: add more common utils Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-06-16 15:29:01 +00:00			`ex := common.Init()`
			`defer common.Defer()`
Proxy v2 (#189) 2020-09-02 22:04:12 +00:00
root: add more common utils Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-06-16 15:29:01 +00:00			`ac := ak.NewAPIController(*akURLActual, akToken)`
cmd: prevent outposts from panicking when failing to get their config Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-10-05 20:19:05 +00:00			`if ac == nil {`
			`os.Exit(1)`
			`}`
Proxy v2 (#189) 2020-09-02 22:04:12 +00:00
outposts/proxy: fix securecookie: no codecs provided error with redis Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-09-09 08:23:46 +00:00			`ac.Server = proxyv2.NewProxyServer(ac, portOffset)`
outpost: separate ak-api and proxy further for future outposts 2021-01-16 20:41:39 +00:00
outpost: use tools from docker (#758) * outpost: replace golang.org/x/lint with golangci-lint Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * outpost: use swagger generator from docker Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * outpost: don't use tty for swagger gen Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * outposts: revert docker-swagger gen Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-04-19 18:43:13 +00:00			`err = ac.Start()`
			`if err != nil {`
			`log.WithError(err).Panic("Failed to run server")`
			`}`
Proxy v2 (#189) 2020-09-02 22:04:12 +00:00
			`for {`
root: add more common utils Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-06-16 15:29:01 +00:00			`<-ex`
outpost: use tools from docker (#758) * outpost: replace golang.org/x/lint with golangci-lint Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * outpost: use swagger generator from docker Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * outpost: don't use tty for swagger gen Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * outposts: revert docker-swagger gen Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-04-19 18:43:13 +00:00			`ac.Shutdown()`
			`os.Exit(0)`
Proxy v2 (#189) 2020-09-02 22:04:12 +00:00			`}`
			`}`