trustchain-oc1-orchestral
/
authentik
Archived
10
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

outpost/proxyv2: fix redirect to localhost 

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2021-09-08 21:07:16 +02:00
parent 502393ee56
commit 2983adc719
2 changed files with 11 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
internal/outpost/proxyv2/application/application.go
View File

@ -42,12 +42,19 @@ type Application struct {
mux *mux.Router mux *mux.Router
} }
func akProviderToEndpoint(p api.ProxyOutpostConfig) oauth2.Endpoint { func akProviderToEndpoint(p api.ProxyOutpostConfig, authentikHost string) oauth2.Endpoint {
authUrl := p.OidcConfiguration.AuthorizationEndpoint authUrl := p.OidcConfiguration.AuthorizationEndpoint
if browserHost, found := os.LookupEnv("AUTHENTIK_HOST_BROWSER"); found { if browserHost, found := os.LookupEnv("AUTHENTIK_HOST_BROWSER"); found {
host := os.Getenv("AUTHENTIK_HOST") host := os.Getenv("AUTHENTIK_HOST")
authUrl = strings.ReplaceAll(authUrl, host, browserHost) authUrl = strings.ReplaceAll(authUrl, host, browserHost)
} }
if strings.HasPrefix(authUrl, "http://localhost:8000") {
if authentikHost == "" {
log.Warning("Outpost has localhost/blank API Connection but no authentik_host is configured.")
} else {
authUrl = strings.ReplaceAll(authUrl, "http://localhost:8000", authentikHost)
}
}
return oauth2.Endpoint{ return oauth2.Endpoint{
AuthURL: authUrl, AuthURL: authUrl,
TokenURL: p.OidcConfiguration.TokenEndpoint, TokenURL: p.OidcConfiguration.TokenEndpoint,
@ -55,7 +62,7 @@ func akProviderToEndpoint(p api.ProxyOutpostConfig) oauth2.Endpoint {
} }
} }
func NewApplication(p api.ProxyOutpostConfig, c *http.Client, cs *ak.CryptoStore) *Application { func NewApplication(p api.ProxyOutpostConfig, c *http.Client, cs *ak.CryptoStore, akHost string) *Application {
gob.Register(Claims{}) gob.Register(Claims{})
externalHost, err := url.Parse(p.ExternalHost) externalHost, err := url.Parse(p.ExternalHost)
@ -83,7 +90,7 @@ func NewApplication(p api.ProxyOutpostConfig, c *http.Client, cs *ak.CryptoStore
ClientID: *p.ClientId, ClientID: *p.ClientId,
ClientSecret: *p.ClientSecret, ClientSecret: *p.ClientSecret,
RedirectURL: fmt.Sprintf("%s/akprox/callback", p.ExternalHost), RedirectURL: fmt.Sprintf("%s/akprox/callback", p.ExternalHost),
Endpoint: akProviderToEndpoint(p), Endpoint: akProviderToEndpoint(p, akHost),
Scopes: []string{oidc.ScopeOpenID, "profile", "email", "ak_proxy"}, Scopes: []string{oidc.ScopeOpenID, "profile", "email", "ak_proxy"},
} }
mux := mux.NewRouter() mux := mux.NewRouter()

2
internal/outpost/proxyv2/refresh.go
View File

@ -24,7 +24,7 @@ func (ps *ProxyServer) Refresh() error {
hc := &http.Client{ hc := &http.Client{
Transport: ak.NewUserAgentTransport(constants.OutpostUserAgent()+ua, ak.NewTracingTransport(context.TODO(), ak.GetTLSTransport())), Transport: ak.NewUserAgentTransport(constants.OutpostUserAgent()+ua, ak.NewTracingTransport(context.TODO(), ak.GetTLSTransport())),
} }
a := application.NewApplication(provider, hc, ps.cryptoStore) a := application.NewApplication(provider, hc, ps.cryptoStore, ps.akAPI.Outpost.Config["authentik_host"].(string))
apps[a.Host] = a apps[a.Host] = a
} }
ps.apps = apps ps.apps = apps