trustchain-oc1-orchestral
/
authentik
Archived
10
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

proxy: improve reconnect logic, send version, properly version proxy

This commit is contained in:
Jens Langhammer 2020-09-19 01:29:49 +02:00
parent 18886697d6
commit 4749c3fad0
8 changed files with 72 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.bumpversion.cfg
View File

@ -10,7 +10,7 @@ tag_name = version/{new_version}
[bumpversion:part:release] [bumpversion:part:release]
optional_value = stable optional_value = stable
first_value = beta first_value = beta
values = values =
alpha alpha
beta beta
stable stable
@ -28,3 +28,5 @@ values =
[bumpversion:file:.github/workflows/release.yml] [bumpversion:file:.github/workflows/release.yml]
[bumpversion:file:passbook/__init__.py] [bumpversion:file:passbook/__init__.py]
[bumpversion:file:proxy/pkg/version.go]

1
passbook/providers/oauth2/models.py
View File

@ -340,6 +340,7 @@ class BaseGrantModel(models.Model):
abstract = True abstract = True
# pylint: disable=too-many-instance-attributes
class AuthorizationCode(ExpiringModel, BaseGrantModel): class AuthorizationCode(ExpiringModel, BaseGrantModel):
"""OAuth2 Authorization Code""" """OAuth2 Authorization Code"""

20
proxy/cmd/server.go
View File

@ -1,6 +1,7 @@
package cmd package cmd
import ( import (
"fmt"
"math/rand" "math/rand"
"net/url" "net/url"
"os" "os"
@ -10,20 +11,33 @@ import (
"github.com/BeryJu/passbook/proxy/pkg/server" "github.com/BeryJu/passbook/proxy/pkg/server"
) )
const helpMessage = `passbook proxy
Required environment variables:
- PASSBOOK_HOST: URL to connect to (format "http://passbook.company")
- PASSBOOK_TOKEN: Token to authenticate with
- PASSBOOK_INSECURE: Skip SSL Certificate verification`
// RunServer main entrypoint, runs the full server // RunServer main entrypoint, runs the full server
func RunServer() { func RunServer() {
pbURL, found := os.LookupEnv("PASSBOOK_HOST") pbURL, found := os.LookupEnv("PASSBOOK_HOST")
if !found { if !found {
panic("env PASSBOOK_HOST not set!") fmt.Println("env PASSBOOK_HOST not set!")
fmt.Println(helpMessage)
os.Exit(1)
} }
pbToken, found := os.LookupEnv("PASSBOOK_TOKEN") pbToken, found := os.LookupEnv("PASSBOOK_TOKEN")
if !found { if !found {
panic("env PASSBOOK_TOKEN not set!") fmt.Println("env PASSBOOK_TOKEN not set!")
fmt.Println(helpMessage)
os.Exit(1)
} }
pbURLActual, err := url.Parse(pbURL) pbURLActual, err := url.Parse(pbURL)
if err != nil { if err != nil {
panic(err) fmt.Println(err)
fmt.Println(helpMessage)
os.Exit(1)
} }
rand.Seed(time.Now().UnixNano()) rand.Seed(time.Now().UnixNano())

8
proxy/go.mod
View File

@ -29,12 +29,16 @@ require (
github.com/recws-org/recws v1.2.1 github.com/recws-org/recws v1.2.1
github.com/sirupsen/logrus v1.6.0 github.com/sirupsen/logrus v1.6.0
github.com/spf13/afero v1.4.0 // indirect github.com/spf13/afero v1.4.0 // indirect
github.com/spf13/cast v1.3.1 // indirect
github.com/spf13/jwalterweatherman v1.1.0 // indirect
github.com/spf13/pflag v1.0.5 // indirect
github.com/spf13/viper v1.7.1 // indirect github.com/spf13/viper v1.7.1 // indirect
github.com/stretchr/testify v1.6.1 github.com/stretchr/testify v1.6.1
go.mongodb.org/mongo-driver v1.4.1 // indirect go.mongodb.org/mongo-driver v1.4.1 // indirect
golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de // indirect golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de // indirect
golang.org/x/net v0.0.0-20200904194848-62affa334b73 // indirect golang.org/x/net v0.0.0-20200904194848-62affa334b73 // indirect
golang.org/x/sys v0.0.0-20200917061948-648f2a039071 // indirect golang.org/x/sys v0.0.0-20200918174421-af09f7315aff // indirect
golang.org/x/tools v0.0.0-20200917050209-655488c8ae71 // indirect golang.org/x/tools v0.0.0-20200918201133-e94ab7288189 // indirect
gopkg.in/ini.v1 v1.61.0 // indirect gopkg.in/ini.v1 v1.61.0 // indirect
gopkg.in/square/go-jose.v2 v2.5.1 // indirect
) )

6
proxy/go.sum
View File

@ -832,6 +832,8 @@ golang.org/x/sys v0.0.0-20200625212154-ddb9806d33ae/go.mod h1:h1NjWce9XRLGQEsW7w
golang.org/x/sys v0.0.0-20200803210538-64077c9b5642/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200803210538-64077c9b5642/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200917061948-648f2a039071 h1:t0H7WMwCt9t0LnLSYz5zdZ/OiAtROxc5cHb5iHt3Xyw= golang.org/x/sys v0.0.0-20200917061948-648f2a039071 h1:t0H7WMwCt9t0LnLSYz5zdZ/OiAtROxc5cHb5iHt3Xyw=
golang.org/x/sys v0.0.0-20200917061948-648f2a039071/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200917061948-648f2a039071/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200918174421-af09f7315aff h1:1CPUrky56AcgSpxz/KfgzQWzfG09u5YOL8MvPYBlrL8=
golang.org/x/sys v0.0.0-20200918174421-af09f7315aff/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@ -898,8 +900,8 @@ golang.org/x/tools v0.0.0-20200729194436-6467de6f59a7/go.mod h1:njjCfa9FT2d7l9Bc
golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
golang.org/x/tools v0.0.0-20200817023811-d00afeaade8f h1:33yHANSyO/TeglgY9rBhUpX43wtonTXoFOsMRtNB6qE= golang.org/x/tools v0.0.0-20200817023811-d00afeaade8f h1:33yHANSyO/TeglgY9rBhUpX43wtonTXoFOsMRtNB6qE=
golang.org/x/tools v0.0.0-20200817023811-d00afeaade8f/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= golang.org/x/tools v0.0.0-20200817023811-d00afeaade8f/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
golang.org/x/tools v0.0.0-20200917050209-655488c8ae71 h1:HfjhL52L9Q15ZudgTl0s5+wcqOKViwBgZJQLxgKn20E= golang.org/x/tools v0.0.0-20200918201133-e94ab7288189 h1:7E/geNtekOV4N/07EhKz7zyXs0hZhoZZ19R2O2mMHoI=
golang.org/x/tools v0.0.0-20200917050209-655488c8ae71/go.mod h1:z6u4i615ZeAfBE4XtMziQW1fSVJXACjjbWkB/mvPzlU= golang.org/x/tools v0.0.0-20200918201133-e94ab7288189/go.mod h1:z6u4i615ZeAfBE4XtMziQW1fSVJXACjjbWkB/mvPzlU=
golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7 h1:9zdDQZ7Thm29KFXgAX/+yaf3eVbP7djjWp/dXAppNCc= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7 h1:9zdDQZ7Thm29KFXgAX/+yaf3eVbP7djjWp/dXAppNCc=
golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=

10
proxy/pkg/server/api.go
View File

@ -6,6 +6,7 @@ import (
"net/http" "net/http"
"net/url" "net/url"
"os" "os"
"strings"
"time" "time"
"github.com/BeryJu/passbook/proxy/pkg/client" "github.com/BeryJu/passbook/proxy/pkg/client"
@ -37,7 +38,7 @@ type APIController struct {
lastBundleHash string lastBundleHash string
logger *log.Entry logger *log.Entry
wsConn recws.RecConn wsConn *recws.RecConn
} }
func getCommonOptions() *options.Options { func getCommonOptions() *options.Options {
@ -85,9 +86,12 @@ func doGlobalSetup(config map[string]interface{}) {
} }
func getTLSTransport() http.RoundTripper { func getTLSTransport() http.RoundTripper {
_, set := os.LookupEnv("PASSBOOK_INSECURE") value, set := os.LookupEnv("PASSBOOK_INSECURE")
if !set {
value = "false"
}
tlsTransport, err := httptransport.TLSTransport(httptransport.TLSClientOptions{ tlsTransport, err := httptransport.TLSTransport(httptransport.TLSClientOptions{
InsecureSkipVerify: set, InsecureSkipVerify: strings.ToLower(value) == "true",
}) })
if err != nil { if err != nil {
panic(err) panic(err)

39
proxy/pkg/server/api_ws.go
View File

@ -9,6 +9,7 @@ import (
"strings" "strings"
"time" "time"
"github.com/BeryJu/passbook/proxy/pkg"
"github.com/go-openapi/strfmt" "github.com/go-openapi/strfmt"
"github.com/gorilla/websocket" "github.com/gorilla/websocket"
"github.com/recws-org/recws" "github.com/recws-org/recws"
@ -22,20 +23,33 @@ func (ac *APIController) initWS(pbURL url.URL, outpostUUID strfmt.UUID) {
"Authorization": []string{ac.token}, "Authorization": []string{ac.token},
} }
_, set := os.LookupEnv("PASSBOOK_INSECURE") value, set := os.LookupEnv("PASSBOOK_INSECURE")
if !set {
value = "false"
}
ws := recws.RecConn{ ws := &recws.RecConn{
// KeepAliveTimeout: 10 * time.Second,
NonVerbose: true, NonVerbose: true,
TLSClientConfig: &tls.Config{ TLSClientConfig: &tls.Config{
InsecureSkipVerify: set, InsecureSkipVerify: strings.ToLower(value) == "true",
}, },
} }
ws.Dial(fmt.Sprintf(pathTemplate, scheme, pbURL.Host, outpostUUID.String()), header) ws.Dial(fmt.Sprintf(pathTemplate, scheme, pbURL.Host, outpostUUID.String()), header)
ac.logger.WithField("outpost", outpostUUID.String()).Debug("connecting to passbook") ac.logger.WithField("component", "ws").WithField("outpost", outpostUUID.String()).Debug("connecting to passbook")
ac.wsConn = ws ac.wsConn = ws
// Send hello message with our version
msg := websocketMessage{
Instruction: WebsocketInstructionHello,
Args: map[string]interface{}{
"version": pkg.VERSION,
},
}
err := ws.WriteJSON(msg)
if err != nil {
ac.logger.WithField("component", "ws").WithError(err).Warning("Failed to hello to passbook")
}
} }
// Shutdown Gracefully stops all workers, disconnects from websocket // Shutdown Gracefully stops all workers, disconnects from websocket
@ -52,12 +66,15 @@ func (ac *APIController) Shutdown() {
func (ac *APIController) startWSHandler() { func (ac *APIController) startWSHandler() {
for { for {
if !ac.wsConn.IsConnected() {
continue
}
var wsMsg websocketMessage var wsMsg websocketMessage
err := ac.wsConn.ReadJSON(&wsMsg) err := ac.wsConn.ReadJSON(&wsMsg)
if err != nil { if err != nil {
ac.logger.WithField("loop", "ws-handler").Println("read:", err) ac.logger.WithField("loop", "ws-handler").Println("read:", err)
ac.wsConn.CloseAndReconnect() ac.wsConn.CloseAndReconnect()
return continue
} }
if wsMsg.Instruction != WebsocketInstructionAck { if wsMsg.Instruction != WebsocketInstructionAck {
ac.logger.Debugf("%+v\n", wsMsg) ac.logger.Debugf("%+v\n", wsMsg)
@ -73,15 +90,21 @@ func (ac *APIController) startWSHandler() {
func (ac *APIController) startWSHealth() { func (ac *APIController) startWSHealth() {
for ; true; <-time.Tick(time.Second * 10) { for ; true; <-time.Tick(time.Second * 10) {
if !ac.wsConn.IsConnected() {
continue
}
aliveMsg := websocketMessage{ aliveMsg := websocketMessage{
Instruction: WebsocketInstructionHello, Instruction: WebsocketInstructionHello,
Args: make(map[string]interface{}), Args: map[string]interface{}{
"version": pkg.VERSION,
},
} }
err := ac.wsConn.WriteJSON(aliveMsg) err := ac.wsConn.WriteJSON(aliveMsg)
ac.logger.WithField("loop", "ws-health").Debug("hello'd")
if err != nil { if err != nil {
ac.logger.WithField("loop", "ws-health").Println("write:", err) ac.logger.WithField("loop", "ws-health").Println("write:", err)
ac.wsConn.CloseAndReconnect() ac.wsConn.CloseAndReconnect()
return continue
} }
} }
} }

3
proxy/pkg/version.go Normal file
View File

@ -0,0 +1,3 @@
package pkg
const VERSION = "0.10.3-stable"