Merge branch 'main' into multi-tenant-django-tenants

2024-01-11 14:38:50 +01:00 · 2024-01-11 14:38:50 +01:00 · 6a11b24896
parent f7b609d8aa 38e1ad5ade
commit 6a11b24896
17 changed files with 141 additions and 160 deletions
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@ -35,6 +35,7 @@ updates:
      sentry:
        patterns:
          - "@sentry/*"
+          - "@spotlightjs/*"
      babel:
        patterns:
          - "@babel/*"
@ -66,6 +67,7 @@ updates:
      sentry:
        patterns:
          - "@sentry/*"
+          - "@spotlightjs/*"
      babel:
        patterns:
          - "@babel/*"
--- a/authentik/events/middleware.py
+++ b/authentik/events/middleware.py
@ -61,9 +61,6 @@ IGNORED_MODELS = (

 def should_log_model(model: Model) -> bool:
    """Return true if operation on `model` should be logged"""
-    # Check for silk by string so this comparison doesn't fail when silk isn't installed
-    if model.__module__.startswith("silk"):
-        return False
    return model.__class__ not in IGNORED_MODELS


--- a/authentik/lib/logging.py
+++ b/authentik/lib/logging.py
@ -96,7 +96,6 @@ def get_logger_config():
        "kubernetes": "INFO",
        "asyncio": "WARNING",
        "redis": "WARNING",
-        "silk": "INFO",
        "fsevents": "WARNING",
        "uvicorn": "WARNING",
        "gunicorn": "INFO",
--- a/authentik/lib/sentry.py
+++ b/authentik/lib/sentry.py
@ -60,6 +60,8 @@ def sentry_init(**sentry_init_kwargs):
        },
    }
    kwargs.update(**sentry_init_kwargs)
+    if settings.DEBUG:
+        kwargs["spotlight"] = True
    # pylint: disable=abstract-class-instantiated
    sentry_sdk_init(
        dsn=CONFIG.get("error_reporting.sentry_dsn"),
--- a/authentik/root/settings.py
+++ b/authentik/root/settings.py
@ -480,8 +480,6 @@ _update_settings("data.user_settings")
 if DEBUG:
    CELERY["task_always_eager"] = True
    os.environ[ENV_GIT_HASH_KEY] = "dev"
-    SHARED_APPS.append("silk")
-    MIDDLEWARE = ["silk.middleware.SilkyMiddleware"] + MIDDLEWARE
    REST_FRAMEWORK["DEFAULT_RENDERER_CLASSES"].append(
        "rest_framework.renderers.BrowsableAPIRenderer"
    )
--- a/authentik/root/urls.py
+++ b/authentik/root/urls.py
@ -1,5 +1,4 @@
 """authentik URL Configuration"""
-from django.conf import settings
 from django.urls import include, path
 from structlog.stdlib import get_logger

@ -48,8 +47,3 @@ urlpatterns += [
    path("-/health/live/", LiveView.as_view(), name="health-live"),
    path("-/health/ready/", ReadyView.as_view(), name="health-ready"),
 ]
-
-if settings.DEBUG:
-    urlpatterns += [
-        path("debug/silk/", include("silk.urls", namespace="silk")),
-    ]
--- a/go.mod
+++ b/go.mod
@ -4,9 +4,8 @@ go 1.21

 require (
 	beryju.io/ldap v0.1.0
-	github.com/Netflix/go-env v0.0.0-20210215222557-e437a7e7f9fb
 	github.com/coreos/go-oidc v2.2.1+incompatible
-	github.com/getsentry/sentry-go v0.25.0
+	github.com/getsentry/sentry-go v0.26.0
 	github.com/go-http-utils/etag v0.0.0-20161124023236-513ea8f21eb1
 	github.com/go-ldap/ldap/v3 v3.4.6
 	github.com/go-openapi/runtime v0.26.2
@ -24,6 +23,7 @@ require (
 	github.com/pires/go-proxyproto v0.7.0
 	github.com/prometheus/client_golang v1.18.0
 	github.com/redis/go-redis/v9 v9.4.0
+	github.com/sethvargo/go-envconfig v1.0.0
 	github.com/sirupsen/logrus v1.9.3
 	github.com/spf13/cobra v1.8.0
 	github.com/stretchr/testify v1.8.4
--- a/go.sum
+++ b/go.sum
@ -37,8 +37,6 @@ github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 h1:mFRzDkZVAjdal+
 github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358/go.mod h1:chxPXzSsl7ZWRAuOIE23GDNzjWuZquvFlgA8xmpunjU=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
 github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
-github.com/Netflix/go-env v0.0.0-20210215222557-e437a7e7f9fb h1:w9IDEB7P1VzNcBpOG7kMpFkZp2DkyJIUt0gDx5MBhRU=
-github.com/Netflix/go-env v0.0.0-20210215222557-e437a7e7f9fb/go.mod h1:9XMFaCeRyW7fC9XJOWQ+NdAv8VLG7ys7l3x4ozEGLUQ=
 github.com/alexbrainman/sspi v0.0.0-20210105120005-909beea2cc74 h1:Kk6a4nehpJ3UuJRqlA3JxYxBZEqCeOmATOvrbT4p9RA=
 github.com/alexbrainman/sspi v0.0.0-20210105120005-909beea2cc74/go.mod h1:cEWa1LVoE5KvSD9ONXsZrj0z6KqySlCCNKHlLzbqAt4=
 github.com/asaskevich/govalidator v0.0.0-20200907205600-7a23bdc65eef/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
@ -73,8 +71,8 @@ github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1m
 github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
 github.com/felixge/httpsnoop v1.0.3 h1:s/nj+GCswXYzN5v2DpNMuMQYe+0DDwt5WVCU6CWBdXk=
 github.com/felixge/httpsnoop v1.0.3/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
-github.com/getsentry/sentry-go v0.25.0 h1:q6Eo+hS+yoJlTO3uu/azhQadsD8V+jQn2D8VvX1eOyI=
-github.com/getsentry/sentry-go v0.25.0/go.mod h1:lc76E2QywIyW8WuBnwl8Lc4bkmQH4+w1gwTf25trprY=
+github.com/getsentry/sentry-go v0.26.0 h1:IX3++sF6/4B5JcevhdZfdKIHfyvMmAq/UnqcyT2H6mA=
+github.com/getsentry/sentry-go v0.26.0/go.mod h1:lc76E2QywIyW8WuBnwl8Lc4bkmQH4+w1gwTf25trprY=
 github.com/go-asn1-ber/asn1-ber v1.5.5 h1:MNHlNMBDgEKD4TcKr36vQN68BA00aDfjIt3/bD50WnA=
 github.com/go-asn1-ber/asn1-ber v1.5.5/go.mod h1:hEBeB/ic+5LoWskz+yKT7vGhhPYkProFKoKdwZRWMe0=
 github.com/go-errors/errors v1.4.2 h1:J6MZopCL4uSllY1OfXM374weqZFFItUbrImctkmUxIA=
@ -167,8 +165,8 @@ github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/
 github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
-github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
+github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
+github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
 github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs=
@ -264,6 +262,8 @@ github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFR
 github.com/rogpeppe/go-internal v1.11.0 h1:cWPaGQEPrBb5/AsnsZesgZZ9yb1OQ+GOISoDNXVBh4M=
 github.com/rogpeppe/go-internal v1.11.0/go.mod h1:ddIwULY96R17DhadqLgMfk9H9tvdUzkipdSkR5nkCZA=
 github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
+github.com/sethvargo/go-envconfig v1.0.0 h1:1C66wzy4QrROf5ew4KdVw942CQDa55qmlYmw9FZxZdU=
+github.com/sethvargo/go-envconfig v1.0.0/go.mod h1:Lzc75ghUn5ucmcRGIdGQ33DKJrcjk4kihFYgSTBmjIc=
 github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
 github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ=
 github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
--- a/internal/config/config.go
+++ b/internal/config/config.go
@ -1,6 +1,7 @@
 package config

 import (
+	"context"
 	_ "embed"
 	"errors"
 	"fmt"
@ -10,10 +11,11 @@ import (
 	"reflect"
 	"strings"

-	env "github.com/Netflix/go-env"
+	env "github.com/sethvargo/go-envconfig"
 	log "github.com/sirupsen/logrus"
-	"goauthentik.io/authentik/lib"
 	"gopkg.in/yaml.v2"
+
+	"goauthentik.io/authentik/lib"
 )

 var cfg *Config
@ -113,7 +115,8 @@ func (c *Config) LoadConfigFromFile(path string) error {
 }

 func (c *Config) fromEnv() error {
-	_, err := env.UnmarshalFromEnviron(c)
+	ctx := context.Background()
+	err := env.Process(ctx, c)
 	if err != nil {
 		return fmt.Errorf("failed to load environment variables: %w", err)
 	}
--- a/internal/config/struct.go
+++ b/internal/config/struct.go
@ -3,17 +3,17 @@ package config
 type Config struct {
 	// Core specific config
 	Storage        StorageConfig        `yaml:"storage"`
-	LogLevel       string               `yaml:"log_level" env:"AUTHENTIK_LOG_LEVEL"`
-	ErrorReporting ErrorReportingConfig `yaml:"error_reporting"`
-	Redis          RedisConfig          `yaml:"redis"`
-	Outposts       OutpostConfig        `yaml:"outposts"`
+	LogLevel       string               `yaml:"log_level" env:"AUTHENTIK_LOG_LEVEL, overwrite"`
+	ErrorReporting ErrorReportingConfig `yaml:"error_reporting" env:", prefix=AUTHENTIK_ERROR_REPORTING__"`
+	Redis          RedisConfig          `yaml:"redis" env:", prefix=AUTHENTIK_REDIS__"`
+	Outposts       OutpostConfig        `yaml:"outposts" env:", prefix=AUTHENTIK_OUTPOSTS__"`

 	// Config for core and embedded outpost
-	SecretKey string `yaml:"secret_key" env:"AUTHENTIK_SECRET_KEY"`
+	SecretKey string `yaml:"secret_key" env:"AUTHENTIK_SECRET_KEY, overwrite"`

 	// Config for both core and outposts
-	Debug  bool         `yaml:"debug" env:"AUTHENTIK_DEBUG"`
-	Listen ListenConfig `yaml:"listen"`
+	Debug  bool         `yaml:"debug" env:"AUTHENTIK_DEBUG, overwrite"`
+	Listen ListenConfig `yaml:"listen" env:", prefix=AUTHENTIK_LISTEN__"`

 	// Outpost specific config
 	// These are only relevant for proxy/ldap outposts, and cannot be set via YAML
@ -25,24 +25,24 @@ type Config struct {
 }

 type RedisConfig struct {
-	Host     string `yaml:"host" env:"AUTHENTIK_REDIS__HOST"`
-	Port     int    `yaml:"port" env:"AUTHENTIK_REDIS__PORT"`
-	DB       int    `yaml:"db" env:"AUTHENTIK_REDIS__DB"`
-	Username string `yaml:"username" env:"AUTHENTIK_REDIS__USERNAME"`
-	Password string `yaml:"password" env:"AUTHENTIK_REDIS__PASSWORD"`
-	TLS      bool   `yaml:"tls" env:"AUTHENTIK_REDIS__TLS"`
-	TLSReqs  string `yaml:"tls_reqs" env:"AUTHENTIK_REDIS__TLS_REQS"`
+	Host     string `yaml:"host" env:"HOST, overwrite"`
+	Port     int    `yaml:"port" env:"PORT, overwrite"`
+	DB       int    `yaml:"db" env:"DB, overwrite"`
+	Username string `yaml:"username" env:"USERNAME, overwrite"`
+	Password string `yaml:"password" env:"PASSWORD, overwrite"`
+	TLS      bool   `yaml:"tls" env:"TLS, overwrite"`
+	TLSReqs  string `yaml:"tls_reqs" env:"TLS_REQS, overwrite"`
 }

 type ListenConfig struct {
-	HTTP              string   `yaml:"listen_http" env:"AUTHENTIK_LISTEN__HTTP"`
-	HTTPS             string   `yaml:"listen_https" env:"AUTHENTIK_LISTEN__HTTPS"`
-	LDAP              string   `yaml:"listen_ldap" env:"AUTHENTIK_LISTEN__LDAP"`
-	LDAPS             string   `yaml:"listen_ldaps" env:"AUTHENTIK_LISTEN__LDAPS"`
-	Radius            string   `yaml:"listen_radius" env:"AUTHENTIK_LISTEN__RADIUS"`
-	Metrics           string   `yaml:"listen_metrics" env:"AUTHENTIK_LISTEN__METRICS"`
-	Debug             string   `yaml:"listen_debug" env:"AUTHENTIK_LISTEN__DEBUG"`
-	TrustedProxyCIDRs []string `yaml:"trusted_proxy_cidrs" env:"AUTHENTIK_LISTEN__TRUSTED_PROXY_CIDRS"`
+	HTTP              string   `yaml:"listen_http" env:"HTTP, overwrite"`
+	HTTPS             string   `yaml:"listen_https" env:"HTTPS, overwrite"`
+	LDAP              string   `yaml:"listen_ldap" env:"LDAP, overwrite"`
+	LDAPS             string   `yaml:"listen_ldaps" env:"LDAPS, overwrite"`
+	Radius            string   `yaml:"listen_radius" env:"RADIUS, overwrite"`
+	Metrics           string   `yaml:"listen_metrics" env:"METRICS, overwrite"`
+	Debug             string   `yaml:"listen_debug" env:"DEBUG, overwrite"`
+	TrustedProxyCIDRs []string `yaml:"trusted_proxy_cidrs" env:"TRUSTED_PROXY_CIDRS, overwrite"`
 }

 type StorageConfig struct {
@ -59,15 +59,15 @@ type StorageFileConfig struct {
 }

 type ErrorReportingConfig struct {
-	Enabled     bool    `yaml:"enabled" env:"AUTHENTIK_ERROR_REPORTING__ENABLED"`
-	SentryDSN   string  `yaml:"sentry_dsn" env:"AUTHENTIK_ERROR_REPORTING__SENTRY_DSN"`
-	Environment string  `yaml:"environment" env:"AUTHENTIK_ERROR_REPORTING__ENVIRONMENT"`
-	SendPII     bool    `yaml:"send_pii" env:"AUTHENTIK_ERROR_REPORTING__SEND_PII"`
-	SampleRate  float64 `yaml:"sample_rate" env:"AUTHENTIK_ERROR_REPORTING__SAMPLE_RATE"`
+	Enabled     bool    `yaml:"enabled" env:"ENABLED, overwrite"`
+	SentryDSN   string  `yaml:"sentry_dsn" env:"SENTRY_DSN, overwrite"`
+	Environment string  `yaml:"environment" env:"ENVIRONMENT, overwrite"`
+	SendPII     bool    `yaml:"send_pii" env:"SEND_PII, overwrite"`
+	SampleRate  float64 `yaml:"sample_rate" env:"SAMPLE_RATE, overwrite"`
 }

 type OutpostConfig struct {
-	ContainerImageBase     string `yaml:"container_image_base" env:"AUTHENTIK_OUTPOSTS__CONTAINER_IMAGE_BASE"`
-	Discover               bool   `yaml:"discover" env:"AUTHENTIK_OUTPOSTS__DISCOVER"`
-	DisableEmbeddedOutpost bool   `yaml:"disable_embedded_outpost" env:"AUTHENTIK_OUTPOSTS__DISABLE_EMBEDDED_OUTPOST"`
+	ContainerImageBase     string `yaml:"container_image_base" env:"CONTAINER_IMAGE_BASE, overwrite"`
+	Discover               bool   `yaml:"discover" env:"DISCOVER, overwrite"`
+	DisableEmbeddedOutpost bool   `yaml:"disable_embedded_outpost" env:"DISABLE_EMBEDDED_OUTPOST, overwrite"`
 }
--- a/poetry.lock
+++ b/poetry.lock
@ -326,20 +326,6 @@ six = "*"
 [package.extras]
 visualize = ["Twisted (>=16.1.1)", "graphviz (>0.5.1)"]

-[[package]]
-name = "autopep8"
-version = "2.0.4"
-description = "A tool that automatically formats Python code to conform to the PEP 8 style guide"
-optional = false
-python-versions = ">=3.6"
-files = [
-    {file = "autopep8-2.0.4-py2.py3-none-any.whl", hash = "sha256:067959ca4a07b24dbd5345efa8325f5f58da4298dab0dde0443d5ed765de80cb"},
-    {file = "autopep8-2.0.4.tar.gz", hash = "sha256:2913064abd97b3419d1cc83ea71f042cb821f87e45b9c88cad5ad3c4ea87fe0c"},
-]
-
-[package.dependencies]
-pycodestyle = ">=2.10.0"
-
 [[package]]
 name = "bandit"
 version = "1.7.6"
@ -1239,23 +1225,6 @@ redis = ">=3,<4.0.0 || >4.0.0,<4.0.1 || >4.0.1"
 [package.extras]
 hiredis = ["redis[hiredis] (>=3,!=4.0.0,!=4.0.1)"]

-[[package]]
-name = "django-silk"
-version = "5.0.4"
-description = "Silky smooth profiling for the Django Framework"
-optional = false
-python-versions = ">=3.8"
-files = [
-    {file = "django-silk-5.0.4.tar.gz", hash = "sha256:8cbfbc647d182527726d8d52d3fcfa193f4d250f21406c3fb1062efa6fb95c63"},
-    {file = "django_silk-5.0.4-py3-none-any.whl", hash = "sha256:b345d3973d1d382e09735eb525eaf3eebd3edee9a69d1003eb9b01badb2438db"},
-]
-
-[package.dependencies]
-autopep8 = "*"
-Django = ">=3.2"
-gprof2dot = ">=2017.09.19"
-sqlparse = "*"
-
 [[package]]
 name = "django-storages"
 version = "1.14.2"
@ -1665,17 +1634,6 @@ pyopenssl = ["cryptography (>=38.0.3)", "pyopenssl (>=20.0.0)"]
 reauth = ["pyu2f (>=0.1.5)"]
 requests = ["requests (>=2.20.0,<3.0.0.dev0)"]

-[[package]]
-name = "gprof2dot"
-version = "2022.7.29"
-description = "Generate a dot graph from the output of several profilers."
-optional = false
-python-versions = ">=2.7"
-files = [
-    {file = "gprof2dot-2022.7.29-py2.py3-none-any.whl", hash = "sha256:f165b3851d3c52ee4915eb1bd6cca571e5759823c2cd0f71a79bda93c2dc85d6"},
-    {file = "gprof2dot-2022.7.29.tar.gz", hash = "sha256:45b4d298bd36608fccf9511c3fd88a773f7a1abc04d6cd39445b11ba43133ec5"},
-]
-
 [[package]]
 name = "gunicorn"
 version = "21.2.0"
@ -2903,17 +2861,6 @@ files = [
 [package.dependencies]
 pyasn1 = ">=0.4.6,<0.6.0"

-[[package]]
-name = "pycodestyle"
-version = "2.11.1"
-description = "Python style guide checker"
-optional = false
-python-versions = ">=3.8"
-files = [
-    {file = "pycodestyle-2.11.1-py2.py3-none-any.whl", hash = "sha256:44fe31000b2d866f2e41841b18528a505fbd7fef9017b04eff4e2648a0fadc67"},
-    {file = "pycodestyle-2.11.1.tar.gz", hash = "sha256:41ba0e7afc9752dfb53ced5489e89f8186be00e599e712660695b7a75ff2663f"},
-]
-
 [[package]]
 name = "pycparser"
 version = "2.21"
@ -4772,4 +4719,4 @@ files = [
 [metadata]
 lock-version = "2.0"
 python-versions = "~3.12"
-content-hash = "35d3da5f6f7d4e7bc12fc0eca5de73a722cd409fcbec5332b4a96e3f2e0e4e9b"
+content-hash = "872b759c19aa026742ef493c1b13a5f01dc5baab84efe7385163c4bf428b8f8f"
--- a/pyproject.toml
+++ b/pyproject.toml
@ -190,7 +190,6 @@ bump2version = "*"
 colorama = "*"
 coverage = { extras = ["toml"], version = "*" }
 debugpy = "*"
-django-silk = "*"
 drf-jsonschema-serializer = "*"
 freezegun = "*"
 importlib-metadata = "*"
--- a/scripts/docker-compose.yml
+++ b/scripts/docker-compose.yml
@ -31,6 +31,11 @@ services:
      - s3-data:/usr/src/app/localData
      - s3-metadata:/usr/scr/app/localMetadata
    restart: always
+  spotlight:
+    image: ghcr.io/getsentry/spotlight
+    ports:
+      - 127.0.0.1:8969:8969
+    restart: always

 volumes:
  db-data:
--- a/web/package-lock.json
+++ b/web/package-lock.json
@ -24,8 +24,8 @@
                "@open-wc/lit-helpers": "^0.6.0",
                "@patternfly/elements": "^2.4.0",
                "@patternfly/patternfly": "^4.224.2",
-                "@sentry/browser": "^7.92.0",
-                "@sentry/tracing": "^7.92.0",
+                "@sentry/browser": "^7.93.0",
+                "@sentry/tracing": "^7.93.0",
                "@webcomponents/webcomponentsjs": "^2.8.0",
                "base64-js": "^1.5.1",
                "chart.js": "^4.4.1",
@ -62,6 +62,7 @@
                "@rollup/plugin-replace": "^5.0.5",
                "@rollup/plugin-terser": "^0.4.4",
                "@rollup/plugin-typescript": "^11.1.6",
+                "@spotlightjs/spotlight": "^1.2.6",
                "@storybook/addon-essentials": "^7.6.7",
                "@storybook/addon-links": "^7.6.7",
                "@storybook/api": "^7.6.7",
@ -4750,98 +4751,98 @@
            ]
        },
        "node_modules/@sentry-internal/feedback": {
-            "version": "7.92.0",
-            "resolved": "https://registry.npmjs.org/@sentry-internal/feedback/-/feedback-7.92.0.tgz",
-            "integrity": "sha512-/jEALRtVqboxB9kcK2tag8QCO6XANTlGBb9RV3oeGXJe0DDNJXRq6wVZbfgztXJRrfgx4XVDcNt1pRVoGGG++g==",
+            "version": "7.93.0",
+            "resolved": "https://registry.npmjs.org/@sentry-internal/feedback/-/feedback-7.93.0.tgz",
+            "integrity": "sha512-4G7rMeQbYGfCHxEoFroABX+UREYc2BSbFqjLmLbIcWowSpgzcwweLLphWHKOciqK6f7DnNDK0jZzx3u7NrkWHw==",
            "dependencies": {
-                "@sentry/core": "7.92.0",
-                "@sentry/types": "7.92.0",
-                "@sentry/utils": "7.92.0"
+                "@sentry/core": "7.93.0",
+                "@sentry/types": "7.93.0",
+                "@sentry/utils": "7.93.0"
            },
            "engines": {
                "node": ">=12"
            }
        },
        "node_modules/@sentry-internal/tracing": {
-            "version": "7.92.0",
-            "resolved": "https://registry.npmjs.org/@sentry-internal/tracing/-/tracing-7.92.0.tgz",
-            "integrity": "sha512-ur55vPcUUUWFUX4eVLNP71ohswK7ZZpleNZw9Y1GfLqyI+0ILQUwjtzqItJrdClvVsdRZJMRmDV40Hp9Lbb9mA==",
+            "version": "7.93.0",
+            "resolved": "https://registry.npmjs.org/@sentry-internal/tracing/-/tracing-7.93.0.tgz",
+            "integrity": "sha512-DjuhmQNywPp+8fxC9dvhGrqgsUb6wI/HQp25lS2Re7VxL1swCasvpkg8EOYP4iBniVQ86QK0uITkOIRc5tdY1w==",
            "dependencies": {
-                "@sentry/core": "7.92.0",
-                "@sentry/types": "7.92.0",
-                "@sentry/utils": "7.92.0"
+                "@sentry/core": "7.93.0",
+                "@sentry/types": "7.93.0",
+                "@sentry/utils": "7.93.0"
            },
            "engines": {
                "node": ">=8"
            }
        },
        "node_modules/@sentry/browser": {
-            "version": "7.92.0",
-            "resolved": "https://registry.npmjs.org/@sentry/browser/-/browser-7.92.0.tgz",
-            "integrity": "sha512-loMr02/zQ38u8aQhYLtIBg0i5n3ps2e3GUXrt3CdsJQdkRYfa62gcrE7SzvoEpMVHTk7VOI4fWGht8cWw/1k3A==",
+            "version": "7.93.0",
+            "resolved": "https://registry.npmjs.org/@sentry/browser/-/browser-7.93.0.tgz",
+            "integrity": "sha512-MtLTcQ7y3rfk+aIvnnwCfSJvYhTJnIJi+Mf6y/ap6SKObdlsKMbQoJLlRViglGLq+nKxHLAvU0fONiCEmKfV6A==",
            "dependencies": {
-                "@sentry-internal/feedback": "7.92.0",
-                "@sentry-internal/tracing": "7.92.0",
-                "@sentry/core": "7.92.0",
-                "@sentry/replay": "7.92.0",
-                "@sentry/types": "7.92.0",
-                "@sentry/utils": "7.92.0"
+                "@sentry-internal/feedback": "7.93.0",
+                "@sentry-internal/tracing": "7.93.0",
+                "@sentry/core": "7.93.0",
+                "@sentry/replay": "7.93.0",
+                "@sentry/types": "7.93.0",
+                "@sentry/utils": "7.93.0"
            },
            "engines": {
                "node": ">=8"
            }
        },
        "node_modules/@sentry/core": {
-            "version": "7.92.0",
-            "resolved": "https://registry.npmjs.org/@sentry/core/-/core-7.92.0.tgz",
-            "integrity": "sha512-1Tly7YB2I1byI5xb0Cwrxs56Rhww+6mQ7m9P7rTmdC3/ijOzbEoohtYIUPwcooCEarpbEJe/tAayRx6BrH2UbQ==",
+            "version": "7.93.0",
+            "resolved": "https://registry.npmjs.org/@sentry/core/-/core-7.93.0.tgz",
+            "integrity": "sha512-vZQSUiDn73n+yu2fEcH+Wpm4GbRmtxmnXnYCPgM6IjnXqkVm3awWAkzrheADblx3kmxrRiOlTXYHw9NTWs56fg==",
            "dependencies": {
-                "@sentry/types": "7.92.0",
-                "@sentry/utils": "7.92.0"
+                "@sentry/types": "7.93.0",
+                "@sentry/utils": "7.93.0"
            },
            "engines": {
                "node": ">=8"
            }
        },
        "node_modules/@sentry/replay": {
-            "version": "7.92.0",
-            "resolved": "https://registry.npmjs.org/@sentry/replay/-/replay-7.92.0.tgz",
-            "integrity": "sha512-G1t9Uvc9cR8VpNkElwvHIMGzykjIKikb10n0tfVd3e+rBPMCCjCPWOduwG6jZYxcvCjTpqmJh6NSLXxL/Mt4JA==",
+            "version": "7.93.0",
+            "resolved": "https://registry.npmjs.org/@sentry/replay/-/replay-7.93.0.tgz",
+            "integrity": "sha512-dMlLU8v+OkUeGCrPvTu5NriH7BGj3el4rGHWWAYicfJ2QXqTTq50vfasQBP1JeVNcFqnf1y653TdEIvo4RH4tw==",
            "dependencies": {
-                "@sentry-internal/tracing": "7.92.0",
-                "@sentry/core": "7.92.0",
-                "@sentry/types": "7.92.0",
-                "@sentry/utils": "7.92.0"
+                "@sentry-internal/tracing": "7.93.0",
+                "@sentry/core": "7.93.0",
+                "@sentry/types": "7.93.0",
+                "@sentry/utils": "7.93.0"
            },
            "engines": {
                "node": ">=12"
            }
        },
        "node_modules/@sentry/tracing": {
-            "version": "7.92.0",
-            "resolved": "https://registry.npmjs.org/@sentry/tracing/-/tracing-7.92.0.tgz",
-            "integrity": "sha512-1+TFFPVEdax4dNi68gin6MENiyGe9mOuNXfjulrP5eCzUEByus5HAxeDI/LLQ1hArfn048AzwSwKUsS2fO5sbg==",
+            "version": "7.93.0",
+            "resolved": "https://registry.npmjs.org/@sentry/tracing/-/tracing-7.93.0.tgz",
+            "integrity": "sha512-n4XbAQ7e098Jzv4ZvpXAsFgM+XFfjhKci18r7s3UfDMnrB4FTCwhHZoeiygO8PZhB944mEFbNXNFhHkb8nTDbA==",
            "dependencies": {
-                "@sentry-internal/tracing": "7.92.0"
+                "@sentry-internal/tracing": "7.93.0"
            },
            "engines": {
                "node": ">=8"
            }
        },
        "node_modules/@sentry/types": {
-            "version": "7.92.0",
-            "resolved": "https://registry.npmjs.org/@sentry/types/-/types-7.92.0.tgz",
-            "integrity": "sha512-APmSOuZuoRGpbPpPeYIbMSplPjiWNLZRQa73QiXuTflW4Tu/ItDlU8hOa2+A6JKVkJCuD2EN6yUrxDGSMyNXeg==",
+            "version": "7.93.0",
+            "resolved": "https://registry.npmjs.org/@sentry/types/-/types-7.93.0.tgz",
+            "integrity": "sha512-UnzUccNakhFRA/esWBWP+0v7cjNg+RilFBQC03Mv9OEMaZaS29zSbcOGtRzuFOXXLBdbr44BWADqpz3VW0XaNw==",
            "engines": {
                "node": ">=8"
            }
        },
        "node_modules/@sentry/utils": {
-            "version": "7.92.0",
-            "resolved": "https://registry.npmjs.org/@sentry/utils/-/utils-7.92.0.tgz",
-            "integrity": "sha512-3nEfrQ1z28b/2zgFGANPh5yMVtgwXmrasZxTvKbrAj+KWJpjrJHrIR84r9W277J44NMeZ5RhRW2uoDmuBslPnA==",
+            "version": "7.93.0",
+            "resolved": "https://registry.npmjs.org/@sentry/utils/-/utils-7.93.0.tgz",
+            "integrity": "sha512-Iovj7tUnbgSkh/WrAaMrd5UuYjW7AzyzZlFDIUrwidsyIdUficjCG2OIxYzh76H6nYIx9SxewW0R54Q6XoB4uA==",
            "dependencies": {
-                "@sentry/types": "7.92.0"
+                "@sentry/types": "7.93.0"
            },
            "engines": {
                "node": ">=8"
@ -4853,6 +4854,34 @@
            "integrity": "sha512-+Fj43pSMwJs4KRrH/938Uf+uAELIgVBmQzg/q1YG10djyfA3TnrU8N8XzqCh/okZdszqBQTZf96idMfE5lnwTA==",
            "dev": true
        },
+        "node_modules/@spotlightjs/overlay": {
+            "version": "1.2.3",
+            "resolved": "https://registry.npmjs.org/@spotlightjs/overlay/-/overlay-1.2.3.tgz",
+            "integrity": "sha512-JypKrZCXGYp7PbLRTi6phBeMXvHP3ulaZVC829rpg+69tcaUXoGmgkjXDNxgrCfFE+xvi73fZk+bbus45b3C/w==",
+            "dev": true
+        },
+        "node_modules/@spotlightjs/sidecar": {
+            "version": "1.3.3",
+            "resolved": "https://registry.npmjs.org/@spotlightjs/sidecar/-/sidecar-1.3.3.tgz",
+            "integrity": "sha512-bRxizHcAUQS8H2f2jD/qbCTZA9ftjkCC9mMRwG6YRIkAi/3VRxB6hnhYkP1LnkZK8BQC0YtHmnlr8N2GJfwLhA==",
+            "dev": true,
+            "bin": {
+                "spotlight-sidecar": "server.js"
+            }
+        },
+        "node_modules/@spotlightjs/spotlight": {
+            "version": "1.2.6",
+            "resolved": "https://registry.npmjs.org/@spotlightjs/spotlight/-/spotlight-1.2.6.tgz",
+            "integrity": "sha512-MjRnzRFk5IZOAUDlkR/ENiB9uAbDlLAgLt4lIrCX0/v8WHwuS1zHMf65G3PjSYWYgjJ14cT98gMJErFVpCWx4g==",
+            "dev": true,
+            "dependencies": {
+                "@spotlightjs/overlay": "1.2.3",
+                "@spotlightjs/sidecar": "1.3.3"
+            },
+            "bin": {
+                "spotlight-sidecar": "bin/run.js"
+            }
+        },
        "node_modules/@storybook/addon-actions": {
            "version": "7.6.7",
            "resolved": "https://registry.npmjs.org/@storybook/addon-actions/-/addon-actions-7.6.7.tgz",
--- a/web/package.json
+++ b/web/package.json
@ -49,8 +49,8 @@
        "@open-wc/lit-helpers": "^0.6.0",
        "@patternfly/elements": "^2.4.0",
        "@patternfly/patternfly": "^4.224.2",
-        "@sentry/browser": "^7.92.0",
-        "@sentry/tracing": "^7.92.0",
+        "@sentry/browser": "^7.93.0",
+        "@sentry/tracing": "^7.93.0",
        "@webcomponents/webcomponentsjs": "^2.8.0",
        "base64-js": "^1.5.1",
        "chart.js": "^4.4.1",
@ -87,13 +87,14 @@
        "@rollup/plugin-replace": "^5.0.5",
        "@rollup/plugin-terser": "^0.4.4",
        "@rollup/plugin-typescript": "^11.1.6",
+        "@spotlightjs/spotlight": "^1.2.6",
        "@storybook/addon-essentials": "^7.6.7",
        "@storybook/addon-links": "^7.6.7",
        "@storybook/api": "^7.6.7",
        "@storybook/blocks": "^7.6.4",
        "@storybook/manager-api": "^7.6.7",
-        "@storybook/web-components": "^7.6.7",
        "@storybook/web-components-vite": "^7.6.7",
+        "@storybook/web-components": "^7.6.7",
        "@trivago/prettier-plugin-sort-imports": "^4.3.0",
        "@types/chart.js": "^2.9.41",
        "@types/codemirror": "5.60.15",
@ -104,12 +105,12 @@
        "babel-plugin-macros": "^3.1.0",
        "babel-plugin-tsconfig-paths": "^1.0.3",
        "cross-env": "^7.0.3",
-        "eslint": "^8.56.0",
        "eslint-config-google": "^0.14.0",
        "eslint-plugin-custom-elements": "0.0.8",
        "eslint-plugin-lit": "^1.11.0",
        "eslint-plugin-sonarjs": "^0.23.0",
        "eslint-plugin-storybook": "^0.6.15",
+        "eslint": "^8.56.0",
        "lit-analyzer": "^2.0.3",
        "npm-run-all": "^4.1.5",
        "prettier": "^3.1.1",
--- a/web/src/common/sentry.ts
+++ b/web/src/common/sentry.ts
@ -5,7 +5,7 @@ import { me } from "@goauthentik/common/users";
 import * as Sentry from "@sentry/browser";
 import { Integrations } from "@sentry/tracing";

-import { Config, ResponseError } from "@goauthentik/api";
+import { CapabilitiesEnum, Config, ResponseError } from "@goauthentik/api";

 export const TAG_SENTRY_COMPONENT = "authentik.component";
 export const TAG_SENTRY_CAPABILITIES = "authentik.capabilities";
@ -60,6 +60,11 @@ export async function configureSentry(canDoPpi = false): Promise<Config> {
                scope.setTransactionName(`authentik.web.if.${currentInterface()}`),
            );
        }
+        if (cfg.capabilities.includes(CapabilitiesEnum.CanDebug)) {
+            const Spotlight = await import("@spotlightjs/spotlight");
+
+            Spotlight.init({ injectImmediately: true });
+        }
        if (cfg.errorReporting.sendPii && canDoPpi) {
            me().then((user) => {
                Sentry.setUser({ email: user.user.email });
--- a/website/docs/installation/configuration.mdx
+++ b/website/docs/installation/configuration.mdx
@ -124,7 +124,7 @@ To check if your config has been applied correctly, you can run the following co
 -   `AUTHENTIK_LISTEN__LDAPS`: Listening address:port (e.g. `0.0.0.0:6636`) for LDAPS (Applies to LDAP outpost)
 -   `AUTHENTIK_LISTEN__METRICS`: Listening address:port (e.g. `0.0.0.0:9300`) for Prometheus metrics (Applies to All)
 -   `AUTHENTIK_LISTEN__DEBUG`: Listening address:port (e.g. `0.0.0.0:9900`) for Go Debugging metrics (Applies to All)
-   `AUTHENTIK_LISTEN__TRUSTED_PROXY_CIDRS`: List of CIDRs that proxy headers should be accepted from (Applies to Server)
+-   `AUTHENTIK_LISTEN__TRUSTED_PROXY_CIDRS`: List of comma-separated CIDRs that proxy headers should be accepted from (Applies to Server)

    Defaults to `127.0.0.0/8`, `10.0.0.0/8`, `172.16.0.0/12`, `192.168.0.0/16`, `fe80::/10`, `::1/128`.