outposts/ldap: improve logging of client IPs

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

internal/outpost/flow.go

@@ -16,6 +16,7 @@ import (
 	"goauthentik.io/api"
 	"goauthentik.io/internal/constants"
 	"goauthentik.io/internal/outpost/ak"
+	"goauthentik.io/internal/utils"
 )
 
 type StageComponent string
@@ -63,6 +64,8 @@ func NewFlowExecutor(ctx context.Context, flowSlug string, refConfig *api.Config
 		Jar:       jar,
 		Transport: ak.NewTracingTransport(ctx, ak.GetTLSTransport()),
 	}
+	token := strings.Split(refConfig.DefaultHeader["Authorization"], " ")[1]
+	config.AddDefaultHeader(HeaderAuthentikOutpostToken, token)
 	apiClient := api.NewAPIClient(config)
 	return &FlowExecutor{
 		Params:   url.Values{},
@@ -71,7 +74,7 @@ func NewFlowExecutor(ctx context.Context, flowSlug string, refConfig *api.Config
 		api:      apiClient,
 		flowSlug: flowSlug,
 		log:      l,
-		token:    strings.Split(refConfig.DefaultHeader["Authorization"], " ")[1],
+		token:    token,
 		sp:       rsp,
 	}
 }
@@ -87,13 +90,7 @@ type ChallengeInt interface {
 }
 
 func (fe *FlowExecutor) DelegateClientIP(a net.Addr) {
-	host, _, err := net.SplitHostPort(a.String())
+	fe.api.GetConfig().AddDefaultHeader(HeaderAuthentikRemoteIP, utils.GetIP(a))
-	if err != nil {
-		fe.log.WithError(err).Warning("Failed to get remote IP")
-		return
-	}
-	fe.api.GetConfig().AddDefaultHeader(HeaderAuthentikRemoteIP, host)
-	fe.api.GetConfig().AddDefaultHeader(HeaderAuthentikOutpostToken, fe.token)
 }
 
 func (fe *FlowExecutor) CheckApplicationAccess(appSlug string) (bool, error) {

internal/outpost/ldap/bind.go

@@ -9,6 +9,7 @@ import (
 	"github.com/google/uuid"
 	"github.com/nmcclain/ldap"
 	log "github.com/sirupsen/logrus"
+	"goauthentik.io/internal/utils"
 )
 
 type BindRequest struct {
@@ -33,7 +34,7 @@ func (ls *LDAPServer) Bind(bindDN string, bindPW string, conn net.Conn) (ldap.LD
 		BindDN: bindDN,
 		BindPW: bindPW,
 		conn:   conn,
-		log:    ls.log.WithField("bindDN", bindDN).WithField("requestId", rid).WithField("client", conn.RemoteAddr().String()),
+		log:    ls.log.WithField("bindDN", bindDN).WithField("requestId", rid).WithField("client", utils.GetIP(conn.RemoteAddr())),
 		id:     rid,
 		ctx:    span.Context(),
 	}

internal/outpost/ldap/instance_bind.go

@@ -11,6 +11,7 @@ import (
 	log "github.com/sirupsen/logrus"
 	"goauthentik.io/api"
 	"goauthentik.io/internal/outpost"
+	"goauthentik.io/internal/utils"
 )
 
 const ContextUserKey = "ak_user"
@@ -36,7 +37,7 @@ func (pi *ProviderInstance) getUsername(dn string) (string, error) {
 func (pi *ProviderInstance) Bind(username string, req BindRequest) (ldap.LDAPResultCode, error) {
 	fe := outpost.NewFlowExecutor(req.ctx, pi.flowSlug, pi.s.ac.Client.GetConfig(), log.Fields{
 		"bindDN":    req.BindDN,
-		"client":    req.conn.RemoteAddr().String(),
+		"client":    utils.GetIP(req.conn.RemoteAddr()),
 		"requestId": req.id,
 	})
 	fe.DelegateClientIP(req.conn.RemoteAddr())

internal/outpost/ldap/search.go

@@ -11,6 +11,7 @@ import (
 	"github.com/google/uuid"
 	"github.com/nmcclain/ldap"
 	log "github.com/sirupsen/logrus"
+	"goauthentik.io/internal/utils"
 )
 
 type SearchRequest struct {
@@ -35,7 +36,7 @@ func (ls *LDAPServer) Search(bindDN string, searchReq ldap.SearchRequest, conn n
 		SearchRequest: searchReq,
 		BindDN:        bindDN,
 		conn:          conn,
-		log:           ls.log.WithField("bindDN", bindDN).WithField("requestId", rid).WithField("client", conn.RemoteAddr().String()).WithField("filter", searchReq.Filter).WithField("baseDN", searchReq.BaseDN),
+		log:           ls.log.WithField("bindDN", bindDN).WithField("requestId", rid).WithField("client", utils.GetIP(conn.RemoteAddr())).WithField("filter", searchReq.Filter).WithField("baseDN", searchReq.BaseDN),
 		id:            rid,
 		ctx:           span.Context(),
 	}

internal/utils/net.go

@@ -0,0 +1,13 @@
+package utils
+
+import "net"
+
+func GetIP(addr net.Addr) string {
+	switch addr := addr.(type) {
+	case *net.UDPAddr:
+		return addr.IP.String()
+	case *net.TCPAddr:
+		return addr.IP.String()
+	}
+	return ""
+}