internal: fix race condition with config loading on startup, add index on debug server
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
This commit is contained in:
parent
7eb6320d74
commit
a9680d6088
|
@ -30,7 +30,7 @@ func main() {
|
|||
},
|
||||
DisableHTMLEscape: true,
|
||||
})
|
||||
go debug.EnableDebugServer()
|
||||
debug.EnableDebugServer()
|
||||
akURL := config.Get().AuthentikHost
|
||||
if akURL == "" {
|
||||
fmt.Println("env AUTHENTIK_HOST not set!")
|
|
@ -33,7 +33,7 @@ func main() {
|
|||
},
|
||||
DisableHTMLEscape: true,
|
||||
})
|
||||
go debug.EnableDebugServer()
|
||||
debug.EnableDebugServer()
|
||||
akURL := config.Get().AuthentikHost
|
||||
if akURL == "" {
|
||||
fmt.Println("env AUTHENTIK_HOST not set!")
|
|
@ -32,9 +32,8 @@ func main() {
|
|||
},
|
||||
DisableHTMLEscape: true,
|
||||
})
|
||||
go debug.EnableDebugServer()
|
||||
debug.EnableDebugServer()
|
||||
l := log.WithField("logger", "authentik.root")
|
||||
config.Get().Setup("./authentik/lib/default.yml", "./local.env.yml")
|
||||
|
||||
if config.Get().ErrorReporting.Enabled {
|
||||
err := sentry.Init(sentry.ClientOptions{
|
||||
|
|
|
@ -18,7 +18,7 @@ var cfg *Config
|
|||
func Get() *Config {
|
||||
if cfg == nil {
|
||||
c := defaultConfig()
|
||||
c.Setup()
|
||||
c.Setup("./authentik/lib/default.yml", "./local.env.yml")
|
||||
cfg = c
|
||||
}
|
||||
return cfg
|
||||
|
|
|
@ -2,13 +2,15 @@ package config
|
|||
|
||||
type Config struct {
|
||||
// Core specific config
|
||||
SecretKey string `yaml:"secret_key" env:"AUTHENTIK_SECRET_KEY"`
|
||||
Paths PathsConfig `yaml:"paths"`
|
||||
LogLevel string `yaml:"log_level" env:"AUTHENTIK_LOG_LEVEL"`
|
||||
ErrorReporting ErrorReportingConfig `yaml:"error_reporting"`
|
||||
Redis RedisConfig `yaml:"redis"`
|
||||
Outposts OutpostConfig `yaml:"outposts"`
|
||||
|
||||
// Config for core and embedded outpost
|
||||
SecretKey string `yaml:"secret_key" env:"AUTHENTIK_SECRET_KEY"`
|
||||
|
||||
// Config for both core and outposts
|
||||
Debug bool `yaml:"debug" env:"AUTHENTIK_DEBUG"`
|
||||
Listen ListenConfig `yaml:"listen"`
|
||||
|
@ -18,6 +20,7 @@ type Config struct {
|
|||
// They are loaded via this config loader to support file:// schemas
|
||||
AuthentikHost string `env:"AUTHENTIK_HOST"`
|
||||
AuthentikToken string `env:"AUTHENTIK_TOKEN"`
|
||||
AuthentikInsecure bool `env:"AUTHENTIK_INSECURE"`
|
||||
}
|
||||
|
||||
type RedisConfig struct {
|
||||
|
|
|
@ -1,11 +1,14 @@
|
|||
package debug
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"net/http"
|
||||
"net/http/pprof"
|
||||
|
||||
"github.com/gorilla/mux"
|
||||
log "github.com/sirupsen/logrus"
|
||||
"goauthentik.io/internal/config"
|
||||
"goauthentik.io/internal/utils/web"
|
||||
)
|
||||
|
||||
func EnableDebugServer() {
|
||||
|
@ -14,11 +17,30 @@ func EnableDebugServer() {
|
|||
l.Info("not enabling debug server, set `AUTHENTIK_DEBUG` to `true` to enable it.")
|
||||
return
|
||||
}
|
||||
h := http.NewServeMux()
|
||||
h := mux.NewRouter()
|
||||
h.HandleFunc("/debug/pprof/", pprof.Index)
|
||||
h.HandleFunc("/debug/pprof/cmdline", pprof.Cmdline)
|
||||
h.HandleFunc("/debug/pprof/profile", pprof.Profile)
|
||||
h.HandleFunc("/debug/pprof/symbol", pprof.Symbol)
|
||||
h.HandleFunc("/debug/pprof/trace", pprof.Trace)
|
||||
l.Println(http.ListenAndServe(config.Get().Listen.Debug, nil))
|
||||
h.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
|
||||
h.Walk(func(route *mux.Route, router *mux.Router, ancestors []*mux.Route) error {
|
||||
tpl, err := route.GetPathTemplate()
|
||||
if err != nil {
|
||||
return nil
|
||||
}
|
||||
w.Write([]byte(fmt.Sprintf("<a href='%[1]s'>%[1]s</a><br>", tpl)))
|
||||
return nil
|
||||
})
|
||||
})
|
||||
go func() {
|
||||
l.WithField("listen", config.Get().Listen.Debug).Info("Starting Debug server")
|
||||
err := http.ListenAndServe(
|
||||
config.Get().Listen.Debug,
|
||||
web.NewLoggingHandler(l, nil)(h),
|
||||
)
|
||||
if l != nil {
|
||||
l.WithError(err).Warn("failed to start debug server")
|
||||
}
|
||||
}()
|
||||
}
|
||||
|
|
|
@ -5,13 +5,13 @@ import (
|
|||
"fmt"
|
||||
"net/http"
|
||||
"net/url"
|
||||
"os"
|
||||
"strconv"
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
"github.com/gorilla/websocket"
|
||||
"github.com/prometheus/client_golang/prometheus"
|
||||
"goauthentik.io/internal/config"
|
||||
"goauthentik.io/internal/constants"
|
||||
)
|
||||
|
||||
|
@ -26,16 +26,11 @@ func (ac *APIController) initWS(akURL url.URL, outpostUUID string) error {
|
|||
"User-Agent": []string{constants.OutpostUserAgent()},
|
||||
}
|
||||
|
||||
value, set := os.LookupEnv("AUTHENTIK_INSECURE")
|
||||
if !set {
|
||||
value = "false"
|
||||
}
|
||||
|
||||
dialer := websocket.Dialer{
|
||||
Proxy: http.ProxyFromEnvironment,
|
||||
HandshakeTimeout: 10 * time.Second,
|
||||
TLSClientConfig: &tls.Config{
|
||||
InsecureSkipVerify: strings.ToLower(value) == "true",
|
||||
InsecureSkipVerify: config.Get().AuthentikInsecure,
|
||||
},
|
||||
}
|
||||
|
||||
|
|
|
@ -3,13 +3,12 @@ package ak
|
|||
import (
|
||||
"fmt"
|
||||
"net/http"
|
||||
"os"
|
||||
"strings"
|
||||
|
||||
"github.com/getsentry/sentry-go"
|
||||
httptransport "github.com/go-openapi/runtime/client"
|
||||
log "github.com/sirupsen/logrus"
|
||||
"goauthentik.io/api/v3"
|
||||
"goauthentik.io/internal/config"
|
||||
"goauthentik.io/internal/constants"
|
||||
sentryutils "goauthentik.io/internal/utils/sentry"
|
||||
webutils "goauthentik.io/internal/utils/web"
|
||||
|
@ -75,12 +74,8 @@ func GetTLSTransport() http.RoundTripper {
|
|||
if tlsTransport != nil {
|
||||
return *tlsTransport
|
||||
}
|
||||
value, set := os.LookupEnv("AUTHENTIK_INSECURE")
|
||||
if !set {
|
||||
value = "false"
|
||||
}
|
||||
tmp, err := httptransport.TLSTransport(httptransport.TLSClientOptions{
|
||||
InsecureSkipVerify: strings.ToLower(value) == "true",
|
||||
InsecureSkipVerify: config.Get().AuthentikInsecure,
|
||||
})
|
||||
if err != nil {
|
||||
panic(err)
|
||||
|
|
Reference in New Issue