diff --git a/authentik/lib/sentry.py b/authentik/lib/sentry.py index 10057d84e..2b5990604 100644 --- a/authentik/lib/sentry.py +++ b/authentik/lib/sentry.py @@ -1,5 +1,5 @@ """authentik sentry integration""" -from typing import Optional +from typing import Any, Optional from aioredis.errors import ConnectionClosedError, ReplyError from billiard.exceptions import SoftTimeLimitExceeded, WorkerLostError @@ -17,7 +17,7 @@ from ldap3.core.exceptions import LDAPException from redis.exceptions import ConnectionError as RedisConnectionError from redis.exceptions import RedisError, ResponseError from rest_framework.exceptions import APIException -from sentry_sdk import Hub +from sentry_sdk import HttpTransport, Hub from sentry_sdk import init as sentry_sdk_init from sentry_sdk.api import set_tag from sentry_sdk.integrations.celery import CeleryIntegration @@ -30,6 +30,7 @@ from websockets.exceptions import WebSocketException from authentik import __version__, get_build_hash from authentik.lib.config import CONFIG +from authentik.lib.utils.http import authentik_user_agent from authentik.lib.utils.reflection import class_to_path, get_env LOGGER = get_logger() @@ -52,6 +53,14 @@ class SentryIgnoredException(Exception): """Base Class for all errors that are suppressed, and not sent to sentry.""" +class SentryTransport(HttpTransport): + """Custom sentry transport with custom user-agent""" + + def __init__(self, options: dict[str, Any]) -> None: + super().__init__(options) + self._auth = self.parsed_dsn.to_auth(authentik_user_agent()) + + def sentry_init(**sentry_init_kwargs): """Configure sentry SDK""" sentry_env = CONFIG.y("error_reporting.environment", "customer") @@ -72,6 +81,7 @@ def sentry_init(**sentry_init_kwargs): before_send=before_send, traces_sampler=traces_sampler, release=f"authentik@{__version__}", + transport=SentryTransport, **kwargs, ) set_tag("authentik.build_hash", get_build_hash("tagged")) diff --git a/cmd/server/main.go b/cmd/server/main.go index 02b0164a5..a4797c86a 100644 --- a/cmd/server/main.go +++ b/cmd/server/main.go @@ -16,6 +16,7 @@ import ( "goauthentik.io/internal/outpost/ak" "goauthentik.io/internal/outpost/proxyv2" sentryutils "goauthentik.io/internal/utils/sentry" + webutils "goauthentik.io/internal/utils/web" "goauthentik.io/internal/web" "goauthentik.io/internal/web/tenant_tls" ) @@ -55,6 +56,7 @@ func main() { TracesSampler: sentryutils.SamplerFunc(config.G.ErrorReporting.SampleRate), Release: fmt.Sprintf("authentik@%s", constants.VERSION), Environment: config.G.ErrorReporting.Environment, + HTTPTransport: webutils.NewUserAgentTransport(constants.UserAgent(), http.DefaultTransport), IgnoreErrors: []string{ http.ErrAbortHandler.Error(), }, diff --git a/internal/constants/constants.go b/internal/constants/constants.go index ebd885b1b..d0d0f063a 100644 --- a/internal/constants/constants.go +++ b/internal/constants/constants.go @@ -25,4 +25,8 @@ func OutpostUserAgent() string { return fmt.Sprintf("goauthentik.io/outpost/%s", FullVersion()) } +func UserAgent() string { + return fmt.Sprintf("authentik@%s", FullVersion()) +} + const VERSION = "2022.6.3" diff --git a/internal/gounicorn/gounicorn.go b/internal/gounicorn/gounicorn.go index f41f219b3..15d14fcf8 100644 --- a/internal/gounicorn/gounicorn.go +++ b/internal/gounicorn/gounicorn.go @@ -10,7 +10,7 @@ import ( log "github.com/sirupsen/logrus" "goauthentik.io/internal/config" - "goauthentik.io/internal/outpost/ak" + "goauthentik.io/internal/utils/web" ) type GoUnicorn struct { @@ -70,7 +70,7 @@ func (g *GoUnicorn) Start() error { func (g *GoUnicorn) healthcheck() { g.log.Debug("starting healthcheck") h := &http.Client{ - Transport: ak.NewUserAgentTransport("goauthentik.io/proxy/healthcheck", http.DefaultTransport), + Transport: web.NewUserAgentTransport("goauthentik.io/proxy/healthcheck", http.DefaultTransport), } check := func() bool { res, err := h.Get("http://localhost:8000/-/health/live/") diff --git a/internal/outpost/ak/api.go b/internal/outpost/ak/api.go index 68d418c7a..8816247b9 100644 --- a/internal/outpost/ak/api.go +++ b/internal/outpost/ak/api.go @@ -17,6 +17,7 @@ import ( "github.com/prometheus/client_golang/prometheus" "goauthentik.io/api/v3" "goauthentik.io/internal/constants" + "goauthentik.io/internal/utils/web" log "github.com/sirupsen/logrus" ) @@ -54,7 +55,7 @@ func NewAPIController(akURL url.URL, token string) *APIController { config.Host = akURL.Host config.Scheme = akURL.Scheme config.HTTPClient = &http.Client{ - Transport: NewUserAgentTransport(constants.OutpostUserAgent(), NewTracingTransport(rsp.Context(), GetTLSTransport())), + Transport: web.NewUserAgentTransport(constants.OutpostUserAgent(), web.NewTracingTransport(rsp.Context(), GetTLSTransport())), } config.AddDefaultHeader("Authorization", fmt.Sprintf("Bearer %s", token)) diff --git a/internal/outpost/ak/global.go b/internal/outpost/ak/global.go index 1b7136fd8..c8142f69b 100644 --- a/internal/outpost/ak/global.go +++ b/internal/outpost/ak/global.go @@ -12,6 +12,7 @@ import ( "goauthentik.io/api/v3" "goauthentik.io/internal/constants" sentryutils "goauthentik.io/internal/utils/sentry" + webutils "goauthentik.io/internal/utils/web" ) var initialSetup = false @@ -52,6 +53,7 @@ func doGlobalSetup(outpost api.Outpost, globalConfig *api.Config) { Environment: globalConfig.ErrorReporting.Environment, TracesSampler: sentryutils.SamplerFunc(float64(globalConfig.ErrorReporting.TracesSampleRate)), Release: fmt.Sprintf("authentik@%s", constants.VERSION), + HTTPTransport: webutils.NewUserAgentTransport(constants.OutpostUserAgent(), http.DefaultTransport), IgnoreErrors: []string{ http.ErrAbortHandler.Error(), }, diff --git a/internal/outpost/flow/executor.go b/internal/outpost/flow/executor.go index 25f2d5e76..d3cac8021 100644 --- a/internal/outpost/flow/executor.go +++ b/internal/outpost/flow/executor.go @@ -17,6 +17,7 @@ import ( "goauthentik.io/api/v3" "goauthentik.io/internal/constants" "goauthentik.io/internal/outpost/ak" + "goauthentik.io/internal/utils/web" ) var ( @@ -56,7 +57,7 @@ func NewFlowExecutor(ctx context.Context, flowSlug string, refConfig *api.Config l.WithError(err).Warning("Failed to create cookiejar") panic(err) } - transport := ak.NewUserAgentTransport(constants.OutpostUserAgent(), ak.NewTracingTransport(rsp.Context(), ak.GetTLSTransport())) + transport := web.NewUserAgentTransport(constants.OutpostUserAgent(), web.NewTracingTransport(rsp.Context(), ak.GetTLSTransport())) fe := &FlowExecutor{ Params: url.Values{}, Answers: make(map[StageComponent]string), diff --git a/internal/outpost/proxyv2/application/mode_proxy.go b/internal/outpost/proxyv2/application/mode_proxy.go index 5d9f907ae..af967e1e3 100644 --- a/internal/outpost/proxyv2/application/mode_proxy.go +++ b/internal/outpost/proxyv2/application/mode_proxy.go @@ -11,7 +11,6 @@ import ( "github.com/getsentry/sentry-go" "github.com/prometheus/client_golang/prometheus" log "github.com/sirupsen/logrus" - "goauthentik.io/internal/outpost/ak" "goauthentik.io/internal/outpost/proxyv2/metrics" "goauthentik.io/internal/utils/web" ) @@ -30,7 +29,7 @@ func (a *Application) configureProxy() error { } rp := &httputil.ReverseProxy{Director: a.proxyModifyRequest(u)} rsp := sentry.StartSpan(context.TODO(), "authentik.outposts.proxy.application_transport") - rp.Transport = ak.NewTracingTransport(rsp.Context(), a.getUpstreamTransport()) + rp.Transport = web.NewTracingTransport(rsp.Context(), a.getUpstreamTransport()) rp.ErrorHandler = a.newProxyErrorHandler() rp.ModifyResponse = a.proxyModifyResponse a.mux.PathPrefix("/").HandlerFunc(func(rw http.ResponseWriter, r *http.Request) { diff --git a/internal/outpost/proxyv2/refresh.go b/internal/outpost/proxyv2/refresh.go index 5fa8372ac..e9c05a177 100644 --- a/internal/outpost/proxyv2/refresh.go +++ b/internal/outpost/proxyv2/refresh.go @@ -9,6 +9,7 @@ import ( "goauthentik.io/internal/constants" "goauthentik.io/internal/outpost/ak" "goauthentik.io/internal/outpost/proxyv2/application" + "goauthentik.io/internal/utils/web" ) func (ps *ProxyServer) Refresh() error { @@ -24,7 +25,7 @@ func (ps *ProxyServer) Refresh() error { rsp := sentry.StartSpan(context.Background(), "authentik.outposts.proxy.application_ss") ua := fmt.Sprintf(" (provider=%s)", provider.Name) hc := &http.Client{ - Transport: ak.NewUserAgentTransport(constants.OutpostUserAgent()+ua, ak.NewTracingTransport(rsp.Context(), ak.GetTLSTransport())), + Transport: web.NewUserAgentTransport(constants.OutpostUserAgent()+ua, web.NewTracingTransport(rsp.Context(), ak.GetTLSTransport())), } a, err := application.NewApplication(provider, hc, ps.cryptoStore, ps.akAPI) if err != nil { diff --git a/internal/outpost/ak/http_tracing.go b/internal/utils/web/http_tracing.go similarity index 98% rename from internal/outpost/ak/http_tracing.go rename to internal/utils/web/http_tracing.go index c4225eefa..96c9a5211 100644 --- a/internal/outpost/ak/http_tracing.go +++ b/internal/utils/web/http_tracing.go @@ -1,4 +1,4 @@ -package ak +package web import ( "context" diff --git a/internal/outpost/ak/http_user_agent.go b/internal/utils/web/http_user_agent.go similarity index 96% rename from internal/outpost/ak/http_user_agent.go rename to internal/utils/web/http_user_agent.go index 114323bef..6aab988b5 100644 --- a/internal/outpost/ak/http_user_agent.go +++ b/internal/utils/web/http_user_agent.go @@ -1,4 +1,4 @@ -package ak +package web import ( "net/http" diff --git a/website/docs/releases/v2022.6.md b/website/docs/releases/v2022.6.md index cd3f0d45b..1e51a39e8 100644 --- a/website/docs/releases/v2022.6.md +++ b/website/docs/releases/v2022.6.md @@ -78,7 +78,7 @@ slug: "2022.6" - web/elements: add spinner when loading dynamic routes - web/flows: add divider to identification stage for security key - web/flows: fix error when webauthn operations failed and user retries -- web/flows: remove autofocus from password field of identifications tage +- web/flows: remove autofocus from password field of identifications stage ## Upgrading