outposts/proxy: make templates more re-usable
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer
parent
37ee555c8e
commit
cac5c7b3ea
|
|
@ -5,6 +5,7 @@ import (
|
||||||
"crypto/tls"
|
"crypto/tls"
|
||||||
"encoding/gob"
|
"encoding/gob"
|
||||||
"fmt"
|
"fmt"
|
||||||
|
"html/template"
|
||||||
"net/http"
|
"net/http"
|
||||||
"net/url"
|
"net/url"
|
||||||
"regexp"
|
"regexp"
|
||||||
|
|
@ -24,6 +25,7 @@ import (
|
||||||
"goauthentik.io/internal/outpost/proxyv2/constants"
|
"goauthentik.io/internal/outpost/proxyv2/constants"
|
||||||
"goauthentik.io/internal/outpost/proxyv2/hs256"
|
"goauthentik.io/internal/outpost/proxyv2/hs256"
|
||||||
"goauthentik.io/internal/outpost/proxyv2/metrics"
|
"goauthentik.io/internal/outpost/proxyv2/metrics"
|
||||||
|
"goauthentik.io/internal/outpost/proxyv2/templates"
|
||||||
"goauthentik.io/internal/utils/web"
|
"goauthentik.io/internal/utils/web"
|
||||||
"golang.org/x/oauth2"
|
"golang.org/x/oauth2"
|
||||||
)
|
)
|
||||||
|
|
@ -44,6 +46,8 @@ type Application struct {
|
||||||
|
|
||||||
log *log.Entry
|
log *log.Entry
|
||||||
mux *mux.Router
|
mux *mux.Router
|
||||||
|
|
||||||
|
errorTemplates *template.Template
|
||||||
}
|
}
|
||||||
|
|
||||||
func NewApplication(p api.ProxyOutpostConfig, c *http.Client, cs *ak.CryptoStore, ak *ak.APIController) (*Application, error) {
|
func NewApplication(p api.ProxyOutpostConfig, c *http.Client, cs *ak.CryptoStore, ak *ak.APIController) (*Application, error) {
|
||||||
|
|
@ -79,15 +83,16 @@ func NewApplication(p api.ProxyOutpostConfig, c *http.Client, cs *ak.CryptoStore
|
||||||
}
|
}
|
||||||
mux := mux.NewRouter()
|
mux := mux.NewRouter()
|
||||||
a := &Application{
|
a := &Application{
|
||||||
Host: externalHost.Host,
|
Host: externalHost.Host,
|
||||||
log: log.WithField("logger", "authentik.outpost.proxy.bundle").WithField("provider", p.Name),
|
log: log.WithField("logger", "authentik.outpost.proxy.bundle").WithField("provider", p.Name),
|
||||||
outpostName: ak.Outpost.Name,
|
outpostName: ak.Outpost.Name,
|
||||||
endpint: endpoint,
|
endpint: endpoint,
|
||||||
oauthConfig: oauth2Config,
|
oauthConfig: oauth2Config,
|
||||||
tokenVerifier: verifier,
|
tokenVerifier: verifier,
|
||||||
proxyConfig: p,
|
proxyConfig: p,
|
||||||
httpClient: c,
|
httpClient: c,
|
||||||
mux: mux,
|
mux: mux,
|
||||||
|
errorTemplates: templates.GetTemplates(),
|
||||||
}
|
}
|
||||||
a.sessions = a.getStore(p)
|
a.sessions = a.getStore(p)
|
||||||
mux.Use(web.NewLoggingHandler(muxLogger, func(l *log.Entry, r *http.Request) *log.Entry {
|
mux.Use(web.NewLoggingHandler(muxLogger, func(l *log.Entry, r *http.Request) *log.Entry {
|
||||||
|
|
|
||||||
|
|
@ -2,33 +2,38 @@ package application
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"fmt"
|
"fmt"
|
||||||
"html/template"
|
|
||||||
"net/http"
|
"net/http"
|
||||||
|
|
||||||
log "github.com/sirupsen/logrus"
|
log "github.com/sirupsen/logrus"
|
||||||
)
|
)
|
||||||
|
|
||||||
// NewProxyErrorHandler creates a ProxyErrorHandler using the template given.
|
type ErrorPageData struct {
|
||||||
func (a *Application) newProxyErrorHandler(errorTemplate *template.Template) func(http.ResponseWriter, *http.Request, error) {
|
Title string
|
||||||
return func(rw http.ResponseWriter, req *http.Request, proxyErr error) {
|
Message string
|
||||||
claims, _ := a.getClaims(req)
|
ProxyPrefix string
|
||||||
log.WithError(proxyErr).Warning("Error proxying to upstream server")
|
}
|
||||||
rw.WriteHeader(http.StatusBadGateway)
|
|
||||||
data := struct {
|
func (a *Application) ErrorPage(rw http.ResponseWriter, r *http.Request, err string) {
|
||||||
Title string
|
claims, _ := a.getClaims(r)
|
||||||
Message string
|
data := ErrorPageData{
|
||||||
ProxyPrefix string
|
Title: "Bad Gateway",
|
||||||
}{
|
Message: "Error proxying to upstream server",
|
||||||
Title: "Bad Gateway",
|
ProxyPrefix: "/akprox",
|
||||||
Message: "Error proxying to upstream server",
|
}
|
||||||
ProxyPrefix: "/akprox",
|
if claims != nil && len(err) > 0 {
|
||||||
}
|
data.Message = err
|
||||||
if claims != nil {
|
}
|
||||||
data.Message = fmt.Sprintf("Error proxying to upstream server: %s", proxyErr.Error())
|
er := a.errorTemplates.Execute(rw, data)
|
||||||
}
|
if er != nil {
|
||||||
err := errorTemplate.Execute(rw, data)
|
http.Error(rw, "Internal Server Error", http.StatusInternalServerError)
|
||||||
if err != nil {
|
}
|
||||||
http.Error(rw, "Internal Server Error", http.StatusInternalServerError)
|
}
|
||||||
}
|
|
||||||
|
// NewProxyErrorHandler creates a ProxyErrorHandler using the template given.
|
||||||
|
func (a *Application) newProxyErrorHandler() func(http.ResponseWriter, *http.Request, error) {
|
||||||
|
return func(rw http.ResponseWriter, req *http.Request, proxyErr error) {
|
||||||
|
log.WithError(proxyErr).Warning("Error proxying to upstream server")
|
||||||
|
rw.WriteHeader(http.StatusBadGateway)
|
||||||
|
a.ErrorPage(rw, req, fmt.Sprintf("Error proxying to upstream server: %s", proxyErr.Error()))
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -13,7 +13,6 @@ import (
|
||||||
log "github.com/sirupsen/logrus"
|
log "github.com/sirupsen/logrus"
|
||||||
"goauthentik.io/internal/outpost/ak"
|
"goauthentik.io/internal/outpost/ak"
|
||||||
"goauthentik.io/internal/outpost/proxyv2/metrics"
|
"goauthentik.io/internal/outpost/proxyv2/metrics"
|
||||||
"goauthentik.io/internal/outpost/proxyv2/templates"
|
|
||||||
"goauthentik.io/internal/utils/web"
|
"goauthentik.io/internal/utils/web"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
@ -32,7 +31,7 @@ func (a *Application) configureProxy() error {
|
||||||
rp := &httputil.ReverseProxy{Director: a.proxyModifyRequest(u)}
|
rp := &httputil.ReverseProxy{Director: a.proxyModifyRequest(u)}
|
||||||
rsp := sentry.StartSpan(context.TODO(), "authentik.outposts.proxy.application_transport")
|
rsp := sentry.StartSpan(context.TODO(), "authentik.outposts.proxy.application_transport")
|
||||||
rp.Transport = ak.NewTracingTransport(rsp.Context(), a.getUpstreamTransport())
|
rp.Transport = ak.NewTracingTransport(rsp.Context(), a.getUpstreamTransport())
|
||||||
rp.ErrorHandler = a.newProxyErrorHandler(templates.GetTemplates())
|
rp.ErrorHandler = a.newProxyErrorHandler()
|
||||||
rp.ModifyResponse = a.proxyModifyResponse
|
rp.ModifyResponse = a.proxyModifyResponse
|
||||||
a.mux.PathPrefix("/").HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {
|
a.mux.PathPrefix("/").HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {
|
||||||
claims, err := a.getClaims(r)
|
claims, err := a.getClaims(r)
|
||||||
|
|
|
||||||
|
|
@ -10,7 +10,7 @@ import (
|
||||||
var ErrorTemplate string
|
var ErrorTemplate string
|
||||||
|
|
||||||
func GetTemplates() *template.Template {
|
func GetTemplates() *template.Template {
|
||||||
t, err := template.New("foo").Parse(ErrorTemplate)
|
t, err := template.New("authentik.outpost.proxy.errors").Parse(ErrorTemplate)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Fatalf("failed parsing template %s", err)
|
log.Fatalf("failed parsing template %s", err)
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Reference in a new issue