root: more code merging

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2021-06-29 16:21:00 +02:00
parent ce49d7ea5b
commit ff42663d3c
14 changed files with 64 additions and 80 deletions

View file

@ -1,7 +1,6 @@
package main
import (
"errors"
"fmt"
"net/url"
"os"
@ -40,48 +39,67 @@ func main() {
u, _ := url.Parse("http://localhost:8000")
g := gounicorn.NewGoUnicorn()
ws := web.NewWebServer()
defer g.Kill()
defer ws.Shutdown()
for {
g := gounicorn.NewGoUnicorn()
go attemptStartBackend(g)
go attemptStartBackend(g, ex)
ws.Start()
go attemptProxyStart(u, ex)
ws := web.NewWebServer()
ws.Run()
proxy :=
<-ex
ws.Stop()
<-ex
log.WithField("logger", "authentik").Debug("shutting down webserver")
ws.Shutdown()
log.WithField("logger", "authentik").Debug("killing gunicorn")
g.Kill()
}
go func() {
maxTries := 100
attempt := 0
for {
err := attemptProxyStart(u, ex)
if err != nil {
attempt += 1
time.Sleep(5 * time.Second)
if attempt > maxTries {
break
}
}
}
}()
}
func attemptStartBackend(g *gounicorn.GoUnicorn) error {
func attemptStartBackend(g *gounicorn.GoUnicorn, exitSignal chan os.Signal) error {
for {
err := g.Start()
log.WithField("logger", "authentik.g").WithError(err).Warning("gunicorn process died, restarting")
select {
case <-exitSignal:
return nil
default:
log.WithField("logger", "authentik.g").WithError(err).Warning("gunicorn process died, restarting")
}
}
}
func attemptProxyStart(u *url.URL, exitSignal chan os.Signal) (*ak.APIController, error) {
ac := ak.NewAPIController(*u, config.G.SecretKey)
if ac == nil {
return nil, errors.New("failed to start")
func attemptProxyStart(u *url.URL, exitSignal chan os.Signal) error {
maxTries := 100
attempt := 0
for {
log.WithField("logger", "authentik").Debug("attempting to init outpost")
ac := ak.NewAPIController(*u, config.G.SecretKey)
if ac == nil {
attempt += 1
time.Sleep(1 * time.Second)
if attempt > maxTries {
break
}
continue
}
ac.Server = proxy.NewServer(ac)
err := ac.Start()
log.WithField("logger", "authentik").Debug("attempting to start outpost")
if err != nil {
attempt += 1
time.Sleep(5 * time.Second)
if attempt > maxTries {
break
}
continue
}
select {
case <-exitSignal:
ac.Shutdown()
return nil
default:
break
}
}
ac.Server = proxy.NewServer(ac)
return ac, nil
return nil
}

View file

@ -13,7 +13,7 @@ import (
"github.com/pkg/errors"
"github.com/recws-org/recws"
"goauthentik.io/internal/constants"
"goauthentik.io/outpost/api"
"goauthentik.io/api"
log "github.com/sirupsen/logrus"
)

View file

@ -3,7 +3,7 @@ package ak
import (
"context"
"goauthentik.io/outpost/api"
"goauthentik.io/api"
)
func (a *APIController) Update() ([]api.ProxyOutpostConfig, error) {

View file

@ -13,9 +13,9 @@ import (
goldap "github.com/go-ldap/ldap/v3"
"github.com/nmcclain/ldap"
"goauthentik.io/api"
"goauthentik.io/internal/constants"
"goauthentik.io/internal/outpost/ak"
"goauthentik.io/outpost/api"
)
const ContextUserKey = "ak_user"

View file

@ -8,7 +8,7 @@ import (
"strings"
"github.com/nmcclain/ldap"
"goauthentik.io/outpost/api"
"goauthentik.io/api"
)
func (pi *ProviderInstance) SearchMe(user api.User, searchReq ldap.SearchRequest, conn net.Conn) (ldap.ServerSearchResult, error) {

View file

@ -5,7 +5,7 @@ import (
"github.com/go-openapi/strfmt"
log "github.com/sirupsen/logrus"
"goauthentik.io/outpost/api"
"goauthentik.io/api"
"goauthentik.io/internal/outpost/ak"
"github.com/nmcclain/ldap"

View file

@ -4,7 +4,7 @@ import (
"fmt"
"github.com/nmcclain/ldap"
"goauthentik.io/outpost/api"
"goauthentik.io/api"
)
func AKAttrsToLDAP(attrs interface{}) []*ldap.EntryAttribute {

View file

@ -4,7 +4,7 @@ import (
"net/url"
log "github.com/sirupsen/logrus"
"goauthentik.io/outpost/api"
"goauthentik.io/api"
)
func (s *Server) Refresh() error {

View file

@ -15,7 +15,7 @@ import (
"github.com/oauth2-proxy/oauth2-proxy/pkg/middleware"
"github.com/oauth2-proxy/oauth2-proxy/pkg/validation"
log "github.com/sirupsen/logrus"
"goauthentik.io/outpost/api"
"goauthentik.io/api"
)
type providerBundle struct {

View file

@ -21,7 +21,7 @@ import (
"github.com/oauth2-proxy/oauth2-proxy/pkg/sessions"
"github.com/oauth2-proxy/oauth2-proxy/pkg/upstream"
"github.com/oauth2-proxy/oauth2-proxy/providers"
"goauthentik.io/outpost/api"
"goauthentik.io/api"
log "github.com/sirupsen/logrus"
)

View file

@ -47,12 +47,12 @@ func NewWebServer() *WebServer {
return ws
}
func (ws *WebServer) Run() {
ws.listenPlain()
ws.listenTLS()
func (ws *WebServer) Start() {
go ws.listenPlain()
go ws.listenTLS()
}
func (ws *WebServer) Stop() {
func (ws *WebServer) Shutdown() {
ws.stop <- struct{}{}
}

View file

@ -1,2 +0,0 @@
Dockerfile.*
.git

View file

@ -1,5 +0,0 @@
all: clean
clean:
go mod tidy
go clean .

View file

@ -1,27 +0,0 @@
# authentik outpost
[![CI Build status](https://img.shields.io/azure-devops/build/beryjuorg/authentik/8?style=flat-square)](https://dev.azure.com/beryjuorg/authentik/_build?definitionId=8)
![Docker pulls (proxy)](https://img.shields.io/docker/pulls/beryju/authentik-proxy.svg?style=flat-square)
![Docker pulls (ldap)](https://img.shields.io/docker/pulls/beryju/authentik-ldap.svg?style=flat-square)
Reverse Proxy based on [oauth2_proxy](https://github.com/oauth2-proxy/oauth2-proxy), completely managed and monitored by authentik.
LDAP Server using [ldap](https://github.com/nmcclain/ldap), completely managed and monitored by authentik.
## Usage
authentik Outpost is built to be configured by authentik itself, hence the only options you can directly give it are connection params.
The following environment variable are implemented:
`AUTHENTIK_HOST`: Full URL to the authentik instance with protocol, i.e. "https://authentik.company.tld"
`AUTHENTIK_TOKEN`: Token used to authenticate against authentik. This is generated after an Outpost instance is created.
`AUTHENTIK_INSECURE`: This environment variable can optionally be set to ignore the SSL Certificate of the authentik instance. Applies to both HTTP and WS connections.
## Development
authentik outpost uses an auto-generated API Client to communicate with authentik. This client is not kept in git. To generate the client locally, run `make gen-outpost` in the root directory of the repo.
Afterwards you can build the outpost like any other Go project, using `go build ./cmd/proxy/server.go` or `go build ./cmd/ldap/server.go`.