This repository has been archived on 2024-05-31. You can view files and clone it, but cannot push or open issues or pull requests.
authentik/passbook/providers/proxy/views.py

97 lines
3.4 KiB
Python

"""passbook proxy views"""
import string
from random import SystemRandom
from urllib.parse import urlparse
from django.contrib.auth.mixins import LoginRequiredMixin
from django.db.models import Model
from django.http import HttpRequest, HttpResponse
from django.shortcuts import get_object_or_404, render
from django.views import View
from guardian.shortcuts import get_objects_for_user
from structlog import get_logger
from yaml import safe_dump
from passbook import __version__
from passbook.core.models import User
from passbook.providers.proxy.models import ProxyProvider
ORIGINAL_URL = "HTTP_X_ORIGINAL_URL"
LOGGER = get_logger()
def get_object_for_user_or_404(user: User, perm: str, **filters) -> Model:
"""Wrapper that combines get_objects_for_user and get_object_or_404"""
return get_object_or_404(get_objects_for_user(user, perm), **filters)
def get_cookie_secret():
"""Generate random 32-character string for cookie-secret"""
return "".join(
SystemRandom().choice(string.ascii_uppercase + string.digits) for _ in range(32)
)
class DockerComposeView(LoginRequiredMixin, View):
"""Generate docker-compose yaml"""
def get_compose(self, provider: ProxyProvider) -> str:
"""Generate docker-compose yaml, version 3.5"""
issuer = provider.get_issuer(self.request)
env = {
"OAUTH2_PROXY_CLIENT_ID": provider.client_id,
"OAUTH2_PROXY_CLIENT_SECRET": provider.client_secret,
"OAUTH2_PROXY_REDIRECT_URL": f"{provider.external_host}/oauth2/callback",
"OAUTH2_PROXY_OIDC_ISSUER_URL": issuer,
"OAUTH2_PROXY_COOKIE_SECRET": get_cookie_secret(),
"OAUTH2_PROXY_UPSTREAMS": provider.internal_host,
}
if urlparse(provider.external_host).scheme != "https":
env["OAUTH2_PROXY_COOKIE_SECURE"] = "false"
compose = {
"version": "3.5",
"services": {
"passbook_gatekeeper": {
"image": f"beryju/passbook-proxy:{__version__}",
"ports": ["4180:4180"],
"environment": env,
}
},
}
return safe_dump(compose, default_flow_style=False)
def get(self, request: HttpRequest, provider_pk: int) -> HttpResponse:
"""Render docker-compose file"""
provider: ProxyProvider = get_object_for_user_or_404(
request.user,
"passbook_providers_proxy.view_applicationgatewayprovider",
pk=provider_pk,
)
response = HttpResponse()
response.content_type = "application/x-yaml"
response.content = self.get_compose(provider.pk)
return response
class K8sManifestView(LoginRequiredMixin, View):
"""Generate K8s Deployment and SVC for gatekeeper"""
def get(self, request: HttpRequest, provider_pk: int) -> HttpResponse:
"""Render deployment template"""
provider: ProxyProvider = get_object_for_user_or_404(
request.user,
"passbook_providers_app_gw.view_applicationgatewayprovider",
pk=provider_pk,
)
return render(
request,
"providers/proxy/k8s-manifest.yaml",
{
"provider": provider,
"cookie_secret": get_cookie_secret(),
"version": __version__,
"issuer": provider.get_issuer(request),
},
content_type="text/yaml",
)