3c1b70c355
* outposts/proxyv2: initial commit Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> add rs256 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> more stuff Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> add forward auth an sign_out Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> match cookie name Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> re-add support for rs256 for backwards compat Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> add error handler Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> ensure unique user-agent is used Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> set cookie duration based on id_token expiry Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> build proxy v2 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> add ssl Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> add basic auth and custom header support Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> add application cert loading Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> implement whitelist Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> add redis Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> migrate embedded outpost to v2 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> remove old proxy Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> providers/proxy: make token expiration configurable Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> add metrics Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> fix tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * providers/proxy: only allow one redirect URI Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix docker build for proxy Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * remove default port offset Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add AUTHENTIK_HOST_BROWSER Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * tests: fix e2e/integration tests not using proper tags Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * remove references of old port Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix user_attributes not being loaded correctly Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * cleanup dependencies Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * cleanup Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
107 lines
2.3 KiB
Go
107 lines
2.3 KiB
Go
package web
|
|
|
|
import (
|
|
"context"
|
|
"errors"
|
|
"net"
|
|
"net/http"
|
|
|
|
"github.com/gorilla/handlers"
|
|
"github.com/gorilla/mux"
|
|
"github.com/pires/go-proxyproto"
|
|
log "github.com/sirupsen/logrus"
|
|
"goauthentik.io/internal/config"
|
|
"goauthentik.io/internal/outpost/proxyv2"
|
|
)
|
|
|
|
type WebServer struct {
|
|
Bind string
|
|
BindTLS bool
|
|
|
|
LegacyProxy bool
|
|
|
|
stop chan struct{} // channel for waiting shutdown
|
|
|
|
ProxyServer *proxyv2.ProxyServer
|
|
|
|
m *mux.Router
|
|
lh *mux.Router
|
|
log *log.Entry
|
|
}
|
|
|
|
func NewWebServer() *WebServer {
|
|
l := log.WithField("logger", "authentik.g.web")
|
|
mainHandler := mux.NewRouter()
|
|
if config.G.ErrorReporting.Enabled {
|
|
mainHandler.Use(recoveryMiddleware())
|
|
}
|
|
mainHandler.Use(handlers.ProxyHeaders)
|
|
mainHandler.Use(handlers.CompressHandler)
|
|
logginRouter := mainHandler.NewRoute().Subrouter()
|
|
logginRouter.Use(loggingMiddleware(l))
|
|
|
|
ws := &WebServer{
|
|
LegacyProxy: true,
|
|
|
|
m: mainHandler,
|
|
lh: logginRouter,
|
|
log: l,
|
|
}
|
|
ws.configureStatic()
|
|
ws.configureProxy()
|
|
return ws
|
|
}
|
|
|
|
func (ws *WebServer) Start() {
|
|
go ws.listenPlain()
|
|
go ws.listenTLS()
|
|
}
|
|
|
|
func (ws *WebServer) Shutdown() {
|
|
ws.stop <- struct{}{}
|
|
}
|
|
|
|
func (ws *WebServer) listenPlain() {
|
|
ln, err := net.Listen("tcp", config.G.Web.Listen)
|
|
if err != nil {
|
|
ws.log.WithError(err).Fatalf("failed to listen")
|
|
}
|
|
ws.log.WithField("addr", config.G.Web.Listen).Info("Running")
|
|
|
|
proxyListener := &proxyproto.Listener{Listener: ln}
|
|
defer proxyListener.Close()
|
|
|
|
ws.serve(proxyListener)
|
|
|
|
ws.log.WithField("addr", config.G.Web.Listen).Info("Running")
|
|
err = http.ListenAndServe(config.G.Web.Listen, ws.m)
|
|
if err != nil && !errors.Is(err, http.ErrServerClosed) {
|
|
ws.log.Errorf("ERROR: http.Serve() - %s", err)
|
|
}
|
|
}
|
|
|
|
func (ws *WebServer) serve(listener net.Listener) {
|
|
srv := &http.Server{
|
|
Handler: ws.m,
|
|
}
|
|
|
|
// See https://golang.org/pkg/net/http/#Server.Shutdown
|
|
idleConnsClosed := make(chan struct{})
|
|
go func() {
|
|
<-ws.stop // wait notification for stopping server
|
|
|
|
// We received an interrupt signal, shut down.
|
|
if err := srv.Shutdown(context.Background()); err != nil {
|
|
// Error from closing listeners, or context timeout:
|
|
ws.log.Printf("HTTP server Shutdown: %v", err)
|
|
}
|
|
close(idleConnsClosed)
|
|
}()
|
|
|
|
err := srv.Serve(listener)
|
|
if err != nil && !errors.Is(err, http.ErrServerClosed) {
|
|
ws.log.Errorf("ERROR: http.Serve() - %s", err)
|
|
}
|
|
<-idleConnsClosed
|
|
}
|