This repository has been archived on 2024-05-31. You can view files and clone it, but cannot push or open issues or pull requests.
authentik/internal/outpost/radius/handler.go
Jens L 3f5effb1bc
providers/radius: simple radius outpost (#1796)
* initial implementation

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* cleanup

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add migrations

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix web

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* minor fixes

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* use search-select

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update locale

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fixup

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix ip with port being sent to delegated ip

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add radius tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update docs

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-03-20 16:54:35 +01:00

80 lines
1.8 KiB
Go

package radius
import (
"crypto/sha512"
"github.com/getsentry/sentry-go"
"github.com/google/uuid"
"github.com/prometheus/client_golang/prometheus"
log "github.com/sirupsen/logrus"
"goauthentik.io/internal/outpost/radius/metrics"
"goauthentik.io/internal/utils"
"layeh.com/radius"
)
type RadiusRequest struct {
*radius.Request
log *log.Entry
id string
span *sentry.Span
pi *ProviderInstance
}
func (r *RadiusRequest) Log() *log.Entry {
return r.log
}
func (r *RadiusRequest) RemoteAddr() string {
return utils.GetIP(r.Request.RemoteAddr)
}
func (r *RadiusRequest) ID() string {
return r.id
}
func (rs *RadiusServer) ServeRADIUS(w radius.ResponseWriter, r *radius.Request) {
span := sentry.StartSpan(r.Context(), "authentik.providers.radius.connect",
sentry.TransactionName("authentik.providers.radius.connect"))
rid := uuid.New().String()
span.SetTag("request_uid", rid)
rl := rs.log.WithField("code", r.Code.String()).WithField("request", rid)
selectedApp := ""
defer func() {
span.Finish()
metrics.Requests.With(prometheus.Labels{
"outpost_name": rs.ac.Outpost.Name,
"app": selectedApp,
}).Observe(float64(span.EndTime.Sub(span.StartTime)))
}()
nr := &RadiusRequest{
Request: r,
log: rl,
id: rid,
span: span,
}
rl.Info("Radius Request")
// Lookup provider by shared secret
var pi *ProviderInstance
for _, p := range rs.providers {
if string(p.SharedSecret) == string(r.Secret) {
pi = p
selectedApp = pi.appSlug
break
}
}
if pi == nil {
nr.Log().WithField("hashed_secret", string(sha512.New().Sum(r.Secret))).Warning("No provider found")
_ = w.Write(r.Response(radius.CodeAccessReject))
return
}
nr.pi = pi
if nr.Code == radius.CodeAccessRequest {
rs.Handle_AccessRequest(w, nr)
}
}