authentik/authentik/root/asgi.py

"""
ASGI config for authentik project.

It exposes the ASGI callable as a module-level variable named ``application``.

For more information on this file, see
https://docs.djangoproject.com/en/3.0/howto/deployment/asgi/
"""
import typing
from time import time

import django
from asgiref.compatibility import guarantee_single_callable
from channels.routing import ProtocolTypeRouter, URLRouter
from defusedxml import defuse_stdlib
from django.core.asgi import get_asgi_application
from sentry_sdk.integrations.asgi import SentryAsgiMiddleware
from structlog.stdlib import get_logger

from authentik.core.middleware import RESPONSE_HEADER_ID

# DJANGO_SETTINGS_MODULE is set in gunicorn.conf.py

defuse_stdlib()
django.setup()

# pylint: disable=wrong-import-position
from authentik.root import websocket  # noqa  # isort:skip


# See https://github.com/encode/starlette/blob/master/starlette/types.py
Scope = typing.MutableMapping[str, typing.Any]
Message = typing.MutableMapping[str, typing.Any]

Receive = typing.Callable[[], typing.Awaitable[Message]]
Send = typing.Callable[[Message], typing.Awaitable[None]]

ASGIApp = typing.Callable[[Scope, Receive, Send], typing.Awaitable[None]]

ASGI_IP_HEADERS = (
    b"x-forwarded-for",
    b"x-real-ip",
)

LOGGER = get_logger("authentik.asgi")


class ASGILogger:
    """ASGI Logger, instantiated for each request"""

    app: ASGIApp

    status_code: int
    start: float

    def __init__(self, app: ASGIApp):
        self.app = app

    async def __call__(self, scope: Scope, receive: Receive, send: Send) -> None:
        content_length = 0
        request_id = ""

        async def send_hooked(message: Message) -> None:
            """Hooked send method, which records status code and content-length, and for the final
            requests logs it"""
            headers = dict(message.get("headers", []))
            if "status" in message:
                self.status_code = message["status"]

            if b"Content-Length" in headers:
                nonlocal content_length
                content_length += int(headers.get(b"Content-Length", b"0"))

            if message["type"] == "http.response.start":
                response_headers = dict(message["headers"])
                nonlocal request_id
                request_id = response_headers.get(
                    RESPONSE_HEADER_ID.encode(), b""
                ).decode()

            if message["type"] == "http.response.body" and not message.get(
                "more_body", True
            ):
                runtime = int((time() - self.start) * 1000)
                self.log(scope, runtime, content_length, request_id=request_id)
            await send(message)

        self.start = time()
        if scope["type"] == "lifespan":
            # https://code.djangoproject.com/ticket/31508
            # https://github.com/encode/uvicorn/issues/266
            return
        await self.app(scope, receive, send_hooked)

    def _get_ip(self, scope: Scope) -> str:
        client_ip = None
        headers = dict(scope.get("headers", []))
        for header in ASGI_IP_HEADERS:
            if header in headers:
                client_ip = headers[header].decode()
        if not client_ip:
            client_ip, _ = scope.get("client", ("", 0))
        # Check if header has multiple values, and use the first one
        return client_ip.split(", ")[0]

    def log(self, scope: Scope, content_length: int, runtime: float, **kwargs):
        """Outpot access logs in a structured format"""
        host = self._get_ip(scope)
        query_string = ""
        if scope.get("query_string", b"") != b"":
            query_string = f"?{scope.get('query_string').decode()}"
        LOGGER.info(
            f"{scope.get('path', '')}{query_string}",
            host=host,
            method=scope.get("method", ""),
            scheme=scope.get("scheme", ""),
            status=self.status_code,
            size=content_length / 1000 if content_length > 0 else 0,
            runtime=runtime,
            **kwargs,
        )


application = ASGILogger(
    guarantee_single_callable(
        SentryAsgiMiddleware(
            ProtocolTypeRouter(
                {
                    "http": get_asgi_application(),
                    "websocket": URLRouter(websocket.websocket_urlpatterns),
                }
            )
        )
    )
)
Proxy v2 (#189) 2020-09-02 22:04:12 +00:00			`"""`
wip: rename to authentik (#361) * root: initial rename * web: rename custom element prefix * root: rename external functions with pb_ prefix * root: fix formatting * root: replace domain with goauthentik.io * proxy: update path * root: rename remaining prefixes * flows: rename file extension * root: pbadmin -> akadmin * docs: fix image filenames * lifecycle: ignore migration files * ci: copy default config from current source before loading last tagged * : new sentry dsn tests: fix missing python3.9-dev package * root: add additional migrations for service accounts created by outposts * core: mark system-created service accounts with attribute * policies/expression: fix pb_ replacement not working * web: fix last linting errors, add lit-analyse * policies/expressions: fix lint errors * web: fix sidebar display on screens where not all items fit * proxy: attempt to fix proxy pipeline * proxy: use go env GOPATH to get gopath * lib: fix user_default naming inconsistency * docs: add upgrade docs * docs: update screenshots to use authentik * admin: fix create button on empty-state of outpost * web: fix modal submit not refreshing SiteShell and Table * web: fix height of app-card and height of generic icon * web: fix rendering of subtext * admin: fix version check error not being caught * web: fix worker count not being shown * docs: update screenshots * root: new icon * web: fix lint error * admin: fix linting error * root: migrate coverage config to pyproject 2020-12-05 21:08:42 +00:00			`ASGI config for authentik project.`
Proxy v2 (#189) 2020-09-02 22:04:12 +00:00
			It exposes the ASGI callable as a module-level variable named ``application``.

			`For more information on this file, see`
			`https://docs.djangoproject.com/en/3.0/howto/deployment/asgi/`
			`"""`
			`import typing`
			`from time import time`

			`import django`
			`from asgiref.compatibility import guarantee_single_callable`
root: fix websockets not working correctly 2020-11-11 13:48:19 +00:00			`from channels.routing import ProtocolTypeRouter, URLRouter`
Proxy v2 (#189) 2020-09-02 22:04:12 +00:00			`from defusedxml import defuse_stdlib`
build(deps): bump channels from 2.4.0 to 3.0.0 (#309) * build(deps): bump channels from 2.4.0 to 3.0.0 Bumps [channels](https://github.com/django/channels) from 2.4.0 to 3.0.0. - [Release notes](https://github.com/django/channels/releases) - [Changelog](https://github.com/django/channels/blob/master/CHANGELOG.txt) - [Commits](https://github.com/django/channels/compare/2.4.0...3.0.0) Signed-off-by: dependabot[bot] <support@github.com> * root: update for channels 3 Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org> 2020-11-02 09:26:26 +00:00			`from django.core.asgi import get_asgi_application`
Proxy v2 (#189) 2020-09-02 22:04:12 +00:00			`from sentry_sdk.integrations.asgi import SentryAsgiMiddleware`
build(deps): bump structlog from 20.1.0 to 20.2.0 (#445) * build(deps): bump structlog from 20.1.0 to 20.2.0 Bumps [structlog](https://github.com/hynek/structlog) from 20.1.0 to 20.2.0. - [Release notes](https://github.com/hynek/structlog/releases) - [Changelog](https://github.com/hynek/structlog/blob/master/CHANGELOG.rst) - [Commits](https://github.com/hynek/structlog/compare/20.1.0...20.2.0) Signed-off-by: dependabot[bot] <support@github.com> * *: use structlog.stdlib instead of structlog for type-hints Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-01-01 14:39:43 +00:00			`from structlog.stdlib import get_logger`
Proxy v2 (#189) 2020-09-02 22:04:12 +00:00
root: fix request_id not being logged for actual asgi requests 2021-02-16 18:14:08 +00:00			`from authentik.core.middleware import RESPONSE_HEADER_ID`

root: fix websockets not working correctly 2020-11-11 13:48:19 +00:00			`# DJANGO_SETTINGS_MODULE is set in gunicorn.conf.py`
Proxy v2 (#189) 2020-09-02 22:04:12 +00:00
			`defuse_stdlib()`
			`django.setup()`

root: fix asgi import order 2020-11-11 21:35:40 +00:00			`# pylint: disable=wrong-import-position`
wip: rename to authentik (#361) * root: initial rename * web: rename custom element prefix * root: rename external functions with pb_ prefix * root: fix formatting * root: replace domain with goauthentik.io * proxy: update path * root: rename remaining prefixes * flows: rename file extension * root: pbadmin -> akadmin * docs: fix image filenames * lifecycle: ignore migration files * ci: copy default config from current source before loading last tagged * : new sentry dsn tests: fix missing python3.9-dev package * root: add additional migrations for service accounts created by outposts * core: mark system-created service accounts with attribute * policies/expression: fix pb_ replacement not working * web: fix last linting errors, add lit-analyse * policies/expressions: fix lint errors * web: fix sidebar display on screens where not all items fit * proxy: attempt to fix proxy pipeline * proxy: use go env GOPATH to get gopath * lib: fix user_default naming inconsistency * docs: add upgrade docs * docs: update screenshots to use authentik * admin: fix create button on empty-state of outpost * web: fix modal submit not refreshing SiteShell and Table * web: fix height of app-card and height of generic icon * web: fix rendering of subtext * admin: fix version check error not being caught * web: fix worker count not being shown * docs: update screenshots * root: new icon * web: fix lint error * admin: fix linting error * root: migrate coverage config to pyproject 2020-12-05 21:08:42 +00:00			`from authentik.root import websocket # noqa # isort:skip`
root: fix asgi import order 2020-11-11 21:35:40 +00:00

Proxy v2 (#189) 2020-09-02 22:04:12 +00:00			`# See https://github.com/encode/starlette/blob/master/starlette/types.py`
			`Scope = typing.MutableMapping[str, typing.Any]`
			`Message = typing.MutableMapping[str, typing.Any]`

			`Receive = typing.Callable[[], typing.Awaitable[Message]]`
			`Send = typing.Callable[[Message], typing.Awaitable[None]]`

			`ASGIApp = typing.Callable[[Scope, Receive, Send], typing.Awaitable[None]]`

root: fix IP detection in ASGI logger, attempt to fix out of order issues 2020-09-10 14:58:25 +00:00			`ASGI_IP_HEADERS = (`
			`b"x-forwarded-for",`
			`b"x-real-ip",`
			`)`

wip: rename to authentik (#361) * root: initial rename * web: rename custom element prefix * root: rename external functions with pb_ prefix * root: fix formatting * root: replace domain with goauthentik.io * proxy: update path * root: rename remaining prefixes * flows: rename file extension * root: pbadmin -> akadmin * docs: fix image filenames * lifecycle: ignore migration files * ci: copy default config from current source before loading last tagged * : new sentry dsn tests: fix missing python3.9-dev package * root: add additional migrations for service accounts created by outposts * core: mark system-created service accounts with attribute * policies/expression: fix pb_ replacement not working * web: fix last linting errors, add lit-analyse * policies/expressions: fix lint errors * web: fix sidebar display on screens where not all items fit * proxy: attempt to fix proxy pipeline * proxy: use go env GOPATH to get gopath * lib: fix user_default naming inconsistency * docs: add upgrade docs * docs: update screenshots to use authentik * admin: fix create button on empty-state of outpost * web: fix modal submit not refreshing SiteShell and Table * web: fix height of app-card and height of generic icon * web: fix rendering of subtext * admin: fix version check error not being caught * web: fix worker count not being shown * docs: update screenshots * root: new icon * web: fix lint error * admin: fix linting error * root: migrate coverage config to pyproject 2020-12-05 21:08:42 +00:00			`LOGGER = get_logger("authentik.asgi")`
Proxy v2 (#189) 2020-09-02 22:04:12 +00:00

			`class ASGILogger:`
			`"""ASGI Logger, instantiated for each request"""`

			`app: ASGIApp`

			`status_code: int`
			`start: float`

			`def __init__(self, app: ASGIApp):`
			`self.app = app`

			`async def __call__(self, scope: Scope, receive: Receive, send: Send) -> None:`
root: further cleanup in asgi logger Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-03-18 00:22:23 +00:00			`content_length = 0`
			`request_id = ""`
Proxy v2 (#189) 2020-09-02 22:04:12 +00:00
root: fix IP detection in ASGI logger, attempt to fix out of order issues 2020-09-10 14:58:25 +00:00			`async def send_hooked(message: Message) -> None:`
			`"""Hooked send method, which records status code and content-length, and for the final`
			`requests logs it"""`
			`headers = dict(message.get("headers", []))`
			`if "status" in message:`
			`self.status_code = message["status"]`

			`if b"Content-Length" in headers:`
root: further cleanup in asgi logger Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-03-18 00:22:23 +00:00			`nonlocal content_length`
			`content_length += int(headers.get(b"Content-Length", b"0"))`
root: fix IP detection in ASGI logger, attempt to fix out of order issues 2020-09-10 14:58:25 +00:00
root: fix request_id not being logged for actual asgi requests 2021-02-16 18:14:08 +00:00			`if message["type"] == "http.response.start":`
			`response_headers = dict(message["headers"])`
root: further cleanup in asgi logger Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-03-18 00:22:23 +00:00			`nonlocal request_id`
			`request_id = response_headers.get(`
root: fix request_id not being logged for actual asgi requests 2021-02-16 18:14:08 +00:00			`RESPONSE_HEADER_ID.encode(), b""`
			`).decode()`

root: fix asgi formatting 2020-11-24 11:36:54 +00:00			`if message["type"] == "http.response.body" and not message.get(`
root: fix request_id not being logged for actual asgi requests 2021-02-16 18:14:08 +00:00			`"more_body", True`
root: fix asgi formatting 2020-11-24 11:36:54 +00:00			`):`
root: log runtime in milliseconds 2021-02-09 22:33:25 +00:00			`runtime = int((time() - self.start) * 1000)`
root: further cleanup in asgi logger Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-03-18 00:22:23 +00:00			`self.log(scope, runtime, content_length, request_id=request_id)`
root: fix IP detection in ASGI logger, attempt to fix out of order issues 2020-09-10 14:58:25 +00:00			`await send(message)`

Proxy v2 (#189) 2020-09-02 22:04:12 +00:00			`self.start = time()`
asgi: ignore lifespan requests, remove healthcheck events from sentry 2020-09-06 14:51:50 +00:00			`if scope["type"] == "lifespan":`
			`# https://code.djangoproject.com/ticket/31508`
			`# https://github.com/encode/uvicorn/issues/266`
			`return`
build(deps): bump uvicorn from 0.13.0 to 0.13.1 (#390) * build(deps): bump uvicorn from 0.13.0 to 0.13.1 Bumps [uvicorn](https://github.com/encode/uvicorn) from 0.13.0 to 0.13.1. - [Release notes](https://github.com/encode/uvicorn/releases) - [Changelog](https://github.com/encode/uvicorn/blob/master/CHANGELOG.md) - [Commits](https://github.com/encode/uvicorn/compare/0.13.0...0.13.1) Signed-off-by: dependabot[bot] <support@github.com> * root: remove asgi workaround when websocket is closed during connect Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org> 2020-12-14 09:05:07 +00:00			`await self.app(scope, receive, send_hooked)`
Proxy v2 (#189) 2020-09-02 22:04:12 +00:00
root: fix concurrency logging issues Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-03-17 17:20:00 +00:00			`def _get_ip(self, scope: Scope) -> str:`
root: fix IP detection when using multiple reverse proxies 2020-09-20 11:36:23 +00:00			`client_ip = None`
root: further cleanup in asgi logger Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-03-18 00:22:23 +00:00			`headers = dict(scope.get("headers", []))`
root: fix IP detection in ASGI logger, attempt to fix out of order issues 2020-09-10 14:58:25 +00:00			`for header in ASGI_IP_HEADERS:`
root: further cleanup in asgi logger Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-03-18 00:22:23 +00:00			`if header in headers:`
			`client_ip = headers[header].decode()`
root: fix IP detection when using multiple reverse proxies 2020-09-20 11:36:23 +00:00			`if not client_ip:`
root: fix concurrency logging issues Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-03-17 17:20:00 +00:00			`client_ip, _ = scope.get("client", ("", 0))`
root: fix IP detection when using multiple reverse proxies 2020-09-20 11:36:23 +00:00			`# Check if header has multiple values, and use the first one`
			`return client_ip.split(", ")[0]`
Proxy v2 (#189) 2020-09-02 22:04:12 +00:00
root: further cleanup in asgi logger Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-03-18 00:22:23 +00:00			`def log(self, scope: Scope, content_length: int, runtime: float, **kwargs):`
Proxy v2 (#189) 2020-09-02 22:04:12 +00:00			`"""Outpot access logs in a structured format"""`
root: fix concurrency logging issues Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-03-17 17:20:00 +00:00			`host = self._get_ip(scope)`
Proxy v2 (#189) 2020-09-02 22:04:12 +00:00			`query_string = ""`
root: fix concurrency logging issues Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-03-17 17:20:00 +00:00			`if scope.get("query_string", b"") != b"":`
			`query_string = f"?{scope.get('query_string').decode()}"`
Proxy v2 (#189) 2020-09-02 22:04:12 +00:00			`LOGGER.info(`
root: fix concurrency logging issues Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-03-17 17:20:00 +00:00			`f"{scope.get('path', '')}{query_string}",`
Proxy v2 (#189) 2020-09-02 22:04:12 +00:00			`host=host,`
root: fix concurrency logging issues Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-03-17 17:20:00 +00:00			`method=scope.get("method", ""),`
			`scheme=scope.get("scheme", ""),`
Proxy v2 (#189) 2020-09-02 22:04:12 +00:00			`status=self.status_code,`
root: further cleanup in asgi logger Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-03-18 00:22:23 +00:00			`size=content_length / 1000 if content_length > 0 else 0,`
Proxy v2 (#189) 2020-09-02 22:04:12 +00:00			`runtime=runtime,`
root: fix request_id not being logged for actual asgi requests 2021-02-16 18:14:08 +00:00			`**kwargs,`
Proxy v2 (#189) 2020-09-02 22:04:12 +00:00			`)`


root/asgi: hide healthcheck logs from sentry 2020-09-10 15:29:13 +00:00			`application = ASGILogger(`
root: fix websockets not working correctly 2020-11-11 13:48:19 +00:00			`guarantee_single_callable(`
			`SentryAsgiMiddleware(`
			`ProtocolTypeRouter(`
			`{`
			`"http": get_asgi_application(),`
			`"websocket": URLRouter(websocket.websocket_urlpatterns),`
			`}`
			`)`
			`)`
			`)`
Proxy v2 (#189) 2020-09-02 22:04:12 +00:00			`)`