trustchain-oc1-orchestral
/
authentik
Archived
10
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
This repository has been archived on 2024-05-31. You can view files and clone it, but cannot push or open issues or pull requests.
authentik/internal/web/proxy.go

94 lines
2.7 KiB
Go
Raw Normal View History

root: initial go proxy, update compose and helm Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-02 22:49:16 +00:00
package web
import (
internal: improve error handling for internal reverse proxy Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-09 11:33:37 +00:00
"encoding/json"
Embedded outpost (#1193) * api: allow API requests as managed outpost's account when using secret_key Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * root: load secret key from env Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * outposts: make listener IP configurable Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * outpost/proxy: run outpost in background and pass requests conditionally Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * outpost: unify branding to embedded Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: fix embedded outpost not being editable Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web: fix mismatched host detection Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * tests/e2e: fix LDAP test not including user for embedded outpost Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * tests/e2e: fix user matching Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * api: add tests for secret_key auth Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * root: load environment variables using github.com/Netflix/go-env Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-29 09:30:30 +00:00
"fmt"
web/admin: filter out service accounts by default Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-04 16:14:25 +00:00
"net/http"
root: initial go proxy, update compose and helm Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-02 22:49:16 +00:00
"net/http/httputil"
"net/url"
core: metrics v2 (#1370) * outposts: add ldap metrics, move ping to 9100 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * outpost: add flow_executor metrics Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * use port 9300 for metrics, add core metrics port Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * outposts/controllers/k8s: add service monitor creation support Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-09 13:52:24 +00:00
"time"
Embedded outpost (#1193) * api: allow API requests as managed outpost's account when using secret_key Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * root: load secret key from env Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * outposts: make listener IP configurable Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * outpost/proxy: run outpost in background and pass requests conditionally Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * outpost: unify branding to embedded Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: fix embedded outpost not being editable Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web: fix mismatched host detection Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * tests/e2e: fix LDAP test not including user for embedded outpost Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * tests/e2e: fix user matching Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * api: add tests for secret_key auth Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * root: load environment variables using github.com/Netflix/go-env Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-29 09:30:30 +00:00
core: metrics v2 (#1370) * outposts: add ldap metrics, move ping to 9100 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * outpost: add flow_executor metrics Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * use port 9300 for metrics, add core metrics port Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * outposts/controllers/k8s: add service monitor creation support Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-09 13:52:24 +00:00
"github.com/prometheus/client_golang/prometheus"
internal: dont sample gunicorn proxied requests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-16 09:32:21 +00:00
"goauthentik.io/internal/utils/sentry"
root: initial go proxy, update compose and helm Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-02 22:49:16 +00:00
)
func (ws *WebServer) configureProxy() {
// Reverse proxy to the application server
u, _ := url.Parse("http://localhost:8000")
g: set x-forwarded-proto based on upstream TLS Status Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-20 22:03:02 +00:00
director := func(req *http.Request) {
req.URL.Scheme = u.Scheme
req.URL.Host = u.Host
if _, ok := req.Header["User-Agent"]; !ok {
// explicitly disable User-Agent so it's not set to default value
req.Header.Set("User-Agent", "")
}
if req.TLS != nil {
req.Header.Set("X-Forwarded-Proto", "https")
}
internal: trace headers and url for backend requests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-09 11:48:17 +00:00
ws.log.WithField("url", req.URL.String()).WithField("headers", req.Header).Trace("tracing request to backend")
g: set x-forwarded-proto based on upstream TLS Status Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-20 22:03:02 +00:00
}
rp := &httputil.ReverseProxy{Director: director}
web/admin: filter out service accounts by default Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-04 16:14:25 +00:00
rp.ErrorHandler = ws.proxyErrorHandler
core: improve messaging on flow_manager, authenticate user when they linked their account after not having been authenticateed Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-04 16:45:28 +00:00
rp.ModifyResponse = ws.proxyModifyResponse
*: rename akprox to outpost.goauthentik.io (#2266) Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-08 19:25:38 +00:00
ws.m.PathPrefix("/outpost.goauthentik.io").HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {
Embedded outpost (#1193) * api: allow API requests as managed outpost's account when using secret_key Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * root: load secret key from env Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * outposts: make listener IP configurable Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * outpost/proxy: run outpost in background and pass requests conditionally Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * outpost: unify branding to embedded Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: fix embedded outpost not being editable Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web: fix mismatched host detection Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * tests/e2e: fix LDAP test not including user for embedded outpost Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * tests/e2e: fix user matching Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * api: add tests for secret_key auth Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * root: load environment variables using github.com/Netflix/go-env Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-29 09:30:30 +00:00
if ws.ProxyServer != nil {
core: metrics v2 (#1370) * outposts: add ldap metrics, move ping to 9100 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * outpost: add flow_executor metrics Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * use port 9300 for metrics, add core metrics port Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * outposts/controllers/k8s: add service monitor creation support Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-09 13:52:24 +00:00
before := time.Now()
outposts/proxyv2 (#1365) * outposts/proxyv2: initial commit Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> add rs256 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> more stuff Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> add forward auth an sign_out Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> match cookie name Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> re-add support for rs256 for backwards compat Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> add error handler Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> ensure unique user-agent is used Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> set cookie duration based on id_token expiry Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> build proxy v2 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> add ssl Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> add basic auth and custom header support Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> add application cert loading Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> implement whitelist Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> add redis Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> migrate embedded outpost to v2 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> remove old proxy Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> providers/proxy: make token expiration configurable Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> add metrics Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> fix tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * providers/proxy: only allow one redirect URI Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix docker build for proxy Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * remove default port offset Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add AUTHENTIK_HOST_BROWSER Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * tests: fix e2e/integration tests not using proper tags Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * remove references of old port Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix user_attributes not being loaded correctly Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * cleanup dependencies Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * cleanup Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-08 18:04:56 +00:00
ws.ProxyServer.Handle(rw, r)
core: metrics v2 (#1370) * outposts: add ldap metrics, move ping to 9100 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * outpost: add flow_executor metrics Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * use port 9300 for metrics, add core metrics port Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * outposts/controllers/k8s: add service monitor creation support Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-09 13:52:24 +00:00
Requests.With(prometheus.Labels{
"dest": "embedded_outpost",
}).Observe(float64(time.Since(before)))
Embedded outpost (#1193) * api: allow API requests as managed outpost's account when using secret_key Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * root: load secret key from env Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * outposts: make listener IP configurable Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * outpost/proxy: run outpost in background and pass requests conditionally Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * outpost: unify branding to embedded Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: fix embedded outpost not being editable Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web: fix mismatched host detection Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * tests/e2e: fix LDAP test not including user for embedded outpost Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * tests/e2e: fix user matching Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * api: add tests for secret_key auth Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * root: load environment variables using github.com/Netflix/go-env Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-29 09:30:30 +00:00
return
}
ws.proxyErrorHandler(rw, r, fmt.Errorf("proxy not running"))
})
internal: fix routing to embedded outpost Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-16 15:05:27 +00:00
ws.m.Path("/-/health/live/").HandlerFunc(sentry.SentryNoSample(func(rw http.ResponseWriter, r *http.Request) {
Revert "root: handle liveness probe in router (also keep internal one)" This reverts commit dd7cb45733e0425d895d29596108924ec5f2c7b9.
2021-10-12 16:44:08 +00:00
rw.WriteHeader(204)
internal: fix routing to embedded outpost Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-16 15:05:27 +00:00
}))
ws.m.PathPrefix("/").HandlerFunc(sentry.SentryNoSample(func(rw http.ResponseWriter, r *http.Request) {
internal: add internal healthchecking to prevent websocket errors Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-05 20:19:33 +00:00
if !ws.p.IsRunning() {
ws.proxyErrorHandler(rw, r, fmt.Errorf("authentik core not running yet"))
return
}
core: metrics v2 (#1370) * outposts: add ldap metrics, move ping to 9100 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * outpost: add flow_executor metrics Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * use port 9300 for metrics, add core metrics port Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * outposts/controllers/k8s: add service monitor creation support Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-09 13:52:24 +00:00
before := time.Now()
Embedded outpost (#1193) * api: allow API requests as managed outpost's account when using secret_key Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * root: load secret key from env Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * outposts: make listener IP configurable Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * outpost/proxy: run outpost in background and pass requests conditionally Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * outpost: unify branding to embedded Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: fix embedded outpost not being editable Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web: fix mismatched host detection Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * tests/e2e: fix LDAP test not including user for embedded outpost Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * tests/e2e: fix user matching Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * api: add tests for secret_key auth Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * root: load environment variables using github.com/Netflix/go-env Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-29 09:30:30 +00:00
if ws.ProxyServer != nil {
internal: fix routing for requests with querystring signature to embedded outpost Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-18 18:43:01 +00:00
if ws.ProxyServer.HandleHost(rw, r) {
core: metrics v2 (#1370) * outposts: add ldap metrics, move ping to 9100 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * outpost: add flow_executor metrics Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * use port 9300 for metrics, add core metrics port Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * outposts/controllers/k8s: add service monitor creation support Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-09 13:52:24 +00:00
Requests.With(prometheus.Labels{
"dest": "embedded_outpost",
}).Observe(float64(time.Since(before)))
outposts/proxyv2 (#1365) * outposts/proxyv2: initial commit Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> add rs256 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> more stuff Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> add forward auth an sign_out Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> match cookie name Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> re-add support for rs256 for backwards compat Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> add error handler Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> ensure unique user-agent is used Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> set cookie duration based on id_token expiry Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> build proxy v2 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> add ssl Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> add basic auth and custom header support Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> add application cert loading Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> implement whitelist Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> add redis Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> migrate embedded outpost to v2 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> remove old proxy Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> providers/proxy: make token expiration configurable Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> add metrics Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> fix tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * providers/proxy: only allow one redirect URI Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix docker build for proxy Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * remove default port offset Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add AUTHENTIK_HOST_BROWSER Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * tests: fix e2e/integration tests not using proper tags Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * remove references of old port Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix user_attributes not being loaded correctly Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * cleanup dependencies Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * cleanup Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-08 18:04:56 +00:00
return
Embedded outpost (#1193) * api: allow API requests as managed outpost's account when using secret_key Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * root: load secret key from env Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * outposts: make listener IP configurable Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * outpost/proxy: run outpost in background and pass requests conditionally Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * outpost: unify branding to embedded Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: fix embedded outpost not being editable Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web: fix mismatched host detection Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * tests/e2e: fix LDAP test not including user for embedded outpost Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * tests/e2e: fix user matching Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * api: add tests for secret_key auth Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * root: load environment variables using github.com/Netflix/go-env Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-29 09:30:30 +00:00
}
}
core: metrics v2 (#1370) * outposts: add ldap metrics, move ping to 9100 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * outpost: add flow_executor metrics Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * use port 9300 for metrics, add core metrics port Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * outposts/controllers/k8s: add service monitor creation support Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-09 13:52:24 +00:00
Requests.With(prometheus.Labels{
*: add additional prometheus metrics, remove unusable high entropy metrics Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-19 16:08:40 +00:00
"dest": "core",
core: metrics v2 (#1370) * outposts: add ldap metrics, move ping to 9100 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * outpost: add flow_executor metrics Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * use port 9300 for metrics, add core metrics port Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * outposts/controllers/k8s: add service monitor creation support Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-09 13:52:24 +00:00
}).Observe(float64(time.Since(before)))
internal: limit body size Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-17 16:52:12 +00:00
r.Body = http.MaxBytesReader(rw, r.Body, 32*1024*1024)
Embedded outpost (#1193) * api: allow API requests as managed outpost's account when using secret_key Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * root: load secret key from env Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * outposts: make listener IP configurable Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * outpost/proxy: run outpost in background and pass requests conditionally Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * outpost: unify branding to embedded Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: fix embedded outpost not being editable Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web: fix mismatched host detection Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * tests/e2e: fix LDAP test not including user for embedded outpost Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * tests/e2e: fix user matching Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * api: add tests for secret_key auth Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * root: load environment variables using github.com/Netflix/go-env Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-29 09:30:30 +00:00
rp.ServeHTTP(rw, r)
internal: fix routing to embedded outpost Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-16 15:05:27 +00:00
}))
root: initial go proxy, update compose and helm Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-02 22:49:16 +00:00
}
web/admin: filter out service accounts by default Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-04 16:14:25 +00:00
func (ws *WebServer) proxyErrorHandler(rw http.ResponseWriter, req *http.Request, err error) {
internal: trace headers and url for backend requests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-09 11:48:17 +00:00
ws.log.WithError(err).Warning("failed to proxy to backend")
web/admin: filter out service accounts by default Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-04 16:14:25 +00:00
rw.WriteHeader(http.StatusBadGateway)
internal: improve error handling for internal reverse proxy Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-09 11:33:37 +00:00
em := fmt.Sprintf("failed to connect to authentik backend: %v", err)
if !ws.p.IsRunning() {
em = "authentik starting..."
}
// return json if the client asks for json
if req.Header.Get("Accept") == "application/json" {
eem, _ := json.Marshal(map[string]string{
"error": em,
})
em = string(eem)
}
_, err = rw.Write([]byte(em))
internal: add internal healthchecking to prevent websocket errors Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-05 20:19:33 +00:00
if err != nil {
ws.log.WithError(err).Warning("failed to write error message")
}
web/admin: filter out service accounts by default Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-04 16:14:25 +00:00
}
core: improve messaging on flow_manager, authenticate user when they linked their account after not having been authenticateed Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-04 16:45:28 +00:00
func (ws *WebServer) proxyModifyResponse(r *http.Response) error {
internal: don't override server header Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-24 21:05:11 +00:00
r.Header.Set("X-Powered-By", "authentik")
internal: remove uvicorn server header Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-09 11:38:47 +00:00
r.Header.Del("Server")
core: improve messaging on flow_manager, authenticate user when they linked their account after not having been authenticateed Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-04 16:45:28 +00:00
return nil
}