authentik/internal/web/web_proxy.go

package web

import (
	"net/http"
	"net/http/httputil"
	"net/url"
)

func (ws *WebServer) configureProxy() {
	// Reverse proxy to the application server
	u, _ := url.Parse("http://localhost:8000")
	director := func(req *http.Request) {
		req.URL.Scheme = u.Scheme
		req.URL.Host = u.Host
		if _, ok := req.Header["User-Agent"]; !ok {
			// explicitly disable User-Agent so it's not set to default value
			req.Header.Set("User-Agent", "")
		}
		if req.TLS != nil {
			req.Header.Set("X-Forwarded-Proto", "https")
		}
	}
	rp := &httputil.ReverseProxy{Director: director}
	rp.ErrorHandler = ws.proxyErrorHandler
	rp.ModifyResponse = ws.proxyModifyResponse
	ws.m.PathPrefix("/").Handler(rp)
}

func (ws *WebServer) proxyErrorHandler(rw http.ResponseWriter, req *http.Request, err error) {
	ws.log.WithError(err).Warning("proxy error")
	rw.WriteHeader(http.StatusBadGateway)
}

func (ws *WebServer) proxyModifyResponse(r *http.Response) error {
	r.Header.Set("X-authentik-from", "authentik")
	return nil
}
root: initial go proxy, update compose and helm Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-05-02 22:49:16 +00:00			`package web`

			`import (`
web/admin: filter out service accounts by default Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-05-04 16:14:25 +00:00			`"net/http"`
root: initial go proxy, update compose and helm Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-05-02 22:49:16 +00:00			`"net/http/httputil"`
			`"net/url"`
			`)`

			`func (ws *WebServer) configureProxy() {`
			`// Reverse proxy to the application server`
			`u, _ := url.Parse("http://localhost:8000")`
g: set x-forwarded-proto based on upstream TLS Status Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-05-20 22:03:02 +00:00			`director := func(req *http.Request) {`
			`req.URL.Scheme = u.Scheme`
			`req.URL.Host = u.Host`
			`if _, ok := req.Header["User-Agent"]; !ok {`
			`// explicitly disable User-Agent so it's not set to default value`
			`req.Header.Set("User-Agent", "")`
			`}`
			`if req.TLS != nil {`
			`req.Header.Set("X-Forwarded-Proto", "https")`
			`}`
			`}`
			`rp := &httputil.ReverseProxy{Director: director}`
web/admin: filter out service accounts by default Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-05-04 16:14:25 +00:00			`rp.ErrorHandler = ws.proxyErrorHandler`
core: improve messaging on flow_manager, authenticate user when they linked their account after not having been authenticateed Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-05-04 16:45:28 +00:00			`rp.ModifyResponse = ws.proxyModifyResponse`
root: initial go proxy, update compose and helm Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-05-02 22:49:16 +00:00			`ws.m.PathPrefix("/").Handler(rp)`
			`}`
web/admin: filter out service accounts by default Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-05-04 16:14:25 +00:00
			`func (ws WebServer) proxyErrorHandler(rw http.ResponseWriter, req http.Request, err error) {`
			`ws.log.WithError(err).Warning("proxy error")`
			`rw.WriteHeader(http.StatusBadGateway)`
			`}`
core: improve messaging on flow_manager, authenticate user when they linked their account after not having been authenticateed Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-05-04 16:45:28 +00:00
			`func (ws WebServer) proxyModifyResponse(r http.Response) error {`
			`r.Header.Set("X-authentik-from", "authentik")`
			`return nil`
			`}`