From 4d51ec906d7c1815045f8352715a264df1c812f0 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Wed, 13 Oct 2021 21:48:11 +0200 Subject: [PATCH] internal/proxyv2: improve error handling when configuring app Signed-off-by: Jens Langhammer --- .../outpost/proxyv2/application/application.go | 16 +++++++++------- internal/outpost/proxyv2/refresh.go | 8 ++++++-- 2 files changed, 15 insertions(+), 9 deletions(-) diff --git a/internal/outpost/proxyv2/application/application.go b/internal/outpost/proxyv2/application/application.go index a78b81b89..3d0104a40 100644 --- a/internal/outpost/proxyv2/application/application.go +++ b/internal/outpost/proxyv2/application/application.go @@ -3,6 +3,7 @@ package application import ( "crypto/tls" "encoding/gob" + "fmt" "net/http" "net/url" "regexp" @@ -12,6 +13,7 @@ import ( "github.com/coreos/go-oidc" "github.com/gorilla/mux" "github.com/gorilla/sessions" + "github.com/pkg/errors" "github.com/prometheus/client_golang/prometheus" log "github.com/sirupsen/logrus" "goauthentik.io/api" @@ -41,12 +43,13 @@ type Application struct { mux *mux.Router } -func NewApplication(p api.ProxyOutpostConfig, c *http.Client, cs *ak.CryptoStore, ak *ak.APIController) *Application { +func NewApplication(p api.ProxyOutpostConfig, c *http.Client, cs *ak.CryptoStore, ak *ak.APIController) (*Application, error) { gob.Register(Claims{}) + muxLogger := log.WithField("logger", "authentik.outpost.proxyv2.application").WithField("name", p.Name) externalHost, err := url.Parse(p.ExternalHost) if err != nil { - log.WithError(err).Warning("Failed to parse URL, skipping provider") + return nil, fmt.Errorf("failed to parse URL, skipping provider") } ks := hs256.NewKeySet(*p.ClientSecret) @@ -78,7 +81,6 @@ func NewApplication(p api.ProxyOutpostConfig, c *http.Client, cs *ak.CryptoStore mux: mux, } a.sessions = a.getStore(p) - muxLogger := log.WithField("logger", "authentik.outpost.proxyv2.application").WithField("name", p.Name) mux.Use(web.NewLoggingHandler(muxLogger, func(l *log.Entry, r *http.Request) *log.Entry { s, err := a.sessions.Get(r, constants.SeesionName) if err != nil { @@ -130,13 +132,13 @@ func NewApplication(p api.ProxyOutpostConfig, c *http.Client, cs *ak.CryptoStore err = a.configureForward() } if err != nil { - a.log.WithError(err).Warning("failed to configure mode") + return nil, errors.Wrap(err, "failed to configure application mode") } if kp := p.Certificate.Get(); kp != nil { err := cs.AddKeypair(*kp) if err != nil { - a.log.WithError(err).Warning("Failed to initially fetch certificate") + return nil, errors.Wrap(err, "failed to initially fetch certificate") } a.Cert = cs.Get(*kp) } @@ -147,13 +149,13 @@ func NewApplication(p api.ProxyOutpostConfig, c *http.Client, cs *ak.CryptoStore re, err := regexp.Compile(regex) if err != nil { // TODO: maybe create event for this? - a.log.WithError(err).Warning("failed to compile regex") + return nil, errors.Wrap(err, "failed to compile SkipPathRegex") } else { a.UnauthenticatedRegex = append(a.UnauthenticatedRegex, re) } } } - return a + return a, nil } func (a *Application) IsAllowlisted(r *http.Request) bool { diff --git a/internal/outpost/proxyv2/refresh.go b/internal/outpost/proxyv2/refresh.go index 5b4a0a7d2..65733f304 100644 --- a/internal/outpost/proxyv2/refresh.go +++ b/internal/outpost/proxyv2/refresh.go @@ -24,8 +24,12 @@ func (ps *ProxyServer) Refresh() error { hc := &http.Client{ Transport: ak.NewUserAgentTransport(constants.OutpostUserAgent()+ua, ak.NewTracingTransport(context.TODO(), ak.GetTLSTransport())), } - a := application.NewApplication(provider, hc, ps.cryptoStore, ps.akAPI) - apps[a.Host] = a + a, err := application.NewApplication(provider, hc, ps.cryptoStore, ps.akAPI) + if err != nil { + ps.log.WithError(err).Warning("failed to setup application") + } else { + apps[a.Host] = a + } } ps.apps = apps ps.log.Debug("Swapped maps")