internal: fix race condition with config loading on startup, add index on debug server

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
This commit is contained in:
Jens Langhammer 2023-01-08 20:33:04 +01:00
parent 7eb6320d74
commit a9680d6088
No known key found for this signature in database
8 changed files with 38 additions and 24 deletions

View file

@ -30,7 +30,7 @@ func main() {
}, },
DisableHTMLEscape: true, DisableHTMLEscape: true,
}) })
go debug.EnableDebugServer() debug.EnableDebugServer()
akURL := config.Get().AuthentikHost akURL := config.Get().AuthentikHost
if akURL == "" { if akURL == "" {
fmt.Println("env AUTHENTIK_HOST not set!") fmt.Println("env AUTHENTIK_HOST not set!")

View file

@ -33,7 +33,7 @@ func main() {
}, },
DisableHTMLEscape: true, DisableHTMLEscape: true,
}) })
go debug.EnableDebugServer() debug.EnableDebugServer()
akURL := config.Get().AuthentikHost akURL := config.Get().AuthentikHost
if akURL == "" { if akURL == "" {
fmt.Println("env AUTHENTIK_HOST not set!") fmt.Println("env AUTHENTIK_HOST not set!")

View file

@ -32,9 +32,8 @@ func main() {
}, },
DisableHTMLEscape: true, DisableHTMLEscape: true,
}) })
go debug.EnableDebugServer() debug.EnableDebugServer()
l := log.WithField("logger", "authentik.root") l := log.WithField("logger", "authentik.root")
config.Get().Setup("./authentik/lib/default.yml", "./local.env.yml")
if config.Get().ErrorReporting.Enabled { if config.Get().ErrorReporting.Enabled {
err := sentry.Init(sentry.ClientOptions{ err := sentry.Init(sentry.ClientOptions{

View file

@ -18,7 +18,7 @@ var cfg *Config
func Get() *Config { func Get() *Config {
if cfg == nil { if cfg == nil {
c := defaultConfig() c := defaultConfig()
c.Setup() c.Setup("./authentik/lib/default.yml", "./local.env.yml")
cfg = c cfg = c
} }
return cfg return cfg

View file

@ -2,13 +2,15 @@ package config
type Config struct { type Config struct {
// Core specific config // Core specific config
SecretKey string `yaml:"secret_key" env:"AUTHENTIK_SECRET_KEY"`
Paths PathsConfig `yaml:"paths"` Paths PathsConfig `yaml:"paths"`
LogLevel string `yaml:"log_level" env:"AUTHENTIK_LOG_LEVEL"` LogLevel string `yaml:"log_level" env:"AUTHENTIK_LOG_LEVEL"`
ErrorReporting ErrorReportingConfig `yaml:"error_reporting"` ErrorReporting ErrorReportingConfig `yaml:"error_reporting"`
Redis RedisConfig `yaml:"redis"` Redis RedisConfig `yaml:"redis"`
Outposts OutpostConfig `yaml:"outposts"` Outposts OutpostConfig `yaml:"outposts"`
// Config for core and embedded outpost
SecretKey string `yaml:"secret_key" env:"AUTHENTIK_SECRET_KEY"`
// Config for both core and outposts // Config for both core and outposts
Debug bool `yaml:"debug" env:"AUTHENTIK_DEBUG"` Debug bool `yaml:"debug" env:"AUTHENTIK_DEBUG"`
Listen ListenConfig `yaml:"listen"` Listen ListenConfig `yaml:"listen"`
@ -16,8 +18,9 @@ type Config struct {
// Outpost specific config // Outpost specific config
// These are only relevant for proxy/ldap outposts, and cannot be set via YAML // These are only relevant for proxy/ldap outposts, and cannot be set via YAML
// They are loaded via this config loader to support file:// schemas // They are loaded via this config loader to support file:// schemas
AuthentikHost string `env:"AUTHENTIK_HOST"` AuthentikHost string `env:"AUTHENTIK_HOST"`
AuthentikToken string `env:"AUTHENTIK_TOKEN"` AuthentikToken string `env:"AUTHENTIK_TOKEN"`
AuthentikInsecure bool `env:"AUTHENTIK_INSECURE"`
} }
type RedisConfig struct { type RedisConfig struct {

View file

@ -1,11 +1,14 @@
package debug package debug
import ( import (
"fmt"
"net/http" "net/http"
"net/http/pprof" "net/http/pprof"
"github.com/gorilla/mux"
log "github.com/sirupsen/logrus" log "github.com/sirupsen/logrus"
"goauthentik.io/internal/config" "goauthentik.io/internal/config"
"goauthentik.io/internal/utils/web"
) )
func EnableDebugServer() { func EnableDebugServer() {
@ -14,11 +17,30 @@ func EnableDebugServer() {
l.Info("not enabling debug server, set `AUTHENTIK_DEBUG` to `true` to enable it.") l.Info("not enabling debug server, set `AUTHENTIK_DEBUG` to `true` to enable it.")
return return
} }
h := http.NewServeMux() h := mux.NewRouter()
h.HandleFunc("/debug/pprof/", pprof.Index) h.HandleFunc("/debug/pprof/", pprof.Index)
h.HandleFunc("/debug/pprof/cmdline", pprof.Cmdline) h.HandleFunc("/debug/pprof/cmdline", pprof.Cmdline)
h.HandleFunc("/debug/pprof/profile", pprof.Profile) h.HandleFunc("/debug/pprof/profile", pprof.Profile)
h.HandleFunc("/debug/pprof/symbol", pprof.Symbol) h.HandleFunc("/debug/pprof/symbol", pprof.Symbol)
h.HandleFunc("/debug/pprof/trace", pprof.Trace) h.HandleFunc("/debug/pprof/trace", pprof.Trace)
l.Println(http.ListenAndServe(config.Get().Listen.Debug, nil)) h.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
h.Walk(func(route *mux.Route, router *mux.Router, ancestors []*mux.Route) error {
tpl, err := route.GetPathTemplate()
if err != nil {
return nil
}
w.Write([]byte(fmt.Sprintf("<a href='%[1]s'>%[1]s</a><br>", tpl)))
return nil
})
})
go func() {
l.WithField("listen", config.Get().Listen.Debug).Info("Starting Debug server")
err := http.ListenAndServe(
config.Get().Listen.Debug,
web.NewLoggingHandler(l, nil)(h),
)
if l != nil {
l.WithError(err).Warn("failed to start debug server")
}
}()
} }

View file

@ -5,13 +5,13 @@ import (
"fmt" "fmt"
"net/http" "net/http"
"net/url" "net/url"
"os"
"strconv" "strconv"
"strings" "strings"
"time" "time"
"github.com/gorilla/websocket" "github.com/gorilla/websocket"
"github.com/prometheus/client_golang/prometheus" "github.com/prometheus/client_golang/prometheus"
"goauthentik.io/internal/config"
"goauthentik.io/internal/constants" "goauthentik.io/internal/constants"
) )
@ -26,16 +26,11 @@ func (ac *APIController) initWS(akURL url.URL, outpostUUID string) error {
"User-Agent": []string{constants.OutpostUserAgent()}, "User-Agent": []string{constants.OutpostUserAgent()},
} }
value, set := os.LookupEnv("AUTHENTIK_INSECURE")
if !set {
value = "false"
}
dialer := websocket.Dialer{ dialer := websocket.Dialer{
Proxy: http.ProxyFromEnvironment, Proxy: http.ProxyFromEnvironment,
HandshakeTimeout: 10 * time.Second, HandshakeTimeout: 10 * time.Second,
TLSClientConfig: &tls.Config{ TLSClientConfig: &tls.Config{
InsecureSkipVerify: strings.ToLower(value) == "true", InsecureSkipVerify: config.Get().AuthentikInsecure,
}, },
} }

View file

@ -3,13 +3,12 @@ package ak
import ( import (
"fmt" "fmt"
"net/http" "net/http"
"os"
"strings"
"github.com/getsentry/sentry-go" "github.com/getsentry/sentry-go"
httptransport "github.com/go-openapi/runtime/client" httptransport "github.com/go-openapi/runtime/client"
log "github.com/sirupsen/logrus" log "github.com/sirupsen/logrus"
"goauthentik.io/api/v3" "goauthentik.io/api/v3"
"goauthentik.io/internal/config"
"goauthentik.io/internal/constants" "goauthentik.io/internal/constants"
sentryutils "goauthentik.io/internal/utils/sentry" sentryutils "goauthentik.io/internal/utils/sentry"
webutils "goauthentik.io/internal/utils/web" webutils "goauthentik.io/internal/utils/web"
@ -75,12 +74,8 @@ func GetTLSTransport() http.RoundTripper {
if tlsTransport != nil { if tlsTransport != nil {
return *tlsTransport return *tlsTransport
} }
value, set := os.LookupEnv("AUTHENTIK_INSECURE")
if !set {
value = "false"
}
tmp, err := httptransport.TLSTransport(httptransport.TLSClientOptions{ tmp, err := httptransport.TLSTransport(httptransport.TLSClientOptions{
InsecureSkipVerify: strings.ToLower(value) == "true", InsecureSkipVerify: config.Get().AuthentikInsecure,
}) })
if err != nil { if err != nil {
panic(err) panic(err)