internal: fix race condition with config loading on startup, add index on debug server
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
This commit is contained in:
parent
7eb6320d74
commit
a9680d6088
|
@ -30,7 +30,7 @@ func main() {
|
||||||
},
|
},
|
||||||
DisableHTMLEscape: true,
|
DisableHTMLEscape: true,
|
||||||
})
|
})
|
||||||
go debug.EnableDebugServer()
|
debug.EnableDebugServer()
|
||||||
akURL := config.Get().AuthentikHost
|
akURL := config.Get().AuthentikHost
|
||||||
if akURL == "" {
|
if akURL == "" {
|
||||||
fmt.Println("env AUTHENTIK_HOST not set!")
|
fmt.Println("env AUTHENTIK_HOST not set!")
|
|
@ -33,7 +33,7 @@ func main() {
|
||||||
},
|
},
|
||||||
DisableHTMLEscape: true,
|
DisableHTMLEscape: true,
|
||||||
})
|
})
|
||||||
go debug.EnableDebugServer()
|
debug.EnableDebugServer()
|
||||||
akURL := config.Get().AuthentikHost
|
akURL := config.Get().AuthentikHost
|
||||||
if akURL == "" {
|
if akURL == "" {
|
||||||
fmt.Println("env AUTHENTIK_HOST not set!")
|
fmt.Println("env AUTHENTIK_HOST not set!")
|
|
@ -32,9 +32,8 @@ func main() {
|
||||||
},
|
},
|
||||||
DisableHTMLEscape: true,
|
DisableHTMLEscape: true,
|
||||||
})
|
})
|
||||||
go debug.EnableDebugServer()
|
debug.EnableDebugServer()
|
||||||
l := log.WithField("logger", "authentik.root")
|
l := log.WithField("logger", "authentik.root")
|
||||||
config.Get().Setup("./authentik/lib/default.yml", "./local.env.yml")
|
|
||||||
|
|
||||||
if config.Get().ErrorReporting.Enabled {
|
if config.Get().ErrorReporting.Enabled {
|
||||||
err := sentry.Init(sentry.ClientOptions{
|
err := sentry.Init(sentry.ClientOptions{
|
||||||
|
|
|
@ -18,7 +18,7 @@ var cfg *Config
|
||||||
func Get() *Config {
|
func Get() *Config {
|
||||||
if cfg == nil {
|
if cfg == nil {
|
||||||
c := defaultConfig()
|
c := defaultConfig()
|
||||||
c.Setup()
|
c.Setup("./authentik/lib/default.yml", "./local.env.yml")
|
||||||
cfg = c
|
cfg = c
|
||||||
}
|
}
|
||||||
return cfg
|
return cfg
|
||||||
|
|
|
@ -2,13 +2,15 @@ package config
|
||||||
|
|
||||||
type Config struct {
|
type Config struct {
|
||||||
// Core specific config
|
// Core specific config
|
||||||
SecretKey string `yaml:"secret_key" env:"AUTHENTIK_SECRET_KEY"`
|
|
||||||
Paths PathsConfig `yaml:"paths"`
|
Paths PathsConfig `yaml:"paths"`
|
||||||
LogLevel string `yaml:"log_level" env:"AUTHENTIK_LOG_LEVEL"`
|
LogLevel string `yaml:"log_level" env:"AUTHENTIK_LOG_LEVEL"`
|
||||||
ErrorReporting ErrorReportingConfig `yaml:"error_reporting"`
|
ErrorReporting ErrorReportingConfig `yaml:"error_reporting"`
|
||||||
Redis RedisConfig `yaml:"redis"`
|
Redis RedisConfig `yaml:"redis"`
|
||||||
Outposts OutpostConfig `yaml:"outposts"`
|
Outposts OutpostConfig `yaml:"outposts"`
|
||||||
|
|
||||||
|
// Config for core and embedded outpost
|
||||||
|
SecretKey string `yaml:"secret_key" env:"AUTHENTIK_SECRET_KEY"`
|
||||||
|
|
||||||
// Config for both core and outposts
|
// Config for both core and outposts
|
||||||
Debug bool `yaml:"debug" env:"AUTHENTIK_DEBUG"`
|
Debug bool `yaml:"debug" env:"AUTHENTIK_DEBUG"`
|
||||||
Listen ListenConfig `yaml:"listen"`
|
Listen ListenConfig `yaml:"listen"`
|
||||||
|
@ -16,8 +18,9 @@ type Config struct {
|
||||||
// Outpost specific config
|
// Outpost specific config
|
||||||
// These are only relevant for proxy/ldap outposts, and cannot be set via YAML
|
// These are only relevant for proxy/ldap outposts, and cannot be set via YAML
|
||||||
// They are loaded via this config loader to support file:// schemas
|
// They are loaded via this config loader to support file:// schemas
|
||||||
AuthentikHost string `env:"AUTHENTIK_HOST"`
|
AuthentikHost string `env:"AUTHENTIK_HOST"`
|
||||||
AuthentikToken string `env:"AUTHENTIK_TOKEN"`
|
AuthentikToken string `env:"AUTHENTIK_TOKEN"`
|
||||||
|
AuthentikInsecure bool `env:"AUTHENTIK_INSECURE"`
|
||||||
}
|
}
|
||||||
|
|
||||||
type RedisConfig struct {
|
type RedisConfig struct {
|
||||||
|
|
|
@ -1,11 +1,14 @@
|
||||||
package debug
|
package debug
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"fmt"
|
||||||
"net/http"
|
"net/http"
|
||||||
"net/http/pprof"
|
"net/http/pprof"
|
||||||
|
|
||||||
|
"github.com/gorilla/mux"
|
||||||
log "github.com/sirupsen/logrus"
|
log "github.com/sirupsen/logrus"
|
||||||
"goauthentik.io/internal/config"
|
"goauthentik.io/internal/config"
|
||||||
|
"goauthentik.io/internal/utils/web"
|
||||||
)
|
)
|
||||||
|
|
||||||
func EnableDebugServer() {
|
func EnableDebugServer() {
|
||||||
|
@ -14,11 +17,30 @@ func EnableDebugServer() {
|
||||||
l.Info("not enabling debug server, set `AUTHENTIK_DEBUG` to `true` to enable it.")
|
l.Info("not enabling debug server, set `AUTHENTIK_DEBUG` to `true` to enable it.")
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
h := http.NewServeMux()
|
h := mux.NewRouter()
|
||||||
h.HandleFunc("/debug/pprof/", pprof.Index)
|
h.HandleFunc("/debug/pprof/", pprof.Index)
|
||||||
h.HandleFunc("/debug/pprof/cmdline", pprof.Cmdline)
|
h.HandleFunc("/debug/pprof/cmdline", pprof.Cmdline)
|
||||||
h.HandleFunc("/debug/pprof/profile", pprof.Profile)
|
h.HandleFunc("/debug/pprof/profile", pprof.Profile)
|
||||||
h.HandleFunc("/debug/pprof/symbol", pprof.Symbol)
|
h.HandleFunc("/debug/pprof/symbol", pprof.Symbol)
|
||||||
h.HandleFunc("/debug/pprof/trace", pprof.Trace)
|
h.HandleFunc("/debug/pprof/trace", pprof.Trace)
|
||||||
l.Println(http.ListenAndServe(config.Get().Listen.Debug, nil))
|
h.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
|
||||||
|
h.Walk(func(route *mux.Route, router *mux.Router, ancestors []*mux.Route) error {
|
||||||
|
tpl, err := route.GetPathTemplate()
|
||||||
|
if err != nil {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
w.Write([]byte(fmt.Sprintf("<a href='%[1]s'>%[1]s</a><br>", tpl)))
|
||||||
|
return nil
|
||||||
|
})
|
||||||
|
})
|
||||||
|
go func() {
|
||||||
|
l.WithField("listen", config.Get().Listen.Debug).Info("Starting Debug server")
|
||||||
|
err := http.ListenAndServe(
|
||||||
|
config.Get().Listen.Debug,
|
||||||
|
web.NewLoggingHandler(l, nil)(h),
|
||||||
|
)
|
||||||
|
if l != nil {
|
||||||
|
l.WithError(err).Warn("failed to start debug server")
|
||||||
|
}
|
||||||
|
}()
|
||||||
}
|
}
|
||||||
|
|
|
@ -5,13 +5,13 @@ import (
|
||||||
"fmt"
|
"fmt"
|
||||||
"net/http"
|
"net/http"
|
||||||
"net/url"
|
"net/url"
|
||||||
"os"
|
|
||||||
"strconv"
|
"strconv"
|
||||||
"strings"
|
"strings"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
"github.com/gorilla/websocket"
|
"github.com/gorilla/websocket"
|
||||||
"github.com/prometheus/client_golang/prometheus"
|
"github.com/prometheus/client_golang/prometheus"
|
||||||
|
"goauthentik.io/internal/config"
|
||||||
"goauthentik.io/internal/constants"
|
"goauthentik.io/internal/constants"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -26,16 +26,11 @@ func (ac *APIController) initWS(akURL url.URL, outpostUUID string) error {
|
||||||
"User-Agent": []string{constants.OutpostUserAgent()},
|
"User-Agent": []string{constants.OutpostUserAgent()},
|
||||||
}
|
}
|
||||||
|
|
||||||
value, set := os.LookupEnv("AUTHENTIK_INSECURE")
|
|
||||||
if !set {
|
|
||||||
value = "false"
|
|
||||||
}
|
|
||||||
|
|
||||||
dialer := websocket.Dialer{
|
dialer := websocket.Dialer{
|
||||||
Proxy: http.ProxyFromEnvironment,
|
Proxy: http.ProxyFromEnvironment,
|
||||||
HandshakeTimeout: 10 * time.Second,
|
HandshakeTimeout: 10 * time.Second,
|
||||||
TLSClientConfig: &tls.Config{
|
TLSClientConfig: &tls.Config{
|
||||||
InsecureSkipVerify: strings.ToLower(value) == "true",
|
InsecureSkipVerify: config.Get().AuthentikInsecure,
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -3,13 +3,12 @@ package ak
|
||||||
import (
|
import (
|
||||||
"fmt"
|
"fmt"
|
||||||
"net/http"
|
"net/http"
|
||||||
"os"
|
|
||||||
"strings"
|
|
||||||
|
|
||||||
"github.com/getsentry/sentry-go"
|
"github.com/getsentry/sentry-go"
|
||||||
httptransport "github.com/go-openapi/runtime/client"
|
httptransport "github.com/go-openapi/runtime/client"
|
||||||
log "github.com/sirupsen/logrus"
|
log "github.com/sirupsen/logrus"
|
||||||
"goauthentik.io/api/v3"
|
"goauthentik.io/api/v3"
|
||||||
|
"goauthentik.io/internal/config"
|
||||||
"goauthentik.io/internal/constants"
|
"goauthentik.io/internal/constants"
|
||||||
sentryutils "goauthentik.io/internal/utils/sentry"
|
sentryutils "goauthentik.io/internal/utils/sentry"
|
||||||
webutils "goauthentik.io/internal/utils/web"
|
webutils "goauthentik.io/internal/utils/web"
|
||||||
|
@ -75,12 +74,8 @@ func GetTLSTransport() http.RoundTripper {
|
||||||
if tlsTransport != nil {
|
if tlsTransport != nil {
|
||||||
return *tlsTransport
|
return *tlsTransport
|
||||||
}
|
}
|
||||||
value, set := os.LookupEnv("AUTHENTIK_INSECURE")
|
|
||||||
if !set {
|
|
||||||
value = "false"
|
|
||||||
}
|
|
||||||
tmp, err := httptransport.TLSTransport(httptransport.TLSClientOptions{
|
tmp, err := httptransport.TLSTransport(httptransport.TLSClientOptions{
|
||||||
InsecureSkipVerify: strings.ToLower(value) == "true",
|
InsecureSkipVerify: config.Get().AuthentikInsecure,
|
||||||
})
|
})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
panic(err)
|
panic(err)
|
||||||
|
|
Reference in a new issue