internal: fix race condition with config loading on startup, add index on debug server

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
This commit is contained in:
Jens Langhammer 2023-01-08 20:33:04 +01:00
parent 7eb6320d74
commit a9680d6088
No known key found for this signature in database
8 changed files with 38 additions and 24 deletions

View file

@ -30,7 +30,7 @@ func main() {
},
DisableHTMLEscape: true,
})
go debug.EnableDebugServer()
debug.EnableDebugServer()
akURL := config.Get().AuthentikHost
if akURL == "" {
fmt.Println("env AUTHENTIK_HOST not set!")

View file

@ -33,7 +33,7 @@ func main() {
},
DisableHTMLEscape: true,
})
go debug.EnableDebugServer()
debug.EnableDebugServer()
akURL := config.Get().AuthentikHost
if akURL == "" {
fmt.Println("env AUTHENTIK_HOST not set!")

View file

@ -32,9 +32,8 @@ func main() {
},
DisableHTMLEscape: true,
})
go debug.EnableDebugServer()
debug.EnableDebugServer()
l := log.WithField("logger", "authentik.root")
config.Get().Setup("./authentik/lib/default.yml", "./local.env.yml")
if config.Get().ErrorReporting.Enabled {
err := sentry.Init(sentry.ClientOptions{

View file

@ -18,7 +18,7 @@ var cfg *Config
func Get() *Config {
if cfg == nil {
c := defaultConfig()
c.Setup()
c.Setup("./authentik/lib/default.yml", "./local.env.yml")
cfg = c
}
return cfg

View file

@ -2,13 +2,15 @@ package config
type Config struct {
// Core specific config
SecretKey string `yaml:"secret_key" env:"AUTHENTIK_SECRET_KEY"`
Paths PathsConfig `yaml:"paths"`
LogLevel string `yaml:"log_level" env:"AUTHENTIK_LOG_LEVEL"`
ErrorReporting ErrorReportingConfig `yaml:"error_reporting"`
Redis RedisConfig `yaml:"redis"`
Outposts OutpostConfig `yaml:"outposts"`
// Config for core and embedded outpost
SecretKey string `yaml:"secret_key" env:"AUTHENTIK_SECRET_KEY"`
// Config for both core and outposts
Debug bool `yaml:"debug" env:"AUTHENTIK_DEBUG"`
Listen ListenConfig `yaml:"listen"`
@ -16,8 +18,9 @@ type Config struct {
// Outpost specific config
// These are only relevant for proxy/ldap outposts, and cannot be set via YAML
// They are loaded via this config loader to support file:// schemas
AuthentikHost string `env:"AUTHENTIK_HOST"`
AuthentikToken string `env:"AUTHENTIK_TOKEN"`
AuthentikHost string `env:"AUTHENTIK_HOST"`
AuthentikToken string `env:"AUTHENTIK_TOKEN"`
AuthentikInsecure bool `env:"AUTHENTIK_INSECURE"`
}
type RedisConfig struct {

View file

@ -1,11 +1,14 @@
package debug
import (
"fmt"
"net/http"
"net/http/pprof"
"github.com/gorilla/mux"
log "github.com/sirupsen/logrus"
"goauthentik.io/internal/config"
"goauthentik.io/internal/utils/web"
)
func EnableDebugServer() {
@ -14,11 +17,30 @@ func EnableDebugServer() {
l.Info("not enabling debug server, set `AUTHENTIK_DEBUG` to `true` to enable it.")
return
}
h := http.NewServeMux()
h := mux.NewRouter()
h.HandleFunc("/debug/pprof/", pprof.Index)
h.HandleFunc("/debug/pprof/cmdline", pprof.Cmdline)
h.HandleFunc("/debug/pprof/profile", pprof.Profile)
h.HandleFunc("/debug/pprof/symbol", pprof.Symbol)
h.HandleFunc("/debug/pprof/trace", pprof.Trace)
l.Println(http.ListenAndServe(config.Get().Listen.Debug, nil))
h.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
h.Walk(func(route *mux.Route, router *mux.Router, ancestors []*mux.Route) error {
tpl, err := route.GetPathTemplate()
if err != nil {
return nil
}
w.Write([]byte(fmt.Sprintf("<a href='%[1]s'>%[1]s</a><br>", tpl)))
return nil
})
})
go func() {
l.WithField("listen", config.Get().Listen.Debug).Info("Starting Debug server")
err := http.ListenAndServe(
config.Get().Listen.Debug,
web.NewLoggingHandler(l, nil)(h),
)
if l != nil {
l.WithError(err).Warn("failed to start debug server")
}
}()
}

View file

@ -5,13 +5,13 @@ import (
"fmt"
"net/http"
"net/url"
"os"
"strconv"
"strings"
"time"
"github.com/gorilla/websocket"
"github.com/prometheus/client_golang/prometheus"
"goauthentik.io/internal/config"
"goauthentik.io/internal/constants"
)
@ -26,16 +26,11 @@ func (ac *APIController) initWS(akURL url.URL, outpostUUID string) error {
"User-Agent": []string{constants.OutpostUserAgent()},
}
value, set := os.LookupEnv("AUTHENTIK_INSECURE")
if !set {
value = "false"
}
dialer := websocket.Dialer{
Proxy: http.ProxyFromEnvironment,
HandshakeTimeout: 10 * time.Second,
TLSClientConfig: &tls.Config{
InsecureSkipVerify: strings.ToLower(value) == "true",
InsecureSkipVerify: config.Get().AuthentikInsecure,
},
}

View file

@ -3,13 +3,12 @@ package ak
import (
"fmt"
"net/http"
"os"
"strings"
"github.com/getsentry/sentry-go"
httptransport "github.com/go-openapi/runtime/client"
log "github.com/sirupsen/logrus"
"goauthentik.io/api/v3"
"goauthentik.io/internal/config"
"goauthentik.io/internal/constants"
sentryutils "goauthentik.io/internal/utils/sentry"
webutils "goauthentik.io/internal/utils/web"
@ -75,12 +74,8 @@ func GetTLSTransport() http.RoundTripper {
if tlsTransport != nil {
return *tlsTransport
}
value, set := os.LookupEnv("AUTHENTIK_INSECURE")
if !set {
value = "false"
}
tmp, err := httptransport.TLSTransport(httptransport.TLSClientOptions{
InsecureSkipVerify: strings.ToLower(value) == "true",
InsecureSkipVerify: config.Get().AuthentikInsecure,
})
if err != nil {
panic(err)