root: add more common utils

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2021-06-16 17:29:01 +02:00
parent 6dc38b0132
commit b98895ac2c
6 changed files with 44 additions and 92 deletions

View File

@ -2,14 +2,12 @@ package main
import ( import (
"fmt" "fmt"
"math/rand"
"net/url" "net/url"
"os" "os"
"os/signal"
"time"
log "github.com/sirupsen/logrus" log "github.com/sirupsen/logrus"
"goauthentik.io/internal/common"
"goauthentik.io/internal/outpost/ak" "goauthentik.io/internal/outpost/ak"
"goauthentik.io/internal/outpost/ldap" "goauthentik.io/internal/outpost/ldap"
) )
@ -23,32 +21,30 @@ Required environment variables:
func main() { func main() {
log.SetLevel(log.DebugLevel) log.SetLevel(log.DebugLevel)
pbURL, found := os.LookupEnv("AUTHENTIK_HOST") akURL, found := os.LookupEnv("AUTHENTIK_HOST")
if !found { if !found {
fmt.Println("env AUTHENTIK_HOST not set!") fmt.Println("env AUTHENTIK_HOST not set!")
fmt.Println(helpMessage) fmt.Println(helpMessage)
os.Exit(1) os.Exit(1)
} }
pbToken, found := os.LookupEnv("AUTHENTIK_TOKEN") akToken, found := os.LookupEnv("AUTHENTIK_TOKEN")
if !found { if !found {
fmt.Println("env AUTHENTIK_TOKEN not set!") fmt.Println("env AUTHENTIK_TOKEN not set!")
fmt.Println(helpMessage) fmt.Println(helpMessage)
os.Exit(1) os.Exit(1)
} }
pbURLActual, err := url.Parse(pbURL) akURLActual, err := url.Parse(akURL)
if err != nil { if err != nil {
fmt.Println(err) fmt.Println(err)
fmt.Println(helpMessage) fmt.Println(helpMessage)
os.Exit(1) os.Exit(1)
} }
rand.Seed(time.Now().UnixNano()) ex := common.Init()
defer common.Defer()
ac := ak.NewAPIController(*pbURLActual, pbToken) ac := ak.NewAPIController(*akURLActual, akToken)
interrupt := make(chan os.Signal, 1)
signal.Notify(interrupt, os.Interrupt)
ac.Server = ldap.NewServer(ac) ac.Server = ldap.NewServer(ac)
@ -58,7 +54,7 @@ func main() {
} }
for { for {
<-interrupt <-ex
ac.Shutdown() ac.Shutdown()
os.Exit(0) os.Exit(0)
} }

View File

@ -2,14 +2,12 @@ package main
import ( import (
"fmt" "fmt"
"math/rand"
"net/url" "net/url"
"os" "os"
"os/signal"
"time"
log "github.com/sirupsen/logrus" log "github.com/sirupsen/logrus"
"goauthentik.io/internal/common"
"goauthentik.io/internal/outpost/ak" "goauthentik.io/internal/outpost/ak"
"goauthentik.io/internal/outpost/proxy" "goauthentik.io/internal/outpost/proxy"
) )
@ -23,32 +21,30 @@ Required environment variables:
func main() { func main() {
log.SetLevel(log.DebugLevel) log.SetLevel(log.DebugLevel)
pbURL, found := os.LookupEnv("AUTHENTIK_HOST") akURL, found := os.LookupEnv("AUTHENTIK_HOST")
if !found { if !found {
fmt.Println("env AUTHENTIK_HOST not set!") fmt.Println("env AUTHENTIK_HOST not set!")
fmt.Println(helpMessage) fmt.Println(helpMessage)
os.Exit(1) os.Exit(1)
} }
pbToken, found := os.LookupEnv("AUTHENTIK_TOKEN") akToken, found := os.LookupEnv("AUTHENTIK_TOKEN")
if !found { if !found {
fmt.Println("env AUTHENTIK_TOKEN not set!") fmt.Println("env AUTHENTIK_TOKEN not set!")
fmt.Println(helpMessage) fmt.Println(helpMessage)
os.Exit(1) os.Exit(1)
} }
pbURLActual, err := url.Parse(pbURL) akURLActual, err := url.Parse(akURL)
if err != nil { if err != nil {
fmt.Println(err) fmt.Println(err)
fmt.Println(helpMessage) fmt.Println(helpMessage)
os.Exit(1) os.Exit(1)
} }
rand.Seed(time.Now().UnixNano()) ex := common.Init()
defer common.Defer()
ac := ak.NewAPIController(*pbURLActual, pbToken) ac := ak.NewAPIController(*akURLActual, akToken)
interrupt := make(chan os.Signal, 1)
signal.Notify(interrupt, os.Interrupt)
ac.Server = proxy.NewServer(ac) ac.Server = proxy.NewServer(ac)
@ -58,7 +54,7 @@ func main() {
} }
for { for {
<-interrupt <-ex
ac.Shutdown() ac.Shutdown()
os.Exit(0) os.Exit(0)
} }

View File

@ -3,10 +3,10 @@ package main
import ( import (
"fmt" "fmt"
"sync" "sync"
"time"
"github.com/getsentry/sentry-go" "github.com/getsentry/sentry-go"
log "github.com/sirupsen/logrus" log "github.com/sirupsen/logrus"
"goauthentik.io/internal/common"
"goauthentik.io/internal/config" "goauthentik.io/internal/config"
"goauthentik.io/internal/constants" "goauthentik.io/internal/constants"
"goauthentik.io/internal/gounicorn" "goauthentik.io/internal/gounicorn"
@ -28,13 +28,13 @@ func main() {
Release: fmt.Sprintf("authentik@%s", constants.VERSION), Release: fmt.Sprintf("authentik@%s", constants.VERSION),
Environment: config.G.ErrorReporting.Environment, Environment: config.G.ErrorReporting.Environment,
}) })
defer sentry.Flush(time.Second * 5)
defer sentry.Recover()
} }
defer common.Defer()
rl := log.WithField("logger", "authentik.g") rl := log.WithField("logger", "authentik.g")
wg := sync.WaitGroup{} wg := sync.WaitGroup{}
wg.Add(2) wg.Add(3)
go func() { go func() {
defer wg.Done() defer wg.Done()
g := gounicorn.NewGoUnicorn() g := gounicorn.NewGoUnicorn()

22
internal/common/global.go Normal file
View File

@ -0,0 +1,22 @@
package common
import (
"math/rand"
"os"
"os/signal"
"time"
"github.com/getsentry/sentry-go"
)
func Init() chan os.Signal {
rand.Seed(time.Now().UnixNano())
interrupt := make(chan os.Signal, 1)
signal.Notify(interrupt, os.Interrupt)
return interrupt
}
func Defer() {
defer sentry.Flush(time.Second * 5)
defer sentry.Recover()
}

View File

@ -1,63 +0,0 @@
package ak
import (
"crypto/rand"
"crypto/rsa"
"crypto/tls"
"crypto/x509"
"crypto/x509/pkix"
"encoding/pem"
"math/big"
"time"
log "github.com/sirupsen/logrus"
)
// GenerateSelfSignedCert Generate a self-signed TLS Certificate, to be used as fallback
func GenerateSelfSignedCert() (tls.Certificate, error) {
priv, err := rsa.GenerateKey(rand.Reader, 2048)
if err != nil {
log.Fatalf("Failed to generate private key: %v", err)
return tls.Certificate{}, err
}
keyUsage := x509.KeyUsageDigitalSignature | x509.KeyUsageKeyEncipherment
notBefore := time.Now()
notAfter := notBefore.Add(365 * 24 * time.Hour)
serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128)
serialNumber, err := rand.Int(rand.Reader, serialNumberLimit)
if err != nil {
log.Fatalf("Failed to generate serial number: %v", err)
return tls.Certificate{}, err
}
template := x509.Certificate{
SerialNumber: serialNumber,
Subject: pkix.Name{
Organization: []string{"authentik"},
CommonName: "authentik Proxy default certificate",
},
NotBefore: notBefore,
NotAfter: notAfter,
KeyUsage: keyUsage,
ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
BasicConstraintsValid: true,
}
template.DNSNames = []string{"*"}
derBytes, err := x509.CreateCertificate(rand.Reader, &template, &template, &priv.PublicKey, priv)
if err != nil {
log.Warning(err)
}
pemBytes := pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: derBytes})
privBytes, err := x509.MarshalPKCS8PrivateKey(priv)
if err != nil {
log.Warning(err)
}
privPemByes := pem.EncodeToMemory(&pem.Block{Type: "PRIVATE KEY", Bytes: privBytes})
return tls.X509KeyPair(pemBytes, privPemByes)
}

View File

@ -10,6 +10,7 @@ import (
"time" "time"
log "github.com/sirupsen/logrus" log "github.com/sirupsen/logrus"
"goauthentik.io/internal/crypto"
"goauthentik.io/internal/outpost/ak" "goauthentik.io/internal/outpost/ak"
) )
@ -25,7 +26,7 @@ type Server struct {
// NewServer initialise a new HTTP Server // NewServer initialise a new HTTP Server
func NewServer(ac *ak.APIController) *Server { func NewServer(ac *ak.APIController) *Server {
defaultCert, err := ak.GenerateSelfSignedCert() defaultCert, err := crypto.GenerateSelfSignedCert()
if err != nil { if err != nil {
log.Warning(err) log.Warning(err)
} }