root: add more common utils
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
parent
6dc38b0132
commit
b98895ac2c
|
@ -2,14 +2,12 @@ package main
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"fmt"
|
"fmt"
|
||||||
"math/rand"
|
|
||||||
"net/url"
|
"net/url"
|
||||||
"os"
|
"os"
|
||||||
"os/signal"
|
|
||||||
"time"
|
|
||||||
|
|
||||||
log "github.com/sirupsen/logrus"
|
log "github.com/sirupsen/logrus"
|
||||||
|
|
||||||
|
"goauthentik.io/internal/common"
|
||||||
"goauthentik.io/internal/outpost/ak"
|
"goauthentik.io/internal/outpost/ak"
|
||||||
"goauthentik.io/internal/outpost/ldap"
|
"goauthentik.io/internal/outpost/ldap"
|
||||||
)
|
)
|
||||||
|
@ -23,32 +21,30 @@ Required environment variables:
|
||||||
|
|
||||||
func main() {
|
func main() {
|
||||||
log.SetLevel(log.DebugLevel)
|
log.SetLevel(log.DebugLevel)
|
||||||
pbURL, found := os.LookupEnv("AUTHENTIK_HOST")
|
akURL, found := os.LookupEnv("AUTHENTIK_HOST")
|
||||||
if !found {
|
if !found {
|
||||||
fmt.Println("env AUTHENTIK_HOST not set!")
|
fmt.Println("env AUTHENTIK_HOST not set!")
|
||||||
fmt.Println(helpMessage)
|
fmt.Println(helpMessage)
|
||||||
os.Exit(1)
|
os.Exit(1)
|
||||||
}
|
}
|
||||||
pbToken, found := os.LookupEnv("AUTHENTIK_TOKEN")
|
akToken, found := os.LookupEnv("AUTHENTIK_TOKEN")
|
||||||
if !found {
|
if !found {
|
||||||
fmt.Println("env AUTHENTIK_TOKEN not set!")
|
fmt.Println("env AUTHENTIK_TOKEN not set!")
|
||||||
fmt.Println(helpMessage)
|
fmt.Println(helpMessage)
|
||||||
os.Exit(1)
|
os.Exit(1)
|
||||||
}
|
}
|
||||||
|
|
||||||
pbURLActual, err := url.Parse(pbURL)
|
akURLActual, err := url.Parse(akURL)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
fmt.Println(err)
|
fmt.Println(err)
|
||||||
fmt.Println(helpMessage)
|
fmt.Println(helpMessage)
|
||||||
os.Exit(1)
|
os.Exit(1)
|
||||||
}
|
}
|
||||||
|
|
||||||
rand.Seed(time.Now().UnixNano())
|
ex := common.Init()
|
||||||
|
defer common.Defer()
|
||||||
|
|
||||||
ac := ak.NewAPIController(*pbURLActual, pbToken)
|
ac := ak.NewAPIController(*akURLActual, akToken)
|
||||||
|
|
||||||
interrupt := make(chan os.Signal, 1)
|
|
||||||
signal.Notify(interrupt, os.Interrupt)
|
|
||||||
|
|
||||||
ac.Server = ldap.NewServer(ac)
|
ac.Server = ldap.NewServer(ac)
|
||||||
|
|
||||||
|
@ -58,7 +54,7 @@ func main() {
|
||||||
}
|
}
|
||||||
|
|
||||||
for {
|
for {
|
||||||
<-interrupt
|
<-ex
|
||||||
ac.Shutdown()
|
ac.Shutdown()
|
||||||
os.Exit(0)
|
os.Exit(0)
|
||||||
}
|
}
|
||||||
|
|
|
@ -2,14 +2,12 @@ package main
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"fmt"
|
"fmt"
|
||||||
"math/rand"
|
|
||||||
"net/url"
|
"net/url"
|
||||||
"os"
|
"os"
|
||||||
"os/signal"
|
|
||||||
"time"
|
|
||||||
|
|
||||||
log "github.com/sirupsen/logrus"
|
log "github.com/sirupsen/logrus"
|
||||||
|
|
||||||
|
"goauthentik.io/internal/common"
|
||||||
"goauthentik.io/internal/outpost/ak"
|
"goauthentik.io/internal/outpost/ak"
|
||||||
"goauthentik.io/internal/outpost/proxy"
|
"goauthentik.io/internal/outpost/proxy"
|
||||||
)
|
)
|
||||||
|
@ -23,32 +21,30 @@ Required environment variables:
|
||||||
|
|
||||||
func main() {
|
func main() {
|
||||||
log.SetLevel(log.DebugLevel)
|
log.SetLevel(log.DebugLevel)
|
||||||
pbURL, found := os.LookupEnv("AUTHENTIK_HOST")
|
akURL, found := os.LookupEnv("AUTHENTIK_HOST")
|
||||||
if !found {
|
if !found {
|
||||||
fmt.Println("env AUTHENTIK_HOST not set!")
|
fmt.Println("env AUTHENTIK_HOST not set!")
|
||||||
fmt.Println(helpMessage)
|
fmt.Println(helpMessage)
|
||||||
os.Exit(1)
|
os.Exit(1)
|
||||||
}
|
}
|
||||||
pbToken, found := os.LookupEnv("AUTHENTIK_TOKEN")
|
akToken, found := os.LookupEnv("AUTHENTIK_TOKEN")
|
||||||
if !found {
|
if !found {
|
||||||
fmt.Println("env AUTHENTIK_TOKEN not set!")
|
fmt.Println("env AUTHENTIK_TOKEN not set!")
|
||||||
fmt.Println(helpMessage)
|
fmt.Println(helpMessage)
|
||||||
os.Exit(1)
|
os.Exit(1)
|
||||||
}
|
}
|
||||||
|
|
||||||
pbURLActual, err := url.Parse(pbURL)
|
akURLActual, err := url.Parse(akURL)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
fmt.Println(err)
|
fmt.Println(err)
|
||||||
fmt.Println(helpMessage)
|
fmt.Println(helpMessage)
|
||||||
os.Exit(1)
|
os.Exit(1)
|
||||||
}
|
}
|
||||||
|
|
||||||
rand.Seed(time.Now().UnixNano())
|
ex := common.Init()
|
||||||
|
defer common.Defer()
|
||||||
|
|
||||||
ac := ak.NewAPIController(*pbURLActual, pbToken)
|
ac := ak.NewAPIController(*akURLActual, akToken)
|
||||||
|
|
||||||
interrupt := make(chan os.Signal, 1)
|
|
||||||
signal.Notify(interrupt, os.Interrupt)
|
|
||||||
|
|
||||||
ac.Server = proxy.NewServer(ac)
|
ac.Server = proxy.NewServer(ac)
|
||||||
|
|
||||||
|
@ -58,7 +54,7 @@ func main() {
|
||||||
}
|
}
|
||||||
|
|
||||||
for {
|
for {
|
||||||
<-interrupt
|
<-ex
|
||||||
ac.Shutdown()
|
ac.Shutdown()
|
||||||
os.Exit(0)
|
os.Exit(0)
|
||||||
}
|
}
|
||||||
|
|
|
@ -3,10 +3,10 @@ package main
|
||||||
import (
|
import (
|
||||||
"fmt"
|
"fmt"
|
||||||
"sync"
|
"sync"
|
||||||
"time"
|
|
||||||
|
|
||||||
"github.com/getsentry/sentry-go"
|
"github.com/getsentry/sentry-go"
|
||||||
log "github.com/sirupsen/logrus"
|
log "github.com/sirupsen/logrus"
|
||||||
|
"goauthentik.io/internal/common"
|
||||||
"goauthentik.io/internal/config"
|
"goauthentik.io/internal/config"
|
||||||
"goauthentik.io/internal/constants"
|
"goauthentik.io/internal/constants"
|
||||||
"goauthentik.io/internal/gounicorn"
|
"goauthentik.io/internal/gounicorn"
|
||||||
|
@ -28,13 +28,13 @@ func main() {
|
||||||
Release: fmt.Sprintf("authentik@%s", constants.VERSION),
|
Release: fmt.Sprintf("authentik@%s", constants.VERSION),
|
||||||
Environment: config.G.ErrorReporting.Environment,
|
Environment: config.G.ErrorReporting.Environment,
|
||||||
})
|
})
|
||||||
defer sentry.Flush(time.Second * 5)
|
|
||||||
defer sentry.Recover()
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
defer common.Defer()
|
||||||
|
|
||||||
rl := log.WithField("logger", "authentik.g")
|
rl := log.WithField("logger", "authentik.g")
|
||||||
wg := sync.WaitGroup{}
|
wg := sync.WaitGroup{}
|
||||||
wg.Add(2)
|
wg.Add(3)
|
||||||
go func() {
|
go func() {
|
||||||
defer wg.Done()
|
defer wg.Done()
|
||||||
g := gounicorn.NewGoUnicorn()
|
g := gounicorn.NewGoUnicorn()
|
||||||
|
|
22
internal/common/global.go
Normal file
22
internal/common/global.go
Normal file
|
@ -0,0 +1,22 @@
|
||||||
|
package common
|
||||||
|
|
||||||
|
import (
|
||||||
|
"math/rand"
|
||||||
|
"os"
|
||||||
|
"os/signal"
|
||||||
|
"time"
|
||||||
|
|
||||||
|
"github.com/getsentry/sentry-go"
|
||||||
|
)
|
||||||
|
|
||||||
|
func Init() chan os.Signal {
|
||||||
|
rand.Seed(time.Now().UnixNano())
|
||||||
|
interrupt := make(chan os.Signal, 1)
|
||||||
|
signal.Notify(interrupt, os.Interrupt)
|
||||||
|
return interrupt
|
||||||
|
}
|
||||||
|
|
||||||
|
func Defer() {
|
||||||
|
defer sentry.Flush(time.Second * 5)
|
||||||
|
defer sentry.Recover()
|
||||||
|
}
|
|
@ -1,63 +0,0 @@
|
||||||
package ak
|
|
||||||
|
|
||||||
import (
|
|
||||||
"crypto/rand"
|
|
||||||
"crypto/rsa"
|
|
||||||
"crypto/tls"
|
|
||||||
"crypto/x509"
|
|
||||||
"crypto/x509/pkix"
|
|
||||||
"encoding/pem"
|
|
||||||
"math/big"
|
|
||||||
"time"
|
|
||||||
|
|
||||||
log "github.com/sirupsen/logrus"
|
|
||||||
)
|
|
||||||
|
|
||||||
// GenerateSelfSignedCert Generate a self-signed TLS Certificate, to be used as fallback
|
|
||||||
func GenerateSelfSignedCert() (tls.Certificate, error) {
|
|
||||||
priv, err := rsa.GenerateKey(rand.Reader, 2048)
|
|
||||||
if err != nil {
|
|
||||||
log.Fatalf("Failed to generate private key: %v", err)
|
|
||||||
return tls.Certificate{}, err
|
|
||||||
}
|
|
||||||
|
|
||||||
keyUsage := x509.KeyUsageDigitalSignature | x509.KeyUsageKeyEncipherment
|
|
||||||
|
|
||||||
notBefore := time.Now()
|
|
||||||
notAfter := notBefore.Add(365 * 24 * time.Hour)
|
|
||||||
|
|
||||||
serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128)
|
|
||||||
serialNumber, err := rand.Int(rand.Reader, serialNumberLimit)
|
|
||||||
if err != nil {
|
|
||||||
log.Fatalf("Failed to generate serial number: %v", err)
|
|
||||||
return tls.Certificate{}, err
|
|
||||||
}
|
|
||||||
|
|
||||||
template := x509.Certificate{
|
|
||||||
SerialNumber: serialNumber,
|
|
||||||
Subject: pkix.Name{
|
|
||||||
Organization: []string{"authentik"},
|
|
||||||
CommonName: "authentik Proxy default certificate",
|
|
||||||
},
|
|
||||||
NotBefore: notBefore,
|
|
||||||
NotAfter: notAfter,
|
|
||||||
|
|
||||||
KeyUsage: keyUsage,
|
|
||||||
ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
|
|
||||||
BasicConstraintsValid: true,
|
|
||||||
}
|
|
||||||
|
|
||||||
template.DNSNames = []string{"*"}
|
|
||||||
|
|
||||||
derBytes, err := x509.CreateCertificate(rand.Reader, &template, &template, &priv.PublicKey, priv)
|
|
||||||
if err != nil {
|
|
||||||
log.Warning(err)
|
|
||||||
}
|
|
||||||
pemBytes := pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: derBytes})
|
|
||||||
privBytes, err := x509.MarshalPKCS8PrivateKey(priv)
|
|
||||||
if err != nil {
|
|
||||||
log.Warning(err)
|
|
||||||
}
|
|
||||||
privPemByes := pem.EncodeToMemory(&pem.Block{Type: "PRIVATE KEY", Bytes: privBytes})
|
|
||||||
return tls.X509KeyPair(pemBytes, privPemByes)
|
|
||||||
}
|
|
|
@ -10,6 +10,7 @@ import (
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
log "github.com/sirupsen/logrus"
|
log "github.com/sirupsen/logrus"
|
||||||
|
"goauthentik.io/internal/crypto"
|
||||||
"goauthentik.io/internal/outpost/ak"
|
"goauthentik.io/internal/outpost/ak"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -25,7 +26,7 @@ type Server struct {
|
||||||
|
|
||||||
// NewServer initialise a new HTTP Server
|
// NewServer initialise a new HTTP Server
|
||||||
func NewServer(ac *ak.APIController) *Server {
|
func NewServer(ac *ak.APIController) *Server {
|
||||||
defaultCert, err := ak.GenerateSelfSignedCert()
|
defaultCert, err := crypto.GenerateSelfSignedCert()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Warning(err)
|
log.Warning(err)
|
||||||
}
|
}
|
||||||
|
|
Reference in a new issue