internal: reuse http transport to prevent leaking connections (#3996)

* Fix: Using the same http transport as the api

* fix: Using global tlsTransport instead of newly created one
This commit is contained in:
Daniel 2022-11-25 18:24:01 +01:00 committed by GitHub
parent f8ef2b666f
commit be9790ef8a
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -16,6 +16,7 @@ import (
) )
var initialSetup = false var initialSetup = false
var tlsTransport *http.RoundTripper = nil
func doGlobalSetup(outpost api.Outpost, globalConfig *api.Config) { func doGlobalSetup(outpost api.Outpost, globalConfig *api.Config) {
l := log.WithField("logger", "authentik.outpost") l := log.WithField("logger", "authentik.outpost")
@ -70,15 +71,19 @@ func doGlobalSetup(outpost api.Outpost, globalConfig *api.Config) {
// GetTLSTransport Get a TLS transport instance, that skips verification if configured via environment variables. // GetTLSTransport Get a TLS transport instance, that skips verification if configured via environment variables.
func GetTLSTransport() http.RoundTripper { func GetTLSTransport() http.RoundTripper {
if tlsTransport != nil {
return *tlsTransport
}
value, set := os.LookupEnv("AUTHENTIK_INSECURE") value, set := os.LookupEnv("AUTHENTIK_INSECURE")
if !set { if !set {
value = "false" value = "false"
} }
tlsTransport, err := httptransport.TLSTransport(httptransport.TLSClientOptions{ tmp, err := httptransport.TLSTransport(httptransport.TLSClientOptions{
InsecureSkipVerify: strings.ToLower(value) == "true", InsecureSkipVerify: strings.ToLower(value) == "true",
}) })
if err != nil { if err != nil {
panic(err) panic(err)
} }
return tlsTransport tlsTransport = &tmp
return *tlsTransport
} }