outposts/proxyv2 (#1365)

* outposts/proxyv2: initial commit

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

add rs256

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

more stuff

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

add forward auth an sign_out

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

match cookie name

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

re-add support for rs256 for backwards compat

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

add error handler

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

ensure unique user-agent is used

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

set cookie duration based on id_token expiry

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

build proxy v2

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

add ssl

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

add basic auth and custom header support

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

add application cert loading

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

implement whitelist

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

add redis

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

migrate embedded outpost to v2

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

remove old proxy

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

providers/proxy: make token expiration configurable

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

add metrics

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

fix tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* providers/proxy: only allow one redirect URI

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix docker build for proxy

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* remove default port offset

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add AUTHENTIK_HOST_BROWSER

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* tests: fix e2e/integration tests not using proper tags

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* remove references of old port

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix user_attributes not being loaded correctly

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* cleanup dependencies

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* cleanup

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

internal/outpost/proxyv2/handlers.go

@@ -0,0 +1,48 @@
+package proxyv2
+
+import (
+	"net/http"
+	"time"
+
+	"github.com/prometheus/client_golang/prometheus"
+	"goauthentik.io/internal/outpost/proxyv2/metrics"
+	"goauthentik.io/internal/utils/web"
+	staticWeb "goauthentik.io/web"
+)
+
+func (ps *ProxyServer) HandlePing(rw http.ResponseWriter, r *http.Request) {
+	before := time.Now()
+	rw.WriteHeader(204)
+	after := time.Since(before)
+	metrics.Requests.With(prometheus.Labels{
+		"type":   "ping",
+		"method": r.Method,
+		"path":   r.URL.Path,
+		"host":   web.GetHost(r),
+	}).Observe(float64(after))
+}
+
+func (ps *ProxyServer) HandleStatic(rw http.ResponseWriter, r *http.Request) {
+	staticFs := http.FileServer(http.FS(staticWeb.StaticDist))
+	before := time.Now()
+	http.StripPrefix("/akprox/static", staticFs).ServeHTTP(rw, r)
+	after := time.Since(before)
+	metrics.Requests.With(prometheus.Labels{
+		"type":   "static",
+		"method": r.Method,
+		"path":   r.URL.Path,
+		"host":   web.GetHost(r),
+	}).Observe(float64(after))
+}
+
+func (ps *ProxyServer) Handle(rw http.ResponseWriter, r *http.Request) {
+	host := web.GetHost(r)
+	a, ok := ps.apps[host]
+	if !ok {
+		ps.log.WithField("host", host).Warning("no app for hostname")
+		rw.WriteHeader(400)
+		return
+	}
+	ps.log.WithField("host", host).Trace("passing to application mux")
+	a.ServeHTTP(rw, r)
+}