outposts/proxyv2 (#1365)

* outposts/proxyv2: initial commit Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> add rs256 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> more stuff Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> add forward auth an sign_out Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> match cookie name Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> re-add support for rs256 for backwards compat Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> add error handler Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> ensure unique user-agent is used Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> set cookie duration based on id_token expiry Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> build proxy v2 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> add ssl Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> add basic auth and custom header support Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> add application cert loading Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> implement whitelist Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> add redis Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> migrate embedded outpost to v2 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> remove old proxy Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> providers/proxy: make token expiration configurable Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> add metrics Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> fix tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * providers/proxy: only allow one redirect URI Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix docker build for proxy Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * remove default port offset Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add AUTHENTIK_HOST_BROWSER Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * tests: fix e2e/integration tests not using proper tags Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * remove references of old port Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix user_attributes not being loaded correctly Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * cleanup dependencies Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * cleanup Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-08 20:04:56 +02:00
parent 27508dd1f0
commit 3c1b70c355
75 changed files with 1368 additions and 1665 deletions
--- a/web/src/pages/outposts/OutpostDeploymentModal.ts
+++ b/web/src/pages/outposts/OutpostDeploymentModal.ts
@ -1,4 +1,4 @@
-import { Outpost } from "@goauthentik/api";
+import { Outpost, OutpostTypeEnum } from "@goauthentik/api";
 import { customElement, html, property, TemplateResult } from "lit-element";
 import { t } from "@lingui/macro";
 import { ifDefined } from "lit-html/directives/if-defined";
@ -53,6 +53,26 @@ export class OutpostDeploymentModal extends ModalButton {
                        </label>
                        <input class="pf-c-form-control" readonly type="text" value="true" />
                    </div>
+                    ${this.outpost?.type == OutpostTypeEnum.Proxy
+                        ? html`
+                              <h3>
+                                  ${t`If your authentik_host setting does not match the URL you want to login with, add this setting.`}
+                              </h3>
+                              <div class="pf-c-form__group">
+                                  <label class="pf-c-form__label" for="help-text-simple-form-name">
+                                      <span class="pf-c-form__label-text"
+                                          >AUTHENTIK_HOST_BROWSER</span
+                                      >
+                                  </label>
+                                  <input
+                                      class="pf-c-form-control"
+                                      readonly
+                                      type="text"
+                                      value="${document.location.origin}"
+                                  />
+                              </div>
+                          `
+                        : html``}
                </form>
            </div>
            <footer class="pf-c-modal-box__footer pf-m-align-left">
--- a/web/src/pages/providers/proxy/ProxyProviderForm.ts
+++ b/web/src/pages/providers/proxy/ProxyProviderForm.ts
@ -302,6 +302,17 @@ export class ProxyProviderFormPage extends ModelForm<ProxyProvider, number> {
                </div>
                <div class="pf-c-card__footer">${this.renderSettings()}</div>
            </div>
+            <ak-form-element-horizontal label=${t`Token validity`} name="tokenValidity">
+                <input
+                    type="text"
+                    value="${first(this.instance?.tokenValidity, "hours=24")}"
+                    class="pf-c-form-control"
+                />
+                <p class="pf-c-form__helper-text">${t`Configure how long tokens are valid for.`}</p>
+                <p class="pf-c-form__helper-text">
+                    ${t`(Format: hours=-1;minutes=-2;seconds=-3).`}
+                </p>
+            </ak-form-element-horizontal>

            <ak-form-group>
                <span slot="header"> ${t`Advanced protocol settings`} </span>