habsi/authentik
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch 'main' into dev

Browse Source 
* main:
  website/docs: config: remove options moved to tenants (#8976)
  web: bump @types/grecaptcha from 3.0.8 to 3.0.9 in /web (#8971)
  web: bump country-flag-icons from 1.5.9 to 1.5.10 in /web (#8970)
  web: bump the babel group in /web with 7 updates (#8969)
  core: bump uvicorn from 0.28.0 to 0.28.1 (#8968)
  website: bump postcss from 8.4.36 to 8.4.37 in /website (#8967)
  internal: cleanup static file serving setup code (#8965)
  website/integrations: portainer: match portainer settings order (#8974)
This commit is contained in:
Ken Sternberg
2024-03-20 10:12:34 -07:00
parent 30beca9118 96554de17a
commit 5d8408287f
8 changed files with 466 additions and 449 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
internal/web/static.go
View File

@ -14,26 +14,27 @@ import (
)
func (ws *WebServer) configureStatic() {
statRouter := ws.lh.NewRoute().Subrouter()
statRouter.Use(ws.staticHeaderMiddleware)
indexLessRouter := statRouter.NewRoute().Subrouter()
indexLessRouter.Use(web.DisableIndex)
distFs := http.FileServer(http.Dir("./web/dist"))
distHandler := http.StripPrefix("/static/dist/", distFs)
authentikHandler := http.StripPrefix("/static/authentik/", http.FileServer(http.Dir("./web/authentik")))
helpHandler := http.FileServer(http.Dir("./website/help/"))
indexLessRouter.PathPrefix("/static/dist/").Handler(distHandler)
indexLessRouter.PathPrefix("/static/authentik/").Handler(authentikHandler)
staticRouter := ws.lh.NewRoute().Subrouter()
staticRouter.Use(ws.staticHeaderMiddleware)
staticRouter.Use(web.DisableIndex)
// Prevent font-loading issues on safari, which loads fonts relatively to the URL the browser is on
indexLessRouter.PathPrefix("/if/flow/{flow_slug}/assets").HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {
distFs := http.FileServer(http.Dir("./web/dist"))
authentikHandler := http.StripPrefix("/static/authentik/", http.FileServer(http.Dir("./web/authentik")))
// Root file paths, from which they should be accessed
staticRouter.PathPrefix("/static/dist/").Handler(http.StripPrefix("/static/dist/", distFs))
staticRouter.PathPrefix("/static/authentik/").Handler(authentikHandler)
// Also serve assets folder in specific interfaces since fonts in patternfly are imported
// with a relative path
staticRouter.PathPrefix("/if/flow/{flow_slug}/assets").HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {
vars := mux.Vars(r)
web.DisableIndex(http.StripPrefix(fmt.Sprintf("/if/flow/%s", vars["flow_slug"]), distFs)).ServeHTTP(rw, r)
})
indexLessRouter.PathPrefix("/if/admin/assets").Handler(http.StripPrefix("/if/admin", distFs))
indexLessRouter.PathPrefix("/if/user/assets").Handler(http.StripPrefix("/if/user", distFs))
indexLessRouter.PathPrefix("/if/rac/{app_slug}/assets").HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {
staticRouter.PathPrefix("/if/admin/assets").Handler(http.StripPrefix("/if/admin", distFs))
staticRouter.PathPrefix("/if/user/assets").Handler(http.StripPrefix("/if/user", distFs))
staticRouter.PathPrefix("/if/rac/{app_slug}/assets").HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {
vars := mux.Vars(r)
web.DisableIndex(http.StripPrefix(fmt.Sprintf("/if/rac/%s", vars["app_slug"]), distFs)).ServeHTTP(rw, r)
@ -42,12 +43,13 @@ func (ws *WebServer) configureStatic() {
// Media files, if backend is file
if config.Get().Storage.Media.Backend == "file" {
fsMedia := http.FileServer(http.Dir(config.Get().Storage.Media.File.Path))
indexLessRouter.PathPrefix("/media/").Handler(http.StripPrefix("/media", fsMedia))
staticRouter.PathPrefix("/media/").Handler(http.StripPrefix("/media", fsMedia))
}
statRouter.PathPrefix("/if/help/").Handler(http.StripPrefix("/if/help/", helpHandler))
statRouter.PathPrefix("/help").Handler(http.RedirectHandler("/if/help/", http.StatusMovedPermanently))
staticRouter.PathPrefix("/if/help/").Handler(http.StripPrefix("/if/help/", http.FileServer(http.Dir("./website/help/"))))
staticRouter.PathPrefix("/help").Handler(http.RedirectHandler("/if/help/", http.StatusMovedPermanently))
// Static misc files
ws.lh.Path("/robots.txt").HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {
rw.Header()["Content-Type"] = []string{"text/plain"}
rw.WriteHeader(200)

6
poetry.lock generated
View File

@ -3983,13 +3983,13 @@ zstd = ["zstandard (>=0.18.0)"]
[[package]]
name = "uvicorn"
version = "0.28.0"
version = "0.28.1"
description = "The lightning-fast ASGI server."
optional = false
python-versions = ">=3.8"
files = [
{file = "uvicorn-0.28.0-py3-none-any.whl", hash = "sha256:6623abbbe6176204a4226e67607b4d52cc60ff62cda0ff177613645cefa2ece1"},
{file = "uvicorn-0.28.0.tar.gz", hash = "sha256:cab4473b5d1eaeb5a0f6375ac4bc85007ffc75c3cc1768816d9e5d589857b067"},
{file = "uvicorn-0.28.1-py3-none-any.whl", hash = "sha256:5162f6d652f545be91b1feeaee8180774af143965ca9dc8a47ff1dc6bafa4ad5"},
{file = "uvicorn-0.28.1.tar.gz", hash = "sha256:08103e79d546b6cf20f67c7e5e434d2cf500a6e29b28773e407250c54fc4fa3c"},
]
[package.dependencies]

758
web/package-lock.json generated
View File

File diff suppressed because it is too large Load Diff

18
web/package.json
View File

@ -54,7 +54,7 @@
"codemirror": "^6.0.1",
"construct-style-sheets-polyfill": "^3.1.0",
"core-js": "^3.36.1",
"country-flag-icons": "^1.5.9",
"country-flag-icons": "^1.5.10",
"fuse.js": "^7.0.0",
"guacamole-common-js": "^1.5.0",
"lit": "^3.1.2",
@ -68,14 +68,14 @@
"yaml": "^2.4.1"
},
"devDependencies": {
"@babel/core": "^7.24.0",
"@babel/core": "^7.24.1",
"@babel/plugin-proposal-class-properties": "^7.18.6",
"@babel/plugin-proposal-decorators": "^7.24.0",
"@babel/plugin-transform-private-methods": "^7.23.3",
"@babel/plugin-transform-private-property-in-object": "^7.23.4",
"@babel/plugin-transform-runtime": "^7.24.0",
"@babel/preset-env": "^7.24.0",
"@babel/preset-typescript": "^7.23.3",
"@babel/plugin-proposal-decorators": "^7.24.1",
"@babel/plugin-transform-private-methods": "^7.24.1",
"@babel/plugin-transform-private-property-in-object": "^7.24.1",
"@babel/plugin-transform-runtime": "^7.24.1",
"@babel/preset-env": "^7.24.1",
"@babel/preset-typescript": "^7.24.1",
"@hcaptcha/types": "^1.0.3",
"@jeysal/storybook-addon-css-user-preferences": "^0.2.0",
"@lit/localize-tools": "^0.7.2",
@ -91,7 +91,7 @@
"@trivago/prettier-plugin-sort-imports": "^4.3.0",
"@types/chart.js": "^2.9.41",
"@types/codemirror": "5.60.15",
"@types/grecaptcha": "^3.0.8",
"@types/grecaptcha": "^3.0.9",
"@types/guacamole-common-js": "1.5.2",
"@types/showdown": "^2.0.6",
"@typescript-eslint/eslint-plugin": "^7.3.1",

75
website/docs/installation/configuration.mdx
View File

@ -269,59 +269,6 @@ Disable the inbuilt update-checker. Defaults to `false`.
- Kubeconfig
- Existence of a docker socket
### `AUTHENTIK_AVATARS`
Configure how authentik should show avatars for users. Following values can be set:
Default: `gravatar,initials`
- `none`: Disables per-user avatars and just shows a 1x1 pixel transparent picture
- `gravatar`: Uses gravatar with the user's email address
- `initials`: Generated avatars based on the user's name
- Any URL: If you want to use images hosted on another server, you can set any URL.
Additionally, these placeholders can be used:
- `%(username)s`: The user's username
- `%(mail_hash)s`: The email address, md5 hashed
- `%(upn)s`: The user's UPN, if set (otherwise an empty string)
Starting with authentik 2022.8, you can also use an attribute path like `attributes.something.avatar`, which can be used in combination with the file field to allow users to upload custom avatars for themselves.
Starting with authentik 2023.2, multiple modes can be set, and authentik will fallback to the next mode when no avatar could be found. For example, setting this to `gravatar,initials` will attempt to get an avatar from Gravatar, and if the user has not configured on there, it will fallback to a generated avatar.
### `AUTHENTIK_DEFAULT_USER_CHANGE_NAME`
:::info
Requires authentik 2021.12.5
:::
Enable the ability for users to change their name, defaults to `true`.
### `AUTHENTIK_DEFAULT_USER_CHANGE_EMAIL`
:::info
Requires authentik 2021.12.1
:::
Enable the ability for users to change their Email address, defaults to `false`.
### `AUTHENTIK_DEFAULT_USER_CHANGE_USERNAME`
:::info
Requires authentik 2021.12.1
:::
Enable the ability for users to change their Usernames, defaults to `false`.
### `AUTHENTIK_GDPR_COMPLIANCE`
:::info
Requires authentik 2021.12.1
:::
When enabled, all the events caused by a user will be deleted upon the user's deletion. Defaults to `true`.
### `AUTHENTIK_DEFAULT_TOKEN_LENGTH`
:::info
@ -330,28 +277,6 @@ Requires authentik 2022.4.1
Configure the length of generated tokens. Defaults to 60.
### `AUTHENTIK_IMPERSONATION`
:::info
Requires authentik 2022.4.2
:::
Globally enable/disable impersonation. Defaults to `true`.
### `AUTHENTIK_FOOTER_LINKS`
:::info
Requires authentik 2021.12.1
:::
This option configures the footer links on the flow executor pages.
The setting can be used as follows:
```
AUTHENTIK_FOOTER_LINKS='[{"name": "Link Name","href":"https://goauthentik.io"}]'
```
### `AUTHENTIK_LDAP__TASK_TIMEOUT_HOURS`
:::info

2
website/integrations/services/portainer/index.md
View File

@ -44,8 +44,8 @@ In Portainer, under _Settings_, _Authentication_, Select _OAuth_ and _Custom_
- Client Secret: Client Secret from step 1
- Authorization URL: `https://authentik.company/application/o/authorize/`
- Access Token URL: `https://authentik.company/application/o/token/`
- Redirect URL: `https://portainer.company`
- Resource URL: `https://authentik.company/application/o/userinfo/`
- Redirect URL: `https://portainer.company`
- Logout URL: `https://authentik.company/application/o/portainer/end-session/`
- User Identifier: `preferred_username` (Or `email` if you want to use email addresses as identifiers)
- Scopes: `email openid profile`

16
website/package-lock.json generated
View File

@ -18,7 +18,7 @@
"@mdx-js/react": "^3.0.1",
"clsx": "^2.1.0",
"disqus-react": "^1.1.5",
"postcss": "^8.4.36",
"postcss": "^8.4.37",
"prism-react-renderer": "^2.3.1",
"react": "^18.2.0",
"react-before-after-slider-component": "^1.1.8",
@ -12857,9 +12857,9 @@
}
},
"node_modules/postcss": {
"version": "8.4.36",
"resolved": "https://registry.npmjs.org/postcss/-/postcss-8.4.36.tgz",
"integrity": "sha512-/n7eumA6ZjFHAsbX30yhHup/IMkOmlmvtEi7P+6RMYf+bGJSUHc3geH4a0NSZxAz/RJfiS9tooCTs9LAVYUZKw==",
"version": "8.4.37",
"resolved": "https://registry.npmjs.org/postcss/-/postcss-8.4.37.tgz",
"integrity": "sha512-7iB/v/r7Woof0glKLH8b1SPHrsX7uhdO+Geb41QpF/+mWZHU3uxxSlN+UXGVit1PawOYDToO+AbZzhBzWRDwbQ==",
"funding": [
{
"type": "opencollective",
@ -12877,7 +12877,7 @@
"dependencies": {
"nanoid": "^3.3.7",
"picocolors": "^1.0.0",
"source-map-js": "^1.1.0"
"source-map-js": "^1.2.0"
},
"engines": {
"node": "^10 || ^12 || >=14"
@ -15188,9 +15188,9 @@
}
},
"node_modules/source-map-js": {
"version": "1.1.0",
"resolved": "https://registry.npmjs.org/source-map-js/-/source-map-js-1.1.0.tgz",
"integrity": "sha512-9vC2SfsJzlej6MAaMPLu8HiBSHGdRAJ9hVFYN1ibZoNkeanmDmLUcIrj6G9DGL7XMJ54AKg/G75akXl1/izTOw==",
"version": "1.2.0",
"resolved": "https://registry.npmjs.org/source-map-js/-/source-map-js-1.2.0.tgz",
"integrity": "sha512-itJW8lvSA0TXEphiRoawsCksnlf8SyvmFzIhltqAHluXd88pkCd+cXJVHTDwdCr0IzwptSm035IHQktUu1QUMg==",
"engines": {
"node": ">=0.10.0"
}

2
website/package.json
View File

@ -25,7 +25,7 @@
"@mdx-js/react": "^3.0.1",
"clsx": "^2.1.0",
"disqus-react": "^1.1.5",
"postcss": "^8.4.36",
"postcss": "^8.4.37",
"prism-react-renderer": "^2.3.1",
"react": "^18.2.0",
"react-before-after-slider-component": "^1.1.8",