Merge branch 'master' into outpost-ldap
This commit is contained in:
Jens Langhammer
@ -1,6 +1,6 @@
|
||||
# authentik outpost
|
||||
|
||||
[](https://dev.azure.com/beryjuorg/authentik/_build?definitionId=3)
|
||||
[](https://dev.azure.com/beryjuorg/authentik/_build?definitionId=8)
|
||||
|
||||
|
||||
Reverse Proxy based on [oauth2_proxy](https://github.com/oauth2-proxy/oauth2-proxy), completely managed and monitored by authentik.
|
||||
|
||||
@ -31,8 +31,7 @@ type APIController struct {
|
||||
|
||||
Server Outpost
|
||||
|
||||
lastBundleHash string
|
||||
logger *log.Entry
|
||||
logger *log.Entry
|
||||
|
||||
reloadOffset time.Duration
|
||||
|
||||
@ -71,18 +70,12 @@ func NewAPIController(akURL url.URL, token string) *APIController {
|
||||
logger: log,
|
||||
|
||||
reloadOffset: time.Duration(rand.Intn(10)) * time.Second,
|
||||
|
||||
lastBundleHash: "",
|
||||
}
|
||||
ac.logger.Debugf("HA Reload offset: %s", ac.reloadOffset)
|
||||
ac.initWS(akURL, outpost.Pk)
|
||||
return ac
|
||||
}
|
||||
|
||||
func (a *APIController) GetLastBundleHash() string {
|
||||
return a.lastBundleHash
|
||||
}
|
||||
|
||||
// Start Starts all handlers, non-blocking
|
||||
func (a *APIController) Start() error {
|
||||
err := a.Server.Refresh()
|
||||
|
||||
@ -1,10 +1,6 @@
|
||||
package ak
|
||||
|
||||
import (
|
||||
"crypto/sha512"
|
||||
"encoding/hex"
|
||||
"encoding/json"
|
||||
|
||||
"goauthentik.io/outpost/pkg/client/outposts"
|
||||
"goauthentik.io/outpost/pkg/models"
|
||||
)
|
||||
@ -15,16 +11,5 @@ func (a *APIController) Update() ([]*models.ProxyOutpostConfig, error) {
|
||||
a.logger.WithError(err).Error("Failed to fetch providers")
|
||||
return nil, err
|
||||
}
|
||||
// Check provider hash to see if anything is changed
|
||||
hasher := sha512.New()
|
||||
out, err := json.Marshal(providers.Payload.Results)
|
||||
if err != nil {
|
||||
return nil, nil
|
||||
}
|
||||
hash := hex.EncodeToString(hasher.Sum(out))
|
||||
if hash == a.lastBundleHash {
|
||||
return nil, nil
|
||||
}
|
||||
a.lastBundleHash = hash
|
||||
return providers.Payload.Results, nil
|
||||
}
|
||||
|
||||
@ -15,9 +15,9 @@ import (
|
||||
"goauthentik.io/outpost/pkg"
|
||||
)
|
||||
|
||||
func (ac *APIController) initWS(pbURL url.URL, outpostUUID strfmt.UUID) {
|
||||
func (ac *APIController) initWS(akURL url.URL, outpostUUID strfmt.UUID) {
|
||||
pathTemplate := "%s://%s/ws/outpost/%s/"
|
||||
scheme := strings.ReplaceAll(pbURL.Scheme, "http", "ws")
|
||||
scheme := strings.ReplaceAll(akURL.Scheme, "http", "ws")
|
||||
|
||||
authHeader := fmt.Sprintf("Bearer %s", ac.token)
|
||||
|
||||
@ -37,7 +37,7 @@ func (ac *APIController) initWS(pbURL url.URL, outpostUUID strfmt.UUID) {
|
||||
InsecureSkipVerify: strings.ToLower(value) == "true",
|
||||
},
|
||||
}
|
||||
ws.Dial(fmt.Sprintf(pathTemplate, scheme, pbURL.Host, outpostUUID.String()), header)
|
||||
ws.Dial(fmt.Sprintf(pathTemplate, scheme, akURL.Host, outpostUUID.String()), header)
|
||||
|
||||
ac.logger.WithField("logger", "authentik.outpost.ak-ws").WithField("outpost", outpostUUID.String()).Debug("connecting to authentik")
|
||||
|
||||
|
||||
@ -107,7 +107,7 @@ func (h loggingHandler) ServeHTTP(w http.ResponseWriter, req *http.Request) {
|
||||
duration := float64(time.Since(t)) / float64(time.Millisecond)
|
||||
h.logger.WithFields(log.Fields{
|
||||
"host": req.RemoteAddr,
|
||||
"vhost": req.Host,
|
||||
"vhost": getHost(req),
|
||||
"request_protocol": req.Proto,
|
||||
"runtime": fmt.Sprintf("%0.3f", duration),
|
||||
"method": req.Method,
|
||||
|
||||
@ -161,7 +161,7 @@ func (p *OAuthProxy) OAuthStart(rw http.ResponseWriter, req *http.Request) {
|
||||
p.ErrorPage(rw, http.StatusInternalServerError, "Internal Server Error", err.Error())
|
||||
return
|
||||
}
|
||||
redirectURI := p.GetRedirectURI(req.Host)
|
||||
redirectURI := p.GetRedirectURI(getHost(req))
|
||||
http.Redirect(rw, req, p.provider.GetLoginURL(redirectURI, fmt.Sprintf("%v:%v", nonce, redirect)), http.StatusFound)
|
||||
}
|
||||
|
||||
@ -184,7 +184,7 @@ func (p *OAuthProxy) OAuthCallback(rw http.ResponseWriter, req *http.Request) {
|
||||
return
|
||||
}
|
||||
|
||||
session, err := p.redeemCode(req.Context(), req.Host, req.Form.Get("code"))
|
||||
session, err := p.redeemCode(req.Context(), getHost(req), req.Form.Get("code"))
|
||||
if err != nil {
|
||||
p.logger.Errorf("Error redeeming code during OAuth2 callback: %v", err)
|
||||
p.ErrorPage(rw, http.StatusInternalServerError, "Internal Server Error", "Internal Error")
|
||||
|
||||
@ -42,7 +42,8 @@ func (s *Server) handler(w http.ResponseWriter, r *http.Request) {
|
||||
w.WriteHeader(204)
|
||||
return
|
||||
}
|
||||
handler, ok := s.Handlers[r.Host]
|
||||
host := getHost(r)
|
||||
handler, ok := s.Handlers[host]
|
||||
if !ok {
|
||||
// If we only have one handler, host name switching doesn't matter
|
||||
if len(s.Handlers) == 1 {
|
||||
@ -56,7 +57,7 @@ func (s *Server) handler(w http.ResponseWriter, r *http.Request) {
|
||||
for k := range s.Handlers {
|
||||
hostKeys = append(hostKeys, k)
|
||||
}
|
||||
s.logger.WithField("host", r.Host).WithField("known-hosts", strings.Join(hostKeys, ", ")).Debug("Host header does not match any we know of")
|
||||
s.logger.WithField("host", host).WithField("known-hosts", strings.Join(hostKeys, ", ")).Debug("Host header does not match any we know of")
|
||||
w.WriteHeader(404)
|
||||
return
|
||||
}
|
||||
|
||||
12
outpost/pkg/proxy/utils.go
Normal file
12
outpost/pkg/proxy/utils.go
Normal file
@ -0,0 +1,12 @@
|
||||
package proxy
|
||||
|
||||
import "net/http"
|
||||
|
||||
var xForwardedHost = http.CanonicalHeaderKey("X-Forwarded-Host")
|
||||
|
||||
func getHost(req *http.Request) string {
|
||||
if req.Header.Get(xForwardedHost) != "" {
|
||||
return req.Header.Get(xForwardedHost)
|
||||
}
|
||||
return req.Host
|
||||
}
|
||||
@ -1,3 +1,3 @@
|
||||
package pkg
|
||||
|
||||
const VERSION = "2021.4.2"
|
||||
const VERSION = "2021.4.4"
|
||||
|
||||
Reference in New Issue
Block a user