habsi/authentik
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

root: fix config loading for outposts (#6640)

Browse Source 
* root: fix config loading for outposts

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix error handling

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* improve check to see if outpost is embedded or not

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* also fix oauth url fetching

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
This commit is contained in:
Jens L
2023-08-26 19:40:48 +02:00
committed by GitHub
parent 04f46c1d18
commit 9e29789c09
5 changed files with 47 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
internal/outpost/proxyv2/application/application.go
View File

@ -55,6 +55,8 @@ type Application struct {
errorTemplates *template.Template
authHeaderCache *ttlcache.Cache[string, Claims]
isEmbedded bool
}
type Server interface {
@ -86,15 +88,15 @@ func NewApplication(p api.ProxyOutpostConfig, c *http.Client, server Server) (*A
CallbackSignature: []string{"true"},
}.Encode()
managed := false
isEmbedded := false
if m := server.API().Outpost.Managed.Get(); m != nil {
managed = *m == "goauthentik.io/outposts/embedded"
isEmbedded = *m == "goauthentik.io/outposts/embedded"
}
// Configure an OpenID Connect aware OAuth2 client.
endpoint := GetOIDCEndpoint(
p,
server.API().Outpost.Config["authentik_host"].(string),
managed,
isEmbedded,
)
verifier := oidc.NewVerifier(endpoint.Issuer, ks, &oidc.Config{
@ -132,6 +134,7 @@ func NewApplication(p api.ProxyOutpostConfig, c *http.Client, server Server) (*A
ak: server.API(),
authHeaderCache: ttlcache.New(ttlcache.WithDisableTouchOnHit[string, Claims]()),
srv: server,
isEmbedded: isEmbedded,
}
go a.authHeaderCache.Start()
a.sessions = a.getStore(p, externalHost)

2
internal/outpost/proxyv2/application/session.go
View File

@ -29,7 +29,7 @@ func (a *Application) getStore(p api.ProxyOutpostConfig, externalHost *url.URL)
// Add one to the validity to ensure we don't have a session with indefinite length
maxAge = int(*t) + 1
}
if config.Get().Redis.Host != "" {
if a.isEmbedded {
rs, err := redistore.NewRediStoreWithDB(10, "tcp", fmt.Sprintf("%s:%d", config.Get().Redis.Host, config.Get().Redis.Port), config.Get().Redis.Password, strconv.Itoa(config.Get().Redis.DB))
if err != nil {
panic(err)