diff --git a/cmd/ldap/server.go b/cmd/ldap/server.go index 210b553123..86a547ddd0 100644 --- a/cmd/ldap/server.go +++ b/cmd/ldap/server.go @@ -2,14 +2,12 @@ package main import ( "fmt" - "math/rand" "net/url" "os" - "os/signal" - "time" log "github.com/sirupsen/logrus" + "goauthentik.io/internal/common" "goauthentik.io/internal/outpost/ak" "goauthentik.io/internal/outpost/ldap" ) @@ -23,32 +21,30 @@ Required environment variables: func main() { log.SetLevel(log.DebugLevel) - pbURL, found := os.LookupEnv("AUTHENTIK_HOST") + akURL, found := os.LookupEnv("AUTHENTIK_HOST") if !found { fmt.Println("env AUTHENTIK_HOST not set!") fmt.Println(helpMessage) os.Exit(1) } - pbToken, found := os.LookupEnv("AUTHENTIK_TOKEN") + akToken, found := os.LookupEnv("AUTHENTIK_TOKEN") if !found { fmt.Println("env AUTHENTIK_TOKEN not set!") fmt.Println(helpMessage) os.Exit(1) } - pbURLActual, err := url.Parse(pbURL) + akURLActual, err := url.Parse(akURL) if err != nil { fmt.Println(err) fmt.Println(helpMessage) os.Exit(1) } - rand.Seed(time.Now().UnixNano()) + ex := common.Init() + defer common.Defer() - ac := ak.NewAPIController(*pbURLActual, pbToken) - - interrupt := make(chan os.Signal, 1) - signal.Notify(interrupt, os.Interrupt) + ac := ak.NewAPIController(*akURLActual, akToken) ac.Server = ldap.NewServer(ac) @@ -58,7 +54,7 @@ func main() { } for { - <-interrupt + <-ex ac.Shutdown() os.Exit(0) } diff --git a/cmd/proxy/server.go b/cmd/proxy/server.go index 368210d8c8..f6073d62bf 100644 --- a/cmd/proxy/server.go +++ b/cmd/proxy/server.go @@ -2,14 +2,12 @@ package main import ( "fmt" - "math/rand" "net/url" "os" - "os/signal" - "time" log "github.com/sirupsen/logrus" + "goauthentik.io/internal/common" "goauthentik.io/internal/outpost/ak" "goauthentik.io/internal/outpost/proxy" ) @@ -23,32 +21,30 @@ Required environment variables: func main() { log.SetLevel(log.DebugLevel) - pbURL, found := os.LookupEnv("AUTHENTIK_HOST") + akURL, found := os.LookupEnv("AUTHENTIK_HOST") if !found { fmt.Println("env AUTHENTIK_HOST not set!") fmt.Println(helpMessage) os.Exit(1) } - pbToken, found := os.LookupEnv("AUTHENTIK_TOKEN") + akToken, found := os.LookupEnv("AUTHENTIK_TOKEN") if !found { fmt.Println("env AUTHENTIK_TOKEN not set!") fmt.Println(helpMessage) os.Exit(1) } - pbURLActual, err := url.Parse(pbURL) + akURLActual, err := url.Parse(akURL) if err != nil { fmt.Println(err) fmt.Println(helpMessage) os.Exit(1) } - rand.Seed(time.Now().UnixNano()) + ex := common.Init() + defer common.Defer() - ac := ak.NewAPIController(*pbURLActual, pbToken) - - interrupt := make(chan os.Signal, 1) - signal.Notify(interrupt, os.Interrupt) + ac := ak.NewAPIController(*akURLActual, akToken) ac.Server = proxy.NewServer(ac) @@ -58,7 +54,7 @@ func main() { } for { - <-interrupt + <-ex ac.Shutdown() os.Exit(0) } diff --git a/cmd/server/main.go b/cmd/server/main.go index f6c450d33a..8d4a911458 100644 --- a/cmd/server/main.go +++ b/cmd/server/main.go @@ -3,10 +3,10 @@ package main import ( "fmt" "sync" - "time" "github.com/getsentry/sentry-go" log "github.com/sirupsen/logrus" + "goauthentik.io/internal/common" "goauthentik.io/internal/config" "goauthentik.io/internal/constants" "goauthentik.io/internal/gounicorn" @@ -28,13 +28,13 @@ func main() { Release: fmt.Sprintf("authentik@%s", constants.VERSION), Environment: config.G.ErrorReporting.Environment, }) - defer sentry.Flush(time.Second * 5) - defer sentry.Recover() } + defer common.Defer() + rl := log.WithField("logger", "authentik.g") wg := sync.WaitGroup{} - wg.Add(2) + wg.Add(3) go func() { defer wg.Done() g := gounicorn.NewGoUnicorn() diff --git a/internal/common/global.go b/internal/common/global.go new file mode 100644 index 0000000000..a60edf239a --- /dev/null +++ b/internal/common/global.go @@ -0,0 +1,22 @@ +package common + +import ( + "math/rand" + "os" + "os/signal" + "time" + + "github.com/getsentry/sentry-go" +) + +func Init() chan os.Signal { + rand.Seed(time.Now().UnixNano()) + interrupt := make(chan os.Signal, 1) + signal.Notify(interrupt, os.Interrupt) + return interrupt +} + +func Defer() { + defer sentry.Flush(time.Second * 5) + defer sentry.Recover() +} diff --git a/internal/outpost/ak/cert.go b/internal/outpost/ak/cert.go deleted file mode 100644 index 69c39f6bf4..0000000000 --- a/internal/outpost/ak/cert.go +++ /dev/null @@ -1,63 +0,0 @@ -package ak - -import ( - "crypto/rand" - "crypto/rsa" - "crypto/tls" - "crypto/x509" - "crypto/x509/pkix" - "encoding/pem" - "math/big" - "time" - - log "github.com/sirupsen/logrus" -) - -// GenerateSelfSignedCert Generate a self-signed TLS Certificate, to be used as fallback -func GenerateSelfSignedCert() (tls.Certificate, error) { - priv, err := rsa.GenerateKey(rand.Reader, 2048) - if err != nil { - log.Fatalf("Failed to generate private key: %v", err) - return tls.Certificate{}, err - } - - keyUsage := x509.KeyUsageDigitalSignature | x509.KeyUsageKeyEncipherment - - notBefore := time.Now() - notAfter := notBefore.Add(365 * 24 * time.Hour) - - serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128) - serialNumber, err := rand.Int(rand.Reader, serialNumberLimit) - if err != nil { - log.Fatalf("Failed to generate serial number: %v", err) - return tls.Certificate{}, err - } - - template := x509.Certificate{ - SerialNumber: serialNumber, - Subject: pkix.Name{ - Organization: []string{"authentik"}, - CommonName: "authentik Proxy default certificate", - }, - NotBefore: notBefore, - NotAfter: notAfter, - - KeyUsage: keyUsage, - ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth}, - BasicConstraintsValid: true, - } - - template.DNSNames = []string{"*"} - - derBytes, err := x509.CreateCertificate(rand.Reader, &template, &template, &priv.PublicKey, priv) - if err != nil { - log.Warning(err) - } - pemBytes := pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: derBytes}) - privBytes, err := x509.MarshalPKCS8PrivateKey(priv) - if err != nil { - log.Warning(err) - } - privPemByes := pem.EncodeToMemory(&pem.Block{Type: "PRIVATE KEY", Bytes: privBytes}) - return tls.X509KeyPair(pemBytes, privPemByes) -} diff --git a/internal/outpost/proxy/server.go b/internal/outpost/proxy/server.go index 0fe9492f24..5666f74feb 100644 --- a/internal/outpost/proxy/server.go +++ b/internal/outpost/proxy/server.go @@ -10,6 +10,7 @@ import ( "time" log "github.com/sirupsen/logrus" + "goauthentik.io/internal/crypto" "goauthentik.io/internal/outpost/ak" ) @@ -25,7 +26,7 @@ type Server struct { // NewServer initialise a new HTTP Server func NewServer(ac *ak.APIController) *Server { - defaultCert, err := ak.GenerateSelfSignedCert() + defaultCert, err := crypto.GenerateSelfSignedCert() if err != nil { log.Warning(err) }