ece0429ea8
internal: failback with self-signed cert if cert for tenant fails to load
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2022-06-20 21:26:34 +02:00
0a83b04419
internal: fix routing to embedded outpost
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2022-06-16 17:05:27 +02:00
2d48fe42f4
internal: dont sample gunicorn proxied requests
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2022-06-16 11:32:21 +02:00
bdf76bb4b7
internal: skip tracing for go healthcheck and metrics endpoints
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2022-06-10 22:21:11 +02:00
62a939b91d
internal: bump api client to v3
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2022-03-03 10:40:07 +01:00
e194715c3e
internal: fix CSRF error caused by Host header
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2022-02-09 14:34:55 +01:00
02ba493759
internal: trace headers and url for backend requests
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2022-02-09 12:48:17 +01:00
a7fea5434d
internal: remove uvicorn server header
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2022-02-09 12:38:47 +01:00
4fb783e953
internal: improve error handling for internal reverse proxy
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2022-02-09 12:33:37 +01:00
4343246a41
*: rename akprox to outpost.goauthentik.io ( #2266 )
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2022-02-08 20:25:38 +01:00
e1c0c0b20c
internal: don't override server header
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2022-01-24 22:05:11 +01:00
14c7d8c4f4
internal: route traffic to proxy providers based on cookie domain when multiple domain-level providers exist
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
#2079
2022-01-18 23:19:43 +01:00
c741c13132
internal: fix listen attempt on shutdown
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2022-01-03 12:36:11 +01:00
27e4c7027c
web: fix potential panic
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2021-12-26 14:24:44 +01:00
87e99625e6
internal: update tenant certificates on outpost refresh
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2021-12-23 00:38:49 +01:00
34b11524f1
tenants: add web certificate field, make authentik's core certificate configurable based on keypair
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2021-12-22 11:43:45 +01:00
b3ba083ff0
internal: cleanup logging, remove duplicate code
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2021-12-22 10:33:21 +01:00
22a8603892
internal: add custom proxy certificates support to embedded outpost
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2021-12-22 10:16:01 +01:00
f8aab40e3e
internal: cleanup duplicate and redundant code, properly set sentry SDK scope settings
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2021-12-16 11:00:19 +01:00
d0ceafe79e
outposts/proxy: add X-authentik-meta-version
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2021-12-01 20:59:45 +01:00
f2023a7af2
*: don't use go embed to make using custom files easier
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2021-12-01 20:35:28 +01:00
d1bd8f333b
outposts/proxy: use disableIndex for static files
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2021-11-19 10:50:56 +01:00
2ac9f5426d
outposts: don't panic when listening for metrics fails
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2021-11-19 10:37:13 +01:00
7cf8a31057
internal: fix integrated docs not working
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2021-11-15 16:13:02 +01:00
74382c6287
cmd/server: improve cleanup on shutdown
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2021-11-07 18:03:29 +01:00
c87a9f9489
web: remove debug entry
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2021-11-03 20:19:37 +01:00
0d02dbf55c
api: replace django sentry proxy with go proxy to prevent login issues
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2021-11-02 14:44:37 +01:00
57e86582d1
Revert "root: handle liveness probe in router (also keep internal one)"
...
This reverts commit dd7cb45733
2021-10-12 18:44:08 +02:00
dd7cb45733
root: handle liveness probe in router (also keep internal one)
...
This reverts commit d39dbc7287jens.langhammer@beryju.org >
2021-10-12 18:43:39 +02:00
d39dbc7287
root: handle liveness probe in router
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2021-10-12 14:54:15 +02:00
aef9d27706
stages/authenticator_sms: Add SMS Authenticator Stage ( #1577 )
...
* stages/authenticator_sms: initial implementation
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* web/admin: add initial stage UI
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* web/elements: clear invalid state when old input was invalid but new input is correct
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* stages/authenticator_sms: add more logic
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* web/user: add basic SMS settings
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* stages/authenticator_sms: initial working version
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* stages/authenticator_sms: add tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* web/flows: optimise totp password manager entry on authenticator_validation stage
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* web/elements: add grouping support for table
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* web/admin: allow sms class in authenticator stage
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* web/admin: add grouping to more pages
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* stages/authenticator_validate: add SMS support
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* api: add throttling for flow executor based on session key and pending user
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* web: fix style issues
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* ci: add workflow to compile backend translations
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2021-10-11 17:51:49 +02:00
6c603cdf80
internal: add internal healthchecking to prevent websocket errors
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2021-10-05 22:21:14 +02:00
8d72b3498d
internal: fix typo
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2021-09-24 10:44:28 +02:00
52bb774f73
internal: add asset paths for user interface
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2021-09-23 09:57:24 +02:00
f771383c4b
cmd: fix outpost metrics not being set in embedded mode
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2021-09-16 12:09:12 +02:00
7158c9d2ea
core: metrics v2 ( #1370 )
...
* outposts: add ldap metrics, move ping to 9100
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* outpost: add flow_executor metrics
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* use port 9300 for metrics, add core metrics port
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* outposts/controllers/k8s: add service monitor creation support
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2021-09-09 15:52:24 +02:00
3c1b70c355
outposts/proxyv2 ( #1365 )
...
* outposts/proxyv2: initial commit
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
add rs256
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
more stuff
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
add forward auth an sign_out
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
match cookie name
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
re-add support for rs256 for backwards compat
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
add error handler
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
ensure unique user-agent is used
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
set cookie duration based on id_token expiry
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
build proxy v2
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
add ssl
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
add basic auth and custom header support
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
add application cert loading
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
implement whitelist
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
add redis
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
migrate embedded outpost to v2
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
remove old proxy
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
providers/proxy: make token expiration configurable
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
add metrics
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
fix tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* providers/proxy: only allow one redirect URI
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* fix docker build for proxy
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* remove default port offset
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* add AUTHENTIK_HOST_BROWSER
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* tests: fix e2e/integration tests not using proper tags
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* remove references of old port
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* fix user_attributes not being loaded correctly
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* cleanup dependencies
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* cleanup
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2021-09-08 18:04:56 +00:00
75476217a0
internal: fix web requests not having a logger set
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2021-09-04 13:52:47 +02:00
7771c0b905
internal: fix font loading errors on safari
...
closes #1057
for some reason safari appends the relative font path to the document URL not to the stylesheet URL. Since I don't want to build a fully custom patternfly base css file, this mounts the static files where safari expects them
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2021-09-04 13:50:29 +02:00
126e43dea4
internal: disable directory listing on static files
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2021-09-04 13:40:29 +02:00
cc2cd6919f
outpost/embedded: only send requests for non-akprox paths when we're doing proxy mode
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2021-08-29 21:13:28 +02:00
f01bc20d44
Embedded outpost ( #1193 )
...
* api: allow API requests as managed outpost's account when using secret_key
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* root: load secret key from env
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* outposts: make listener IP configurable
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* outpost/proxy: run outpost in background and pass requests conditionally
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* outpost: unify branding to embedded
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* web/admin: fix embedded outpost not being editable
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* web: fix mismatched host detection
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* tests/e2e: fix LDAP test not including user for embedded outpost
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* tests/e2e: fix user matching
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* api: add tests for secret_key auth
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* root: load environment variables using github.com/Netflix/go-env
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2021-07-29 11:30:30 +02:00
d678d33756
root: add support for PROXY protocol on listeners
...
closes #1161
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2021-07-20 11:03:09 +02:00
6ddd6bfa72
root: fix linting errors
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2021-07-18 20:54:34 +02:00
b3159a74e5
Merge branch 'master' into inbuilt-proxy
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
# Conflicts:
# Dockerfile
# internal/outpost/ak/api.go
# internal/outpost/ak/api_uag.go
# internal/outpost/ak/global.go
# internal/outpost/ldap/api_tls.go
# internal/outpost/ldap/instance_bind.go
# internal/outpost/ldap/utils.go
# internal/outpost/proxy/api_bundle.go
# outpost/go.mod
# outpost/go.sum
# outpost/pkg/ak/cert.go
2021-07-17 12:49:38 +02:00
bdb84b7a8f
root: build bundled docs into helo dir to fix path issue with packaged static files
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2021-07-13 19:09:16 +02:00
be5c8341d2
root: add bundled docs
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2021-07-13 11:06:51 +02:00
948db46406
Merge branch 'master' into inbuilt-proxy
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
# Conflicts:
# internal/constants/constants.go
# outpost/pkg/version.go
2021-07-05 19:11:26 +02:00
30033d1f90
g: fix static and media caching not working properly
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2021-07-03 21:43:37 +02:00
ff42663d3c
root: more code merging
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2021-06-29 16:21:00 +02:00
