habsi/authentik
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
13,686 Commits 205 Branches 395 Tags
97b98a419297afe30e1d5ce702aa5ef6a9b6c5ab
Commit Graph

24 Commits

Author SHA1 Message Date
Jens L
dc7ffba8fa internal: remove special route for /outpost.goauthentik.io (#7539) 
With this special route for outpost.goauthentik.io, misdirected requests to /outpost.goauthentik.io/auth/start will create a cookie for the domain authentik is accessed under, which will cause issues with the actual full auth flow. Requests to /outpost.goauthentik.io will still be routed to the outpost, but with this change only when the hostname matches

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-11-13 17:39:40 +01:00
Jens L
4080080acd internal: remove deprecated metrics (#7540) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-11-13 14:48:37 +01:00
Jens L
fd561ac802 root: connect to backend via socket (#6720) 
* root: connect to gunicorn via socket

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* put socket in temp folder

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* use non-socket connection for debug

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* don't hardcode local url

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix dev_server missing websocket

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* dedupe logging config between gunicorn and main app

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* slight refactor for proxy errors

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-09-02 17:58:37 +02:00
Alexandre NICOLAIE
a2714ab1f1 outposts: make metrics compliant with Prometheus best-practices (#6398) 
web/outpost: make metrics compliant with Prometheus best-practices

Today, all NewHistogramVec store values in nanoseconds without changing
the default histogram bucket, which are made for seconds, making them
a bit useless. In addition, some metrics names are not self-explanatoryand
and do not comply with Prometheus best practices.

This commit tries to fix all of this "issues".

NOTE: I kept old metrics in order to avoid breaking changes with
existing dashboards and metrics.

Signed-off-by: Alexandre NICOLAIE <xunleii@users.noreply.github.com>
 2023-07-27 18:51:08 +02:00
Jens Langhammer
0874574e5c *: add additional prometheus metrics, remove unusable high entropy metrics 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-02-19 17:08:40 +01:00
Jens Langhammer
56181a45a1 internal: limit body size 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-10-17 18:52:16 +02:00
Jens Langhammer
514c48a986 internal: fix routing for requests with querystring signature to embedded outpost 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-08-18 20:43:01 +02:00
Jens Langhammer
846b63a17b *: remove some very verbose logging messages 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-08-17 13:36:56 +02:00
Jens Langhammer
201bea6d30 internal: add X-authentik-logout signature to trigger logouts when URLs are not exposed 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-08-07 18:50:24 +02:00
Jens L
393d7ec486 providers/proxy: no exposed urls (#3151) 
* test any callback

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* cleanup

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* dont detect callback in per-server handler

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* use full redirect uri with both path and query param

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* update tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* correctly route to embedded outpost for callback signature

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix allowed redirects

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-07-30 17:51:01 +02:00
Jens Langhammer
0a83b04419 internal: fix routing to embedded outpost 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-06-16 17:05:27 +02:00
Jens Langhammer
2d48fe42f4 internal: dont sample gunicorn proxied requests 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-06-16 11:32:21 +02:00
Jens Langhammer
e194715c3e internal: fix CSRF error caused by Host header 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-02-09 14:34:55 +01:00
Jens Langhammer
02ba493759 internal: trace headers and url for backend requests 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-02-09 12:48:17 +01:00
Jens Langhammer
a7fea5434d internal: remove uvicorn server header 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-02-09 12:38:47 +01:00
Jens Langhammer
4fb783e953 internal: improve error handling for internal reverse proxy 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-02-09 12:33:37 +01:00
Jens L
4343246a41 *: rename akprox to outpost.goauthentik.io (#2266) 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-02-08 20:25:38 +01:00
Jens Langhammer
e1c0c0b20c internal: don't override server header 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-01-24 22:05:11 +01:00
Jens Langhammer
14c7d8c4f4 internal: route traffic to proxy providers based on cookie domain when multiple domain-level providers exist 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#2079
 2022-01-18 23:19:43 +01:00
Jens Langhammer
57e86582d1 Revert "root: handle liveness probe in router (also keep internal one)" 
This reverts commit dd7cb45733.
 2021-10-12 18:44:08 +02:00
Jens Langhammer
dd7cb45733 root: handle liveness probe in router (also keep internal one) 
This reverts commit d39dbc7287.

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-10-12 18:43:39 +02:00
Jens Langhammer
d39dbc7287 root: handle liveness probe in router 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-10-12 14:54:15 +02:00
Jens Langhammer
6c603cdf80 internal: add internal healthchecking to prevent websocket errors 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-10-05 22:21:14 +02:00
Jens L
7158c9d2ea core: metrics v2 (#1370) 
* outposts: add ldap metrics, move ping to 9100

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* outpost: add flow_executor metrics

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* use port 9300 for metrics, add core metrics port

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* outposts/controllers/k8s: add service monitor creation support

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-09 15:52:24 +02:00