2021-01-16 20:41:39 +00:00
|
|
|
package ak
|
2020-09-02 22:04:12 +00:00
|
|
|
|
|
|
|
|
import (
|
2023-10-08 23:06:52 +00:00
|
|
|
"context"
|
2020-09-02 22:04:12 +00:00
|
|
|
"crypto/tls"
|
|
|
|
|
"fmt"
|
|
|
|
|
"net/http"
|
|
|
|
|
"net/url"
|
2021-12-11 21:48:33 +00:00
|
|
|
"strconv"
|
2020-09-02 22:04:12 +00:00
|
|
|
"strings"
|
|
|
|
|
"time"
|
|
|
|
|
|
|
|
|
|
"github.com/gorilla/websocket"
|
2021-09-08 18:04:56 +00:00
|
|
|
"github.com/prometheus/client_golang/prometheus"
|
2023-01-08 19:33:04 +00:00
|
|
|
"goauthentik.io/internal/config"
|
2021-06-16 10:35:17 +00:00
|
|
|
"goauthentik.io/internal/constants"
|
2020-09-02 22:04:12 +00:00
|
|
|
)
|
|
|
|
|
|
2021-12-11 21:48:33 +00:00
|
|
|
func (ac *APIController) initWS(akURL url.URL, outpostUUID string) error {
|
|
|
|
|
pathTemplate := "%s://%s/ws/outpost/%s/?%s"
|
2023-12-30 20:33:14 +00:00
|
|
|
query := akURL.Query()
|
|
|
|
|
query.Set("instance_uuid", ac.instanceUUID.String())
|
2021-04-23 12:07:44 +00:00
|
|
|
scheme := strings.ReplaceAll(akURL.Scheme, "http", "ws")
|
2020-09-02 22:04:12 +00:00
|
|
|
|
2021-04-13 17:57:33 +00:00
|
|
|
authHeader := fmt.Sprintf("Bearer %s", ac.token)
|
2020-10-18 11:46:03 +00:00
|
|
|
|
2020-09-02 22:04:12 +00:00
|
|
|
header := http.Header{
|
2020-10-18 11:46:03 +00:00
|
|
|
"Authorization": []string{authHeader},
|
2021-06-16 10:35:17 +00:00
|
|
|
"User-Agent": []string{constants.OutpostUserAgent()},
|
2020-09-02 22:04:12 +00:00
|
|
|
}
|
|
|
|
|
|
2021-12-11 21:48:33 +00:00
|
|
|
dialer := websocket.Dialer{
|
|
|
|
|
Proxy: http.ProxyFromEnvironment,
|
|
|
|
|
HandshakeTimeout: 10 * time.Second,
|
2020-09-02 22:04:12 +00:00
|
|
|
TLSClientConfig: &tls.Config{
|
2023-01-08 19:33:04 +00:00
|
|
|
InsecureSkipVerify: config.Get().AuthentikInsecure,
|
2020-09-02 22:04:12 +00:00
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
|
2021-12-11 21:48:33 +00:00
|
|
|
ws, _, err := dialer.Dial(fmt.Sprintf(pathTemplate, scheme, akURL.Host, outpostUUID, akURL.Query().Encode()), header)
|
|
|
|
|
if err != nil {
|
|
|
|
|
ac.logger.WithError(err).Warning("failed to connect websocket")
|
|
|
|
|
return err
|
|
|
|
|
}
|
2020-09-02 22:04:12 +00:00
|
|
|
|
|
|
|
|
ac.wsConn = ws
|
2020-09-18 23:29:49 +00:00
|
|
|
// Send hello message with our version
|
|
|
|
|
msg := websocketMessage{
|
|
|
|
|
Instruction: WebsocketInstructionHello,
|
2023-12-30 20:33:14 +00:00
|
|
|
Args: ac.getWebsocketPingArgs(),
|
2020-09-18 23:29:49 +00:00
|
|
|
}
|
2021-12-11 21:48:33 +00:00
|
|
|
err = ws.WriteJSON(msg)
|
2020-09-18 23:29:49 +00:00
|
|
|
if err != nil {
|
2021-02-11 22:48:54 +00:00
|
|
|
ac.logger.WithField("logger", "authentik.outpost.ak-ws").WithError(err).Warning("Failed to hello to authentik")
|
2021-12-11 21:48:33 +00:00
|
|
|
return err
|
2020-09-18 23:29:49 +00:00
|
|
|
}
|
2021-10-30 19:33:50 +00:00
|
|
|
ac.lastWsReconnect = time.Now()
|
2023-12-30 20:33:14 +00:00
|
|
|
ac.logger.WithField("logger", "authentik.outpost.ak-ws").WithField("outpost", outpostUUID).Info("Successfully connected websocket")
|
2021-12-11 21:48:33 +00:00
|
|
|
return nil
|
2020-09-02 22:04:12 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Shutdown Gracefully stops all workers, disconnects from websocket
|
|
|
|
|
func (ac *APIController) Shutdown() {
|
|
|
|
|
// Cleanly close the connection by sending a close message and then
|
|
|
|
|
// waiting (with timeout) for the server to close the connection.
|
|
|
|
|
err := ac.wsConn.WriteMessage(websocket.CloseMessage, websocket.FormatCloseMessage(websocket.CloseNormalClosure, ""))
|
|
|
|
|
if err != nil {
|
2021-12-11 21:48:33 +00:00
|
|
|
ac.logger.WithError(err).Warning("failed to write close message")
|
2020-09-02 22:04:12 +00:00
|
|
|
return
|
|
|
|
|
}
|
2021-12-11 21:48:33 +00:00
|
|
|
err = ac.wsConn.Close()
|
|
|
|
|
if err != nil {
|
|
|
|
|
ac.logger.WithError(err).Warning("failed to close websocket")
|
|
|
|
|
}
|
|
|
|
|
ac.logger.Info("finished shutdown")
|
2020-09-02 22:04:12 +00:00
|
|
|
}
|
|
|
|
|
|
2021-12-11 21:48:33 +00:00
|
|
|
func (ac *APIController) reconnectWS() {
|
|
|
|
|
if ac.wsIsReconnecting {
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
ac.wsIsReconnecting = true
|
|
|
|
|
u := url.URL{
|
|
|
|
|
Host: ac.Client.GetConfig().Host,
|
|
|
|
|
Scheme: ac.Client.GetConfig().Scheme,
|
|
|
|
|
}
|
|
|
|
|
attempt := 1
|
2021-10-30 19:33:50 +00:00
|
|
|
for {
|
2021-12-11 21:48:33 +00:00
|
|
|
q := u.Query()
|
|
|
|
|
q.Set("attempt", strconv.Itoa(attempt))
|
|
|
|
|
u.RawQuery = q.Encode()
|
|
|
|
|
err := ac.initWS(u, ac.Outpost.Pk)
|
|
|
|
|
attempt += 1
|
|
|
|
|
if err != nil {
|
|
|
|
|
ac.logger.Infof("waiting %d seconds to reconnect", ac.wsBackoffMultiplier)
|
|
|
|
|
time.Sleep(time.Duration(ac.wsBackoffMultiplier) * time.Second)
|
|
|
|
|
ac.wsBackoffMultiplier = ac.wsBackoffMultiplier * 2
|
|
|
|
|
// Limit to 300 seconds (5m)
|
|
|
|
|
if ac.wsBackoffMultiplier >= 300 {
|
|
|
|
|
ac.wsBackoffMultiplier = 300
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
ac.wsIsReconnecting = false
|
2021-12-13 15:38:48 +00:00
|
|
|
ac.wsBackoffMultiplier = 1
|
2021-12-11 21:48:33 +00:00
|
|
|
return
|
2021-10-30 19:33:50 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2020-09-02 22:04:12 +00:00
|
|
|
func (ac *APIController) startWSHandler() {
|
2021-01-16 21:08:11 +00:00
|
|
|
logger := ac.logger.WithField("loop", "ws-handler")
|
2020-09-02 22:04:12 +00:00
|
|
|
for {
|
|
|
|
|
var wsMsg websocketMessage
|
2021-12-11 22:44:49 +00:00
|
|
|
if ac.wsConn == nil {
|
|
|
|
|
go ac.reconnectWS()
|
|
|
|
|
time.Sleep(time.Second * 5)
|
|
|
|
|
continue
|
|
|
|
|
}
|
2020-09-02 22:04:12 +00:00
|
|
|
err := ac.wsConn.ReadJSON(&wsMsg)
|
|
|
|
|
if err != nil {
|
2021-09-08 18:04:56 +00:00
|
|
|
ConnectionStatus.With(prometheus.Labels{
|
2021-09-16 08:14:51 +00:00
|
|
|
"outpost_name": ac.Outpost.Name,
|
|
|
|
|
"outpost_type": ac.Server.Type(),
|
|
|
|
|
"uuid": ac.instanceUUID.String(),
|
2021-09-08 18:04:56 +00:00
|
|
|
}).Set(0)
|
2021-10-30 19:33:50 +00:00
|
|
|
logger.WithError(err).Warning("ws read error")
|
2021-12-11 21:48:33 +00:00
|
|
|
go ac.reconnectWS()
|
2021-07-23 16:38:47 +00:00
|
|
|
time.Sleep(time.Second * 5)
|
2020-09-18 23:29:49 +00:00
|
|
|
continue
|
2020-09-02 22:04:12 +00:00
|
|
|
}
|
2021-09-08 18:04:56 +00:00
|
|
|
ConnectionStatus.With(prometheus.Labels{
|
2021-09-16 08:14:51 +00:00
|
|
|
"outpost_name": ac.Outpost.Name,
|
|
|
|
|
"outpost_type": ac.Server.Type(),
|
|
|
|
|
"uuid": ac.instanceUUID.String(),
|
2021-09-08 18:04:56 +00:00
|
|
|
}).Set(1)
|
2020-09-02 22:04:12 +00:00
|
|
|
if wsMsg.Instruction == WebsocketInstructionTriggerUpdate {
|
2020-10-17 14:48:53 +00:00
|
|
|
time.Sleep(ac.reloadOffset)
|
2021-01-16 21:08:11 +00:00
|
|
|
logger.Debug("Got update trigger...")
|
2021-09-10 10:18:19 +00:00
|
|
|
err := ac.OnRefresh()
|
2020-09-02 22:04:12 +00:00
|
|
|
if err != nil {
|
2021-01-16 21:08:11 +00:00
|
|
|
logger.WithError(err).Debug("Failed to update")
|
2021-09-08 18:04:56 +00:00
|
|
|
} else {
|
|
|
|
|
LastUpdate.With(prometheus.Labels{
|
2021-09-16 08:14:51 +00:00
|
|
|
"outpost_name": ac.Outpost.Name,
|
|
|
|
|
"outpost_type": ac.Server.Type(),
|
|
|
|
|
"uuid": ac.instanceUUID.String(),
|
|
|
|
|
"version": constants.VERSION,
|
2022-01-14 09:45:37 +00:00
|
|
|
"build": constants.BUILD("tagged"),
|
2021-09-08 18:04:56 +00:00
|
|
|
}).SetToCurrentTime()
|
2020-09-02 22:04:12 +00:00
|
|
|
}
|
2023-10-08 23:06:52 +00:00
|
|
|
} else if wsMsg.Instruction == WebsocketInstructionProviderSpecific {
|
|
|
|
|
for _, h := range ac.wsHandlers {
|
|
|
|
|
h(context.Background(), wsMsg.Args)
|
|
|
|
|
}
|
2020-09-02 22:04:12 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (ac *APIController) startWSHealth() {
|
2021-04-19 18:43:13 +00:00
|
|
|
ticker := time.NewTicker(time.Second * 10)
|
|
|
|
|
for ; true; <-ticker.C {
|
2021-12-11 22:44:49 +00:00
|
|
|
if ac.wsConn == nil {
|
|
|
|
|
go ac.reconnectWS()
|
|
|
|
|
time.Sleep(time.Second * 5)
|
|
|
|
|
continue
|
|
|
|
|
}
|
2023-12-30 20:33:14 +00:00
|
|
|
err := ac.SendWSHello(map[string]interface{}{})
|
2020-09-02 22:04:12 +00:00
|
|
|
if err != nil {
|
2021-10-30 19:33:50 +00:00
|
|
|
ac.logger.WithField("loop", "ws-health").WithError(err).Warning("ws write error")
|
2021-12-11 21:48:33 +00:00
|
|
|
go ac.reconnectWS()
|
2021-09-21 09:19:26 +00:00
|
|
|
time.Sleep(time.Second * 5)
|
2020-09-18 23:29:49 +00:00
|
|
|
continue
|
2021-09-08 18:04:56 +00:00
|
|
|
} else {
|
2023-12-30 20:33:14 +00:00
|
|
|
ac.logger.WithField("loop", "ws-health").Trace("hello'd")
|
2021-09-08 18:04:56 +00:00
|
|
|
ConnectionStatus.With(prometheus.Labels{
|
2021-09-16 08:14:51 +00:00
|
|
|
"outpost_name": ac.Outpost.Name,
|
|
|
|
|
"outpost_type": ac.Server.Type(),
|
|
|
|
|
"uuid": ac.instanceUUID.String(),
|
2021-09-08 18:04:56 +00:00
|
|
|
}).Set(1)
|
2020-09-02 22:04:12 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
2021-05-10 23:07:26 +00:00
|
|
|
|
|
|
|
|
func (ac *APIController) startIntervalUpdater() {
|
|
|
|
|
logger := ac.logger.WithField("loop", "interval-updater")
|
2021-07-31 19:57:33 +00:00
|
|
|
ticker := time.NewTicker(5 * time.Minute)
|
2021-05-10 23:07:26 +00:00
|
|
|
for ; true; <-ticker.C {
|
2021-12-20 20:23:19 +00:00
|
|
|
logger.Debug("Running interval update")
|
2021-09-10 10:18:19 +00:00
|
|
|
err := ac.OnRefresh()
|
2021-05-10 23:07:26 +00:00
|
|
|
if err != nil {
|
|
|
|
|
logger.WithError(err).Debug("Failed to update")
|
2021-09-08 18:04:56 +00:00
|
|
|
} else {
|
|
|
|
|
LastUpdate.With(prometheus.Labels{
|
2021-09-16 08:14:51 +00:00
|
|
|
"outpost_name": ac.Outpost.Name,
|
|
|
|
|
"outpost_type": ac.Server.Type(),
|
|
|
|
|
"uuid": ac.instanceUUID.String(),
|
|
|
|
|
"version": constants.VERSION,
|
2022-01-14 09:45:37 +00:00
|
|
|
"build": constants.BUILD("tagged"),
|
2021-09-08 18:04:56 +00:00
|
|
|
}).SetToCurrentTime()
|
2021-05-10 23:07:26 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
2023-12-30 20:33:14 +00:00
|
|
|
|
|
|
|
|
func (a *APIController) AddWSHandler(handler WSHandler) {
|
|
|
|
|
a.wsHandlers = append(a.wsHandlers, handler)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (a *APIController) SendWSHello(args map[string]interface{}) error {
|
|
|
|
|
allArgs := a.getWebsocketPingArgs()
|
|
|
|
|
for key, value := range args {
|
|
|
|
|
allArgs[key] = value
|
|
|
|
|
}
|
|
|
|
|
aliveMsg := websocketMessage{
|
|
|
|
|
Instruction: WebsocketInstructionHello,
|
|
|
|
|
Args: allArgs,
|
|
|
|
|
}
|
|
|
|
|
err := a.wsConn.WriteJSON(aliveMsg)
|
|
|
|
|
return err
|
|
|
|
|
}
|
