2021-01-16 20:41:39 +00:00
|
|
|
package ak
|
|
|
|
|
|
|
|
import (
|
2021-07-13 16:24:18 +00:00
|
|
|
"context"
|
|
|
|
"crypto/tls"
|
2021-01-16 20:41:39 +00:00
|
|
|
"net/http"
|
|
|
|
"os"
|
|
|
|
"strings"
|
|
|
|
"time"
|
|
|
|
|
|
|
|
"github.com/getsentry/sentry-go"
|
|
|
|
httptransport "github.com/go-openapi/runtime/client"
|
|
|
|
log "github.com/sirupsen/logrus"
|
2021-07-13 16:24:18 +00:00
|
|
|
"goauthentik.io/outpost/api"
|
2021-01-16 20:45:24 +00:00
|
|
|
"goauthentik.io/outpost/pkg"
|
2021-01-16 20:41:39 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
func doGlobalSetup(config map[string]interface{}) {
|
2021-02-11 22:48:54 +00:00
|
|
|
log.SetFormatter(&log.JSONFormatter{
|
|
|
|
FieldMap: log.FieldMap{
|
|
|
|
log.FieldKeyMsg: "event",
|
|
|
|
log.FieldKeyTime: "timestamp",
|
|
|
|
},
|
|
|
|
})
|
2021-01-16 20:41:39 +00:00
|
|
|
switch config[ConfigLogLevel].(string) {
|
2021-05-10 16:09:52 +00:00
|
|
|
case "trace":
|
|
|
|
log.SetLevel(log.TraceLevel)
|
2021-01-16 20:41:39 +00:00
|
|
|
case "debug":
|
|
|
|
log.SetLevel(log.DebugLevel)
|
|
|
|
case "info":
|
|
|
|
log.SetLevel(log.InfoLevel)
|
|
|
|
case "warning":
|
|
|
|
log.SetLevel(log.WarnLevel)
|
|
|
|
case "error":
|
|
|
|
log.SetLevel(log.ErrorLevel)
|
|
|
|
default:
|
|
|
|
log.SetLevel(log.DebugLevel)
|
|
|
|
}
|
2021-05-12 17:02:04 +00:00
|
|
|
log.WithField("buildHash", pkg.BUILD()).WithField("version", pkg.VERSION).Info("Starting authentik outpost")
|
2021-01-16 20:41:39 +00:00
|
|
|
|
|
|
|
var dsn string
|
|
|
|
if config[ConfigErrorReportingEnabled].(bool) {
|
|
|
|
dsn = "https://a579bb09306d4f8b8d8847c052d3a1d3@sentry.beryju.org/8"
|
|
|
|
log.Debug("Error reporting enabled")
|
|
|
|
}
|
|
|
|
|
|
|
|
err := sentry.Init(sentry.ClientOptions{
|
|
|
|
Dsn: dsn,
|
|
|
|
Environment: config[ConfigErrorReportingEnvironment].(string),
|
|
|
|
})
|
|
|
|
if err != nil {
|
|
|
|
log.Fatalf("sentry.Init: %s", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
defer sentry.Flush(2 * time.Second)
|
|
|
|
}
|
|
|
|
|
2021-05-15 22:01:16 +00:00
|
|
|
// GetTLSTransport Get a TLS transport instance, that skips verification if configured via environment variables.
|
|
|
|
func GetTLSTransport() http.RoundTripper {
|
2021-01-16 20:41:39 +00:00
|
|
|
value, set := os.LookupEnv("AUTHENTIK_INSECURE")
|
|
|
|
if !set {
|
|
|
|
value = "false"
|
|
|
|
}
|
|
|
|
tlsTransport, err := httptransport.TLSTransport(httptransport.TLSClientOptions{
|
|
|
|
InsecureSkipVerify: strings.ToLower(value) == "true",
|
|
|
|
})
|
|
|
|
if err != nil {
|
|
|
|
panic(err)
|
|
|
|
}
|
|
|
|
return tlsTransport
|
|
|
|
}
|
2021-07-13 16:24:18 +00:00
|
|
|
|
|
|
|
// ParseCertificate Load certificate from Keyepair UUID and parse it into a go Certificate
|
|
|
|
func ParseCertificate(kpUuid string, cryptoApi *api.CryptoApiService) (*tls.Certificate, error) {
|
|
|
|
cert, _, err := cryptoApi.CryptoCertificatekeypairsViewCertificateRetrieve(context.Background(), kpUuid).Execute()
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
key, _, err := cryptoApi.CryptoCertificatekeypairsViewPrivateKeyRetrieve(context.Background(), kpUuid).Execute()
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
x509cert, err := tls.X509KeyPair([]byte(cert.Data), []byte(key.Data))
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
return &x509cert, nil
|
|
|
|
}
|