1cfe1aff13
* root: initial rename * web: rename custom element prefix * root: rename external functions with pb_ prefix * root: fix formatting * root: replace domain with goauthentik.io * proxy: update path * root: rename remaining prefixes * flows: rename file extension * root: pbadmin -> akadmin * docs: fix image filenames * lifecycle: ignore migration files * ci: copy default config from current source before loading last tagged * *: new sentry dsn * tests: fix missing python3.9-dev package * root: add additional migrations for service accounts created by outposts * core: mark system-created service accounts with attribute * policies/expression: fix pb_ replacement not working * web: fix last linting errors, add lit-analyse * policies/expressions: fix lint errors * web: fix sidebar display on screens where not all items fit * proxy: attempt to fix proxy pipeline * proxy: use go env GOPATH to get gopath * lib: fix user_default naming inconsistency * docs: add upgrade docs * docs: update screenshots to use authentik * admin: fix create button on empty-state of outpost * web: fix modal submit not refreshing SiteShell and Table * web: fix height of app-card and height of generic icon * web: fix rendering of subtext * admin: fix version check error not being caught * web: fix worker count not being shown * docs: update screenshots * root: new icon * web: fix lint error * admin: fix linting error * root: migrate coverage config to pyproject
118 lines
3.2 KiB
Go
118 lines
3.2 KiB
Go
package server
|
|
|
|
import (
|
|
"crypto/tls"
|
|
"encoding/base64"
|
|
"fmt"
|
|
"net/http"
|
|
"net/url"
|
|
"os"
|
|
"strings"
|
|
"time"
|
|
|
|
"github.com/BeryJu/authentik/proxy/pkg"
|
|
"github.com/go-openapi/strfmt"
|
|
"github.com/gorilla/websocket"
|
|
"github.com/recws-org/recws"
|
|
)
|
|
|
|
func (ac *APIController) initWS(pbURL url.URL, outpostUUID strfmt.UUID) {
|
|
pathTemplate := "%s://%s/ws/outpost/%s/"
|
|
scheme := strings.ReplaceAll(pbURL.Scheme, "http", "ws")
|
|
|
|
authHeader := base64.StdEncoding.EncodeToString([]byte(fmt.Sprintf("Basic :%s", ac.token)))
|
|
|
|
header := http.Header{
|
|
"Authorization": []string{authHeader},
|
|
"User-Agent": []string{fmt.Sprintf("authentik-proxy@%s", pkg.VERSION)},
|
|
}
|
|
|
|
value, set := os.LookupEnv("AUTHENTIK_INSECURE")
|
|
if !set {
|
|
value = "false"
|
|
}
|
|
|
|
ws := &recws.RecConn{
|
|
NonVerbose: true,
|
|
TLSClientConfig: &tls.Config{
|
|
InsecureSkipVerify: strings.ToLower(value) == "true",
|
|
},
|
|
}
|
|
ws.Dial(fmt.Sprintf(pathTemplate, scheme, pbURL.Host, outpostUUID.String()), header)
|
|
|
|
ac.logger.WithField("component", "ws").WithField("outpost", outpostUUID.String()).Debug("connecting to authentik")
|
|
|
|
ac.wsConn = ws
|
|
// Send hello message with our version
|
|
msg := websocketMessage{
|
|
Instruction: WebsocketInstructionHello,
|
|
Args: map[string]interface{}{
|
|
"version": pkg.VERSION,
|
|
},
|
|
}
|
|
err := ws.WriteJSON(msg)
|
|
if err != nil {
|
|
ac.logger.WithField("component", "ws").WithError(err).Warning("Failed to hello to authentik")
|
|
}
|
|
}
|
|
|
|
// Shutdown Gracefully stops all workers, disconnects from websocket
|
|
func (ac *APIController) Shutdown() {
|
|
// Cleanly close the connection by sending a close message and then
|
|
// waiting (with timeout) for the server to close the connection.
|
|
err := ac.wsConn.WriteMessage(websocket.CloseMessage, websocket.FormatCloseMessage(websocket.CloseNormalClosure, ""))
|
|
if err != nil {
|
|
ac.logger.Println("write close:", err)
|
|
return
|
|
}
|
|
return
|
|
}
|
|
|
|
func (ac *APIController) startWSHandler() {
|
|
notConnectedBackoff := 1
|
|
for {
|
|
if !ac.wsConn.IsConnected() {
|
|
notConnectedWait := time.Duration(notConnectedBackoff) * time.Second
|
|
ac.logger.WithField("loop", "ws-handler").WithField("wait", notConnectedWait).Info("Not connected, trying again...")
|
|
time.Sleep(notConnectedWait)
|
|
notConnectedBackoff += notConnectedBackoff
|
|
continue
|
|
}
|
|
var wsMsg websocketMessage
|
|
err := ac.wsConn.ReadJSON(&wsMsg)
|
|
if err != nil {
|
|
ac.logger.WithField("loop", "ws-handler").Println("read:", err)
|
|
ac.wsConn.CloseAndReconnect()
|
|
continue
|
|
}
|
|
if wsMsg.Instruction == WebsocketInstructionTriggerUpdate {
|
|
time.Sleep(ac.reloadOffset)
|
|
err := ac.UpdateIfRequired()
|
|
if err != nil {
|
|
ac.logger.WithField("loop", "ws-handler").WithError(err).Debug("Failed to update")
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
func (ac *APIController) startWSHealth() {
|
|
for ; true; <-time.Tick(time.Second * 10) {
|
|
if !ac.wsConn.IsConnected() {
|
|
continue
|
|
}
|
|
aliveMsg := websocketMessage{
|
|
Instruction: WebsocketInstructionHello,
|
|
Args: map[string]interface{}{
|
|
"version": pkg.VERSION,
|
|
},
|
|
}
|
|
err := ac.wsConn.WriteJSON(aliveMsg)
|
|
ac.logger.WithField("loop", "ws-health").Debug("hello'd")
|
|
if err != nil {
|
|
ac.logger.WithField("loop", "ws-health").Println("write:", err)
|
|
ac.wsConn.CloseAndReconnect()
|
|
continue
|
|
}
|
|
}
|
|
}
|