RPJosh
/
authelia
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
authelia/internal/server/server.go

200 lines
7.8 KiB
Go
Raw Normal View History

Bootstrap Go implementation of Authelia. This is going to be the v4. Expected improvements: - More reliable due to static typing. - Bump of performance. - Improvement of logging. - Authelia can be shipped as a single binary. - Will likely work on ARM architecture.
2019-04-24 21:52:08 +00:00
package server
import (
feat: go:embed static assets (#1733) * feat: go:embed static assets Go 1.16 introduced the ability to embed files within a generated binary directly with the go tool chain. This simplifies our dependencies and the significantly improves the development workflow for future developers. Key points to note: Due to the inability to embed files that do not reside within the local package we need to duplicate our `config.template.yml` within `internal/configuration`. To avoid issues with the development workflow empty mock files have been included within `internal/server/public_html`. These are substituted with the respective generated files during the CI/CD and build workflows. * fix(suites): increase ldap suite test timeout * fix(server): fix swagger asset CSP
2021-02-21 23:07:06 +00:00
"embed"
"io/fs"
[MISC] Warn for poorly tuned argon2id deployments (#1426) The warnings are currently limited to Linux based deployments, however this covers both container and host (static binary) based deployments. We could potentially look to expand this to FreeBSD in future too.
2020-11-05 21:57:03 +00:00
"io/ioutil"
[FEATURE] Add IPv6 support (#1196)
2020-07-16 06:36:37 +00:00
"net"
feat: go:embed static assets (#1733) * feat: go:embed static assets Go 1.16 introduced the ability to embed files within a generated binary directly with the go tool chain. This simplifies our dependencies and the significantly improves the development workflow for future developers. Key points to note: Due to the inability to embed files that do not reside within the local package we need to duplicate our `config.template.yml` within `internal/configuration`. To avoid issues with the development workflow empty mock files have been included within `internal/server/public_html`. These are substituted with the respective generated files during the CI/CD and build workflows. * fix(suites): increase ldap suite test timeout * fix(server): fix swagger asset CSP
2021-02-21 23:07:06 +00:00
"net/http"
Bootstrap Go implementation of Authelia. This is going to be the v4. Expected improvements: - More reliable due to static typing. - Bump of performance. - Improvement of logging. - Authelia can be shipped as a single binary. - Will likely work on ARM architecture.
2019-04-24 21:52:08 +00:00
"os"
[MISC] Warn for poorly tuned argon2id deployments (#1426) The warnings are currently limited to Linux based deployments, however this covers both container and host (static binary) based deployments. We could potentially look to expand this to FreeBSD in future too.
2020-11-05 21:57:03 +00:00
"runtime"
[MISC] Template global config and refactor some /api endpoints (#1135) * [MISC] Template global config and refactor some /api endpoints * /api/configuration has been removed in favour of templating said global config * /api/configuration/extended has been renamed to /api/configuration and display_name has been removed * /api/user/info has been modified to include display_name Co-authored-by: Clement Michaud <clement.michaud34@gmail.com>
2020-06-21 13:40:37 +00:00
"strconv"
[MISC] Warn for poorly tuned argon2id deployments (#1426) The warnings are currently limited to Linux based deployments, however this covers both container and host (static binary) based deployments. We could potentially look to expand this to FreeBSD in future too.
2020-11-05 21:57:03 +00:00
"strings"
Bootstrap Go implementation of Authelia. This is going to be the v4. Expected improvements: - More reliable due to static typing. - Bump of performance. - Improvement of logging. - Authelia can be shipped as a single binary. - Will likely work on ARM architecture.
2019-04-24 21:52:08 +00:00
[MISC] Update durations to notation format and housekeeping (#824) * added regulation validator * made regulations find_time and ban_time values duration notation strings * added DefaultRegulationConfiguration for the validator * made session expiration and inactivity values duration notation strings * TOTP period does not need to be converted because adjustment should be discouraged * moved TOTP defaults to DefaultTOTPConfiguration and removed the consts * arranged the root config validator in configuration file order * adjusted tests for the changes * moved duration notation docs to root of configuration * added references to duration notation where applicable * project wide gofmt and goimports: * run gofmt * run goimports -local github.com/authelia/authelia -w on all files * Make jwt_secret error uniform and add tests * now at 100% coverage for internal/configuration/validator/configuration.go
2020-04-05 12:37:21 +00:00
duoapi "github.com/duosecurity/duo_api_golang"
"github.com/fasthttp/router"
"github.com/valyala/fasthttp"
[MISC] Add http debug routes (#848) * [MISC] Add debug endpoints to Authelia * enabled only with trace logging * allows go tool pprof usage when enabled * enables both the expvarhandler and pprofhandler from fasthttp * simplify tls/non-tls listen and serve * make it easy to define custom settings of the fasthttp server in the future * make name param optional * add note about the trace setting in the documentation
2020-04-11 04:59:58 +00:00
"github.com/valyala/fasthttp/expvarhandler"
[FEATURE] Embed static assets in Go binary (#916) * [FEATURE] Embed static assets in Go binary * Refactor/consolidate code and specify public_html via configuration * Update docs and config template for assets * Update AUR package pre-requisites and systemd unit * Include static assets as Buildkite and GitHub artifacts * Remove references to PUBLIC_DIR * Only serve assets via embedded filesystem and remove configuration references * Update authelia-scripts helper to build the embedded filesystem * Mock the embedded filesystem for unit tests Add to gitignore to ensure this isn't overwritten. * Move go:generate to satisfy linter
2020-04-28 14:07:20 +00:00
"github.com/valyala/fasthttp/fasthttpadaptor"
[MISC] Add http debug routes (#848) * [MISC] Add debug endpoints to Authelia * enabled only with trace logging * allows go tool pprof usage when enabled * enables both the expvarhandler and pprofhandler from fasthttp * simplify tls/non-tls listen and serve * make it easy to define custom settings of the fasthttp server in the future * make name param optional * add note about the trace setting in the documentation
2020-04-11 04:59:58 +00:00
"github.com/valyala/fasthttp/pprofhandler"
[MISC] Update durations to notation format and housekeeping (#824) * added regulation validator * made regulations find_time and ban_time values duration notation strings * added DefaultRegulationConfiguration for the validator * made session expiration and inactivity values duration notation strings * TOTP period does not need to be converted because adjustment should be discouraged * moved TOTP defaults to DefaultTOTPConfiguration and removed the consts * arranged the root config validator in configuration file order * adjusted tests for the changes * moved duration notation docs to root of configuration * added references to duration notation where applicable * project wide gofmt and goimports: * run gofmt * run goimports -local github.com/authelia/authelia -w on all files * Make jwt_secret error uniform and add tests * now at 100% coverage for internal/configuration/validator/configuration.go
2020-04-05 12:37:21 +00:00
Rename org from clems4ever to authelia Also fix references from config.yml to configuration.yml
2019-12-24 02:14:52 +00:00
"github.com/authelia/authelia/internal/configuration/schema"
"github.com/authelia/authelia/internal/duo"
"github.com/authelia/authelia/internal/handlers"
"github.com/authelia/authelia/internal/logging"
"github.com/authelia/authelia/internal/middlewares"
Bootstrap Go implementation of Authelia. This is going to be the v4. Expected improvements: - More reliable due to static typing. - Bump of performance. - Improvement of logging. - Authelia can be shipped as a single binary. - Will likely work on ARM architecture.
2019-04-24 21:52:08 +00:00
)
feat: go:embed static assets (#1733) * feat: go:embed static assets Go 1.16 introduced the ability to embed files within a generated binary directly with the go tool chain. This simplifies our dependencies and the significantly improves the development workflow for future developers. Key points to note: Due to the inability to embed files that do not reside within the local package we need to duplicate our `config.template.yml` within `internal/configuration`. To avoid issues with the development workflow empty mock files have been included within `internal/server/public_html`. These are substituted with the respective generated files during the CI/CD and build workflows. * fix(suites): increase ldap suite test timeout * fix(server): fix swagger asset CSP
2021-02-21 23:07:06 +00:00
//go:embed public_html
var assets embed.FS
feature(oidc): add support for OpenID Connect OpenID connect has become a standard when it comes to authentication and in order to fix a security concern around forwarding authentication and authorization information it has been decided to add support for it. This feature is in beta version and only enabled when there is a configuration for it. Before enabling it in production, please consider that it's in beta with potential bugs and that there are several production critical features still missing such as all OIDC related data is stored in configuration or memory. This means you are potentially going to experience issues with HA deployments, or when restarting a single instance specifically related to OIDC. We are still working on adding the remaining set of features before making it GA as soon as possible. Related to #189 Co-authored-by: Clement Michaud <clement.michaud34@gmail.com>
2021-05-04 22:06:05 +00:00
func registerRoutes(configuration schema.Configuration, providers middlewares.Providers) fasthttp.RequestHandler {
Bootstrap Go implementation of Authelia. This is going to be the v4. Expected improvements: - More reliable due to static typing. - Bump of performance. - Improvement of logging. - Authelia can be shipped as a single binary. - Will likely work on ARM architecture.
2019-04-24 21:52:08 +00:00
autheliaMiddleware := middlewares.AutheliaMiddleware(configuration, providers)
[MISC] Template global config and refactor some /api endpoints (#1135) * [MISC] Template global config and refactor some /api endpoints * /api/configuration has been removed in favour of templating said global config * /api/configuration/extended has been renamed to /api/configuration and display_name has been removed * /api/user/info has been modified to include display_name Co-authored-by: Clement Michaud <clement.michaud34@gmail.com>
2020-06-21 13:40:37 +00:00
rememberMe := strconv.FormatBool(configuration.Session.RememberMeDuration != "0")
resetPassword := strconv.FormatBool(!configuration.AuthenticationBackend.DisableResetPassword)
feat: go:embed static assets (#1733) * feat: go:embed static assets Go 1.16 introduced the ability to embed files within a generated binary directly with the go tool chain. This simplifies our dependencies and the significantly improves the development workflow for future developers. Key points to note: Due to the inability to embed files that do not reside within the local package we need to duplicate our `config.template.yml` within `internal/configuration`. To avoid issues with the development workflow empty mock files have been included within `internal/server/public_html`. These are substituted with the respective generated files during the CI/CD and build workflows. * fix(suites): increase ldap suite test timeout * fix(server): fix swagger asset CSP
2021-02-21 23:07:06 +00:00
embeddedPath, _ := fs.Sub(assets, "public_html")
embeddedFS := fasthttpadaptor.NewFastHTTPHandler(http.FileServer(http.FS(embeddedPath)))
[BUGFIX] Add routes for files in the root path (#988)
2020-05-07 11:29:12 +00:00
rootFiles := []string{"favicon.ico", "manifest.json", "robots.txt"}
[FEATURE] Allow Authelia to listen on a specified path (#1027) * [FEATURE] Allow Authelia to listen on a specified path * Fix linting and add a couple typescript types * Template index.html to support base_url * Update docs and configuration template * Access base path from body attribute. * Update CSP * Fix unit test Also remove check for body as this will never get triggered, react itself is loaded inside the body so this has to always be successful. * Template index.html with ${PUBLIC_URL} * Define PUBLIC_URL in .env(s) * Add docs clarification Co-authored-by: Amir Zarrinkafsh <nightah@me.com> Co-authored-by: Clement Michaud <clement.michaud34@gmail.com>
2020-05-21 02:20:55 +00:00
[FEATURE] Add theme support (#1584) * [FEATURE] Add theme support This change allows users to select a theme for Authelia on start-up. The default will continue to be the existing theme which is known as `light`. Three new options are now also provided: * `dark` * `grey` * `custom` The `custom` theme allows users to specify a primary and secondary hex color code to be utilised to style the portal. Co-authored-by: BankaiNoJutsu <lbegert@gmail.com> * Add themes to integration tests * Remove custom theme * Fix linting issue in access_control_test.go Co-authored-by: BankaiNoJutsu <lbegert@gmail.com>
2021-01-20 12:07:40 +00:00
serveIndexHandler := ServeTemplatedFile(embeddedAssets, indexFile, configuration.Server.Path, rememberMe, resetPassword, configuration.Session.Name, configuration.Theme)
serveSwaggerHandler := ServeTemplatedFile(swaggerAssets, indexFile, configuration.Server.Path, rememberMe, resetPassword, configuration.Session.Name, configuration.Theme)
serveSwaggerAPIHandler := ServeTemplatedFile(swaggerAssets, apiFile, configuration.Server.Path, rememberMe, resetPassword, configuration.Session.Name, configuration.Theme)
[MISC] Template global config and refactor some /api endpoints (#1135) * [MISC] Template global config and refactor some /api endpoints * /api/configuration has been removed in favour of templating said global config * /api/configuration/extended has been renamed to /api/configuration and display_name has been removed * /api/user/info has been modified to include display_name Co-authored-by: Clement Michaud <clement.michaud34@gmail.com>
2020-06-21 13:40:37 +00:00
[FEATURE] Allow Authelia to listen on a specified path (#1027) * [FEATURE] Allow Authelia to listen on a specified path * Fix linting and add a couple typescript types * Template index.html to support base_url * Update docs and configuration template * Access base path from body attribute. * Update CSP * Fix unit test Also remove check for body as this will never get triggered, react itself is loaded inside the body so this has to always be successful. * Template index.html with ${PUBLIC_URL} * Define PUBLIC_URL in .env(s) * Add docs clarification Co-authored-by: Amir Zarrinkafsh <nightah@me.com> Co-authored-by: Clement Michaud <clement.michaud34@gmail.com>
2020-05-21 02:20:55 +00:00
r := router.New()
[MISC] Template global config and refactor some /api endpoints (#1135) * [MISC] Template global config and refactor some /api endpoints * /api/configuration has been removed in favour of templating said global config * /api/configuration/extended has been renamed to /api/configuration and display_name has been removed * /api/user/info has been modified to include display_name Co-authored-by: Clement Michaud <clement.michaud34@gmail.com>
2020-06-21 13:40:37 +00:00
r.GET("/", serveIndexHandler)
fix(handlers): handle xhr requests to /api/verify with 401 (#2189) This changes the way XML HTTP requests are handled on the verify endpoint so that they are redirected using a 401 instead of a 302/303.
2021-07-22 03:52:37 +00:00
r.OPTIONS("/", autheliaMiddleware(handleOPTIONS))
[FEATURE] Add API docs and swagger-ui (#1544) * [FEATURE] Add API docs and swagger-ui This change will serve out swagger-ui at the `/api/` root path. * Update descriptions and summaries in API spec * Utilise frontend assets from unit testing for Docker build steps * Fix tag for /api/user/* endpoints * Fix response schema for /api/user/info/2fa_method * Template and inject the session name during runtime into swagger-ui This change also factorises and renames index.go into template.go, this can now be generically utilised to template any file. * Fix integration tests * Add U2F endpoints * Change swagger directory to api This change is to more closely conform to the golang-standards project layout. * Add authentication for u2f endpoints * Modify u2f endpoint descriptions * Rename and fix u2f 2fa sign endpoints * Fix request body for /api/secondfactor/u2f/sign endpoint Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2021-01-03 04:28:46 +00:00
r.GET("/api/", serveSwaggerHandler)
r.GET("/api/"+apiFile, serveSwaggerAPIHandler)
[BUGFIX] Add routes for files in the root path (#988)
2020-05-07 11:29:12 +00:00
for _, f := range rootFiles {
feat: go:embed static assets (#1733) * feat: go:embed static assets Go 1.16 introduced the ability to embed files within a generated binary directly with the go tool chain. This simplifies our dependencies and the significantly improves the development workflow for future developers. Key points to note: Due to the inability to embed files that do not reside within the local package we need to duplicate our `config.template.yml` within `internal/configuration`. To avoid issues with the development workflow empty mock files have been included within `internal/server/public_html`. These are substituted with the respective generated files during the CI/CD and build workflows. * fix(suites): increase ldap suite test timeout * fix(server): fix swagger asset CSP
2021-02-21 23:07:06 +00:00
r.GET("/"+f, embeddedFS)
[BUGFIX] Add routes for files in the root path (#988)
2020-05-07 11:29:12 +00:00
}
feat: go:embed static assets (#1733) * feat: go:embed static assets Go 1.16 introduced the ability to embed files within a generated binary directly with the go tool chain. This simplifies our dependencies and the significantly improves the development workflow for future developers. Key points to note: Due to the inability to embed files that do not reside within the local package we need to duplicate our `config.template.yml` within `internal/configuration`. To avoid issues with the development workflow empty mock files have been included within `internal/server/public_html`. These are substituted with the respective generated files during the CI/CD and build workflows. * fix(suites): increase ldap suite test timeout * fix(server): fix swagger asset CSP
2021-02-21 23:07:06 +00:00
r.GET("/static/{filepath:*}", embeddedFS)
fix(server): send 404 on missing api endpoints instead of 405 (#1806) Returns a 404 instead of 405 on bad API endpoints. The original issue was resolved in 3487fd392e770c3e4c7af9aa5ef8e3e25b9a73eb however this resolves another issue that's related. Additionally this ensures the behavior is tested. Co-authored-by: Clément Michaud <clement.michaud34@gmail.com> Fixes #1520 Closes #1534
2021-03-11 07:36:58 +00:00
r.ANY("/api/{filepath:*}", embeddedFS)
Bootstrap Go implementation of Authelia. This is going to be the v4. Expected improvements: - More reliable due to static typing. - Bump of performance. - Improvement of logging. - Authelia can be shipped as a single binary. - Will likely work on ARM architecture.
2019-04-24 21:52:08 +00:00
[FEATURE] Create dedicated health endpoint (#1489) This change points the Docker containers healthcheck to the dedicated `/api/health` endpoint and also includes support for Authelia running with a path prefix.
2020-11-24 23:20:52 +00:00
r.GET("/api/health", autheliaMiddleware(handlers.HealthGet))
[FEATURE] Allow Authelia to listen on a specified path (#1027) * [FEATURE] Allow Authelia to listen on a specified path * Fix linting and add a couple typescript types * Template index.html to support base_url * Update docs and configuration template * Access base path from body attribute. * Update CSP * Fix unit test Also remove check for body as this will never get triggered, react itself is loaded inside the body so this has to always be successful. * Template index.html with ${PUBLIC_URL} * Define PUBLIC_URL in .env(s) * Add docs clarification Co-authored-by: Amir Zarrinkafsh <nightah@me.com> Co-authored-by: Clement Michaud <clement.michaud34@gmail.com>
2020-05-21 02:20:55 +00:00
r.GET("/api/state", autheliaMiddleware(handlers.StateGet))
Bootstrap Go implementation of Authelia. This is going to be the v4. Expected improvements: - More reliable due to static typing. - Bump of performance. - Improvement of logging. - Authelia can be shipped as a single binary. - Will likely work on ARM architecture.
2019-04-24 21:52:08 +00:00
[MISC] Template global config and refactor some /api endpoints (#1135) * [MISC] Template global config and refactor some /api endpoints * /api/configuration has been removed in favour of templating said global config * /api/configuration/extended has been renamed to /api/configuration and display_name has been removed * /api/user/info has been modified to include display_name Co-authored-by: Clement Michaud <clement.michaud34@gmail.com>
2020-06-21 13:40:37 +00:00
r.GET("/api/configuration", autheliaMiddleware(
middlewares.RequireFirstFactor(handlers.ConfigurationGet)))
Allow administrator to provide a Google Analytics tracking ID. Providing a GA tracking ID allows administrators to analyze how the portal is used by their users in large environments, i.e., with many users. This will make even more sense when we have users and admins management interfaces.
2019-12-07 16:40:42 +00:00
[FEATURE] Allow Authelia to listen on a specified path (#1027) * [FEATURE] Allow Authelia to listen on a specified path * Fix linting and add a couple typescript types * Template index.html to support base_url * Update docs and configuration template * Access base path from body attribute. * Update CSP * Fix unit test Also remove check for body as this will never get triggered, react itself is loaded inside the body so this has to always be successful. * Template index.html with ${PUBLIC_URL} * Define PUBLIC_URL in .env(s) * Add docs clarification Co-authored-by: Amir Zarrinkafsh <nightah@me.com> Co-authored-by: Clement Michaud <clement.michaud34@gmail.com>
2020-05-21 02:20:55 +00:00
r.GET("/api/verify", autheliaMiddleware(handlers.VerifyGet(configuration.AuthenticationBackend)))
r.HEAD("/api/verify", autheliaMiddleware(handlers.VerifyGet(configuration.AuthenticationBackend)))
Bootstrap Go implementation of Authelia. This is going to be the v4. Expected improvements: - More reliable due to static typing. - Bump of performance. - Improvement of logging. - Authelia can be shipped as a single binary. - Will likely work on ARM architecture.
2019-04-24 21:52:08 +00:00
[FEATURE] Allow Authelia to listen on a specified path (#1027) * [FEATURE] Allow Authelia to listen on a specified path * Fix linting and add a couple typescript types * Template index.html to support base_url * Update docs and configuration template * Access base path from body attribute. * Update CSP * Fix unit test Also remove check for body as this will never get triggered, react itself is loaded inside the body so this has to always be successful. * Template index.html with ${PUBLIC_URL} * Define PUBLIC_URL in .env(s) * Add docs clarification Co-authored-by: Amir Zarrinkafsh <nightah@me.com> Co-authored-by: Clement Michaud <clement.michaud34@gmail.com>
2020-05-21 02:20:55 +00:00
r.POST("/api/firstfactor", autheliaMiddleware(handlers.FirstFactorPost(1000, true)))
r.POST("/api/logout", autheliaMiddleware(handlers.LogoutPost))
Bootstrap Go implementation of Authelia. This is going to be the v4. Expected improvements: - More reliable due to static typing. - Bump of performance. - Improvement of logging. - Authelia can be shipped as a single binary. - Will likely work on ARM architecture.
2019-04-24 21:52:08 +00:00
[FEATURE] Embed static assets in Go binary (#916) * [FEATURE] Embed static assets in Go binary * Refactor/consolidate code and specify public_html via configuration * Update docs and config template for assets * Update AUR package pre-requisites and systemd unit * Include static assets as Buildkite and GitHub artifacts * Remove references to PUBLIC_DIR * Only serve assets via embedded filesystem and remove configuration references * Update authelia-scripts helper to build the embedded filesystem * Mock the embedded filesystem for unit tests Add to gitignore to ensure this isn't overwritten. * Move go:generate to satisfy linter
2020-04-28 14:07:20 +00:00
// Only register endpoints if forgot password is not disabled.
[FEATURE] Disable Reset Password (#823) * [FEATURE] Disable Reset Password * add configuration key to authentication_backend called disable_reset_password * disable_reset_password prevents the API handler for the functionality and the UI element * disable_reset_password is a boolean * adjust RememberMeEnabled to be RememberMe instead as it's just unnecessary * add docs for security measures and in the authentication docs * updated config.template.yml * add flexEnd style to align reset password when remember me disabled * add todo items for ldap user/password validation relating to this
2020-04-04 23:28:09 +00:00
if !configuration.AuthenticationBackend.DisableResetPassword {
// Password reset related endpoints.
[FEATURE] Allow Authelia to listen on a specified path (#1027) * [FEATURE] Allow Authelia to listen on a specified path * Fix linting and add a couple typescript types * Template index.html to support base_url * Update docs and configuration template * Access base path from body attribute. * Update CSP * Fix unit test Also remove check for body as this will never get triggered, react itself is loaded inside the body so this has to always be successful. * Template index.html with ${PUBLIC_URL} * Define PUBLIC_URL in .env(s) * Add docs clarification Co-authored-by: Amir Zarrinkafsh <nightah@me.com> Co-authored-by: Clement Michaud <clement.michaud34@gmail.com>
2020-05-21 02:20:55 +00:00
r.POST("/api/reset-password/identity/start", autheliaMiddleware(
[FEATURE] Disable Reset Password (#823) * [FEATURE] Disable Reset Password * add configuration key to authentication_backend called disable_reset_password * disable_reset_password prevents the API handler for the functionality and the UI element * disable_reset_password is a boolean * adjust RememberMeEnabled to be RememberMe instead as it's just unnecessary * add docs for security measures and in the authentication docs * updated config.template.yml * add flexEnd style to align reset password when remember me disabled * add todo items for ldap user/password validation relating to this
2020-04-04 23:28:09 +00:00
handlers.ResetPasswordIdentityStart))
[FEATURE] Allow Authelia to listen on a specified path (#1027) * [FEATURE] Allow Authelia to listen on a specified path * Fix linting and add a couple typescript types * Template index.html to support base_url * Update docs and configuration template * Access base path from body attribute. * Update CSP * Fix unit test Also remove check for body as this will never get triggered, react itself is loaded inside the body so this has to always be successful. * Template index.html with ${PUBLIC_URL} * Define PUBLIC_URL in .env(s) * Add docs clarification Co-authored-by: Amir Zarrinkafsh <nightah@me.com> Co-authored-by: Clement Michaud <clement.michaud34@gmail.com>
2020-05-21 02:20:55 +00:00
r.POST("/api/reset-password/identity/finish", autheliaMiddleware(
[FEATURE] Disable Reset Password (#823) * [FEATURE] Disable Reset Password * add configuration key to authentication_backend called disable_reset_password * disable_reset_password prevents the API handler for the functionality and the UI element * disable_reset_password is a boolean * adjust RememberMeEnabled to be RememberMe instead as it's just unnecessary * add docs for security measures and in the authentication docs * updated config.template.yml * add flexEnd style to align reset password when remember me disabled * add todo items for ldap user/password validation relating to this
2020-04-04 23:28:09 +00:00
handlers.ResetPasswordIdentityFinish))
[FEATURE] Allow Authelia to listen on a specified path (#1027) * [FEATURE] Allow Authelia to listen on a specified path * Fix linting and add a couple typescript types * Template index.html to support base_url * Update docs and configuration template * Access base path from body attribute. * Update CSP * Fix unit test Also remove check for body as this will never get triggered, react itself is loaded inside the body so this has to always be successful. * Template index.html with ${PUBLIC_URL} * Define PUBLIC_URL in .env(s) * Add docs clarification Co-authored-by: Amir Zarrinkafsh <nightah@me.com> Co-authored-by: Clement Michaud <clement.michaud34@gmail.com>
2020-05-21 02:20:55 +00:00
r.POST("/api/reset-password", autheliaMiddleware(
[FEATURE] Disable Reset Password (#823) * [FEATURE] Disable Reset Password * add configuration key to authentication_backend called disable_reset_password * disable_reset_password prevents the API handler for the functionality and the UI element * disable_reset_password is a boolean * adjust RememberMeEnabled to be RememberMe instead as it's just unnecessary * add docs for security measures and in the authentication docs * updated config.template.yml * add flexEnd style to align reset password when remember me disabled * add todo items for ldap user/password validation relating to this
2020-04-04 23:28:09 +00:00
handlers.ResetPasswordPost))
}
Bootstrap Go implementation of Authelia. This is going to be the v4. Expected improvements: - More reliable due to static typing. - Bump of performance. - Improvement of logging. - Authelia can be shipped as a single binary. - Will likely work on ARM architecture.
2019-04-24 21:52:08 +00:00
[FEATURE] Embed static assets in Go binary (#916) * [FEATURE] Embed static assets in Go binary * Refactor/consolidate code and specify public_html via configuration * Update docs and config template for assets * Update AUR package pre-requisites and systemd unit * Include static assets as Buildkite and GitHub artifacts * Remove references to PUBLIC_DIR * Only serve assets via embedded filesystem and remove configuration references * Update authelia-scripts helper to build the embedded filesystem * Mock the embedded filesystem for unit tests Add to gitignore to ensure this isn't overwritten. * Move go:generate to satisfy linter
2020-04-28 14:07:20 +00:00
// Information about the user.
[FEATURE] Allow Authelia to listen on a specified path (#1027) * [FEATURE] Allow Authelia to listen on a specified path * Fix linting and add a couple typescript types * Template index.html to support base_url * Update docs and configuration template * Access base path from body attribute. * Update CSP * Fix unit test Also remove check for body as this will never get triggered, react itself is loaded inside the body so this has to always be successful. * Template index.html with ${PUBLIC_URL} * Define PUBLIC_URL in .env(s) * Add docs clarification Co-authored-by: Amir Zarrinkafsh <nightah@me.com> Co-authored-by: Clement Michaud <clement.michaud34@gmail.com>
2020-05-21 02:20:55 +00:00
r.GET("/api/user/info", autheliaMiddleware(
Introduce hasU2F and hasTOTP in user info.
2019-12-07 11:18:22 +00:00
middlewares.RequireFirstFactor(handlers.UserInfoGet)))
[FEATURE] Allow Authelia to listen on a specified path (#1027) * [FEATURE] Allow Authelia to listen on a specified path * Fix linting and add a couple typescript types * Template index.html to support base_url * Update docs and configuration template * Access base path from body attribute. * Update CSP * Fix unit test Also remove check for body as this will never get triggered, react itself is loaded inside the body so this has to always be successful. * Template index.html with ${PUBLIC_URL} * Define PUBLIC_URL in .env(s) * Add docs clarification Co-authored-by: Amir Zarrinkafsh <nightah@me.com> Co-authored-by: Clement Michaud <clement.michaud34@gmail.com>
2020-05-21 02:20:55 +00:00
r.POST("/api/user/info/2fa_method", autheliaMiddleware(
Introduce hasU2F and hasTOTP in user info.
2019-12-07 11:18:22 +00:00
middlewares.RequireFirstFactor(handlers.MethodPreferencePost)))
Bootstrap Go implementation of Authelia. This is going to be the v4. Expected improvements: - More reliable due to static typing. - Bump of performance. - Improvement of logging. - Authelia can be shipped as a single binary. - Will likely work on ARM architecture.
2019-04-24 21:52:08 +00:00
[FEATURE] Embed static assets in Go binary (#916) * [FEATURE] Embed static assets in Go binary * Refactor/consolidate code and specify public_html via configuration * Update docs and config template for assets * Update AUR package pre-requisites and systemd unit * Include static assets as Buildkite and GitHub artifacts * Remove references to PUBLIC_DIR * Only serve assets via embedded filesystem and remove configuration references * Update authelia-scripts helper to build the embedded filesystem * Mock the embedded filesystem for unit tests Add to gitignore to ensure this isn't overwritten. * Move go:generate to satisfy linter
2020-04-28 14:07:20 +00:00
// TOTP related endpoints.
[FEATURE] Allow Authelia to listen on a specified path (#1027) * [FEATURE] Allow Authelia to listen on a specified path * Fix linting and add a couple typescript types * Template index.html to support base_url * Update docs and configuration template * Access base path from body attribute. * Update CSP * Fix unit test Also remove check for body as this will never get triggered, react itself is loaded inside the body so this has to always be successful. * Template index.html with ${PUBLIC_URL} * Define PUBLIC_URL in .env(s) * Add docs clarification Co-authored-by: Amir Zarrinkafsh <nightah@me.com> Co-authored-by: Clement Michaud <clement.michaud34@gmail.com>
2020-05-21 02:20:55 +00:00
r.POST("/api/secondfactor/totp/identity/start", autheliaMiddleware(
Bootstrap Go implementation of Authelia. This is going to be the v4. Expected improvements: - More reliable due to static typing. - Bump of performance. - Improvement of logging. - Authelia can be shipped as a single binary. - Will likely work on ARM architecture.
2019-04-24 21:52:08 +00:00
middlewares.RequireFirstFactor(handlers.SecondFactorTOTPIdentityStart)))
[FEATURE] Allow Authelia to listen on a specified path (#1027) * [FEATURE] Allow Authelia to listen on a specified path * Fix linting and add a couple typescript types * Template index.html to support base_url * Update docs and configuration template * Access base path from body attribute. * Update CSP * Fix unit test Also remove check for body as this will never get triggered, react itself is loaded inside the body so this has to always be successful. * Template index.html with ${PUBLIC_URL} * Define PUBLIC_URL in .env(s) * Add docs clarification Co-authored-by: Amir Zarrinkafsh <nightah@me.com> Co-authored-by: Clement Michaud <clement.michaud34@gmail.com>
2020-05-21 02:20:55 +00:00
r.POST("/api/secondfactor/totp/identity/finish", autheliaMiddleware(
Bootstrap Go implementation of Authelia. This is going to be the v4. Expected improvements: - More reliable due to static typing. - Bump of performance. - Improvement of logging. - Authelia can be shipped as a single binary. - Will likely work on ARM architecture.
2019-04-24 21:52:08 +00:00
middlewares.RequireFirstFactor(handlers.SecondFactorTOTPIdentityFinish)))
[FEATURE] Allow Authelia to listen on a specified path (#1027) * [FEATURE] Allow Authelia to listen on a specified path * Fix linting and add a couple typescript types * Template index.html to support base_url * Update docs and configuration template * Access base path from body attribute. * Update CSP * Fix unit test Also remove check for body as this will never get triggered, react itself is loaded inside the body so this has to always be successful. * Template index.html with ${PUBLIC_URL} * Define PUBLIC_URL in .env(s) * Add docs clarification Co-authored-by: Amir Zarrinkafsh <nightah@me.com> Co-authored-by: Clement Michaud <clement.michaud34@gmail.com>
2020-05-21 02:20:55 +00:00
r.POST("/api/secondfactor/totp", autheliaMiddleware(
[FEATURE] TOTP Tuning Configuration Options and Fix Timer Graphic (#773) * Add period TOPT config key to define the time in seconds each OTP is rotated * Add skew TOTP config to define how many keys either side of the current one should be considered valid * Add tests and set minimum values * Update config template * Use unix epoch for position calculation and Fix QR gen * This resolves the timer resetting improperly at the 0 seconds mark and allows for periods longer than 1 minute * Generate QR based on period * Fix OTP timer graphic
2020-03-25 01:48:20 +00:00
middlewares.RequireFirstFactor(handlers.SecondFactorTOTPPost(&handlers.TOTPVerifierImpl{
Period: uint(configuration.TOTP.Period),
Skew: uint(*configuration.TOTP.Skew),
}))))
Bootstrap Go implementation of Authelia. This is going to be the v4. Expected improvements: - More reliable due to static typing. - Bump of performance. - Improvement of logging. - Authelia can be shipped as a single binary. - Will likely work on ARM architecture.
2019-04-24 21:52:08 +00:00
[FEATURE] Embed static assets in Go binary (#916) * [FEATURE] Embed static assets in Go binary * Refactor/consolidate code and specify public_html via configuration * Update docs and config template for assets * Update AUR package pre-requisites and systemd unit * Include static assets as Buildkite and GitHub artifacts * Remove references to PUBLIC_DIR * Only serve assets via embedded filesystem and remove configuration references * Update authelia-scripts helper to build the embedded filesystem * Mock the embedded filesystem for unit tests Add to gitignore to ensure this isn't overwritten. * Move go:generate to satisfy linter
2020-04-28 14:07:20 +00:00
// U2F related endpoints.
[FEATURE] Allow Authelia to listen on a specified path (#1027) * [FEATURE] Allow Authelia to listen on a specified path * Fix linting and add a couple typescript types * Template index.html to support base_url * Update docs and configuration template * Access base path from body attribute. * Update CSP * Fix unit test Also remove check for body as this will never get triggered, react itself is loaded inside the body so this has to always be successful. * Template index.html with ${PUBLIC_URL} * Define PUBLIC_URL in .env(s) * Add docs clarification Co-authored-by: Amir Zarrinkafsh <nightah@me.com> Co-authored-by: Clement Michaud <clement.michaud34@gmail.com>
2020-05-21 02:20:55 +00:00
r.POST("/api/secondfactor/u2f/identity/start", autheliaMiddleware(
Bootstrap Go implementation of Authelia. This is going to be the v4. Expected improvements: - More reliable due to static typing. - Bump of performance. - Improvement of logging. - Authelia can be shipped as a single binary. - Will likely work on ARM architecture.
2019-04-24 21:52:08 +00:00
middlewares.RequireFirstFactor(handlers.SecondFactorU2FIdentityStart)))
[FEATURE] Allow Authelia to listen on a specified path (#1027) * [FEATURE] Allow Authelia to listen on a specified path * Fix linting and add a couple typescript types * Template index.html to support base_url * Update docs and configuration template * Access base path from body attribute. * Update CSP * Fix unit test Also remove check for body as this will never get triggered, react itself is loaded inside the body so this has to always be successful. * Template index.html with ${PUBLIC_URL} * Define PUBLIC_URL in .env(s) * Add docs clarification Co-authored-by: Amir Zarrinkafsh <nightah@me.com> Co-authored-by: Clement Michaud <clement.michaud34@gmail.com>
2020-05-21 02:20:55 +00:00
r.POST("/api/secondfactor/u2f/identity/finish", autheliaMiddleware(
Bootstrap Go implementation of Authelia. This is going to be the v4. Expected improvements: - More reliable due to static typing. - Bump of performance. - Improvement of logging. - Authelia can be shipped as a single binary. - Will likely work on ARM architecture.
2019-04-24 21:52:08 +00:00
middlewares.RequireFirstFactor(handlers.SecondFactorU2FIdentityFinish)))
[FEATURE] Allow Authelia to listen on a specified path (#1027) * [FEATURE] Allow Authelia to listen on a specified path * Fix linting and add a couple typescript types * Template index.html to support base_url * Update docs and configuration template * Access base path from body attribute. * Update CSP * Fix unit test Also remove check for body as this will never get triggered, react itself is loaded inside the body so this has to always be successful. * Template index.html with ${PUBLIC_URL} * Define PUBLIC_URL in .env(s) * Add docs clarification Co-authored-by: Amir Zarrinkafsh <nightah@me.com> Co-authored-by: Clement Michaud <clement.michaud34@gmail.com>
2020-05-21 02:20:55 +00:00
r.POST("/api/secondfactor/u2f/register", autheliaMiddleware(
Bootstrap Go implementation of Authelia. This is going to be the v4. Expected improvements: - More reliable due to static typing. - Bump of performance. - Improvement of logging. - Authelia can be shipped as a single binary. - Will likely work on ARM architecture.
2019-04-24 21:52:08 +00:00
middlewares.RequireFirstFactor(handlers.SecondFactorU2FRegister)))
[FEATURE] Allow Authelia to listen on a specified path (#1027) * [FEATURE] Allow Authelia to listen on a specified path * Fix linting and add a couple typescript types * Template index.html to support base_url * Update docs and configuration template * Access base path from body attribute. * Update CSP * Fix unit test Also remove check for body as this will never get triggered, react itself is loaded inside the body so this has to always be successful. * Template index.html with ${PUBLIC_URL} * Define PUBLIC_URL in .env(s) * Add docs clarification Co-authored-by: Amir Zarrinkafsh <nightah@me.com> Co-authored-by: Clement Michaud <clement.michaud34@gmail.com>
2020-05-21 02:20:55 +00:00
r.POST("/api/secondfactor/u2f/sign_request", autheliaMiddleware(
Bootstrap Go implementation of Authelia. This is going to be the v4. Expected improvements: - More reliable due to static typing. - Bump of performance. - Improvement of logging. - Authelia can be shipped as a single binary. - Will likely work on ARM architecture.
2019-04-24 21:52:08 +00:00
middlewares.RequireFirstFactor(handlers.SecondFactorU2FSignGet)))
[FIX] Fix default redirection URL not taken into account (#600) * Remove unused mongo docker-compose file. * Default redirection URL was not taken into account. * Fix possible storage options in config template. * Remove useless checks in u2f registration endpoints. * Add default redirection url in config of duo suite. * Fix log line in response handler of 2FA methods. * Fix integration tests. Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2020-02-01 12:54:50 +00:00
[FEATURE] Allow Authelia to listen on a specified path (#1027) * [FEATURE] Allow Authelia to listen on a specified path * Fix linting and add a couple typescript types * Template index.html to support base_url * Update docs and configuration template * Access base path from body attribute. * Update CSP * Fix unit test Also remove check for body as this will never get triggered, react itself is loaded inside the body so this has to always be successful. * Template index.html with ${PUBLIC_URL} * Define PUBLIC_URL in .env(s) * Add docs clarification Co-authored-by: Amir Zarrinkafsh <nightah@me.com> Co-authored-by: Clement Michaud <clement.michaud34@gmail.com>
2020-05-21 02:20:55 +00:00
r.POST("/api/secondfactor/u2f/sign", autheliaMiddleware(
[FIX] Fix default redirection URL not taken into account (#600) * Remove unused mongo docker-compose file. * Default redirection URL was not taken into account. * Fix possible storage options in config template. * Remove useless checks in u2f registration endpoints. * Add default redirection url in config of duo suite. * Fix log line in response handler of 2FA methods. * Fix integration tests. Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2020-02-01 12:54:50 +00:00
middlewares.RequireFirstFactor(handlers.SecondFactorU2FSignPost(&handlers.U2FVerifierImpl{}))))
Bootstrap Go implementation of Authelia. This is going to be the v4. Expected improvements: - More reliable due to static typing. - Bump of performance. - Improvement of logging. - Authelia can be shipped as a single binary. - Will likely work on ARM architecture.
2019-04-24 21:52:08 +00:00
[FEATURE] Embed static assets in Go binary (#916) * [FEATURE] Embed static assets in Go binary * Refactor/consolidate code and specify public_html via configuration * Update docs and config template for assets * Update AUR package pre-requisites and systemd unit * Include static assets as Buildkite and GitHub artifacts * Remove references to PUBLIC_DIR * Only serve assets via embedded filesystem and remove configuration references * Update authelia-scripts helper to build the embedded filesystem * Mock the embedded filesystem for unit tests Add to gitignore to ensure this isn't overwritten. * Move go:generate to satisfy linter
2020-04-28 14:07:20 +00:00
// Configure DUO api endpoint only if configuration exists.
Bootstrap Go implementation of Authelia. This is going to be the v4. Expected improvements: - More reliable due to static typing. - Bump of performance. - Improvement of logging. - Authelia can be shipped as a single binary. - Will likely work on ARM architecture.
2019-04-24 21:52:08 +00:00
if configuration.DuoAPI != nil {
var duoAPI duo.API
[CI] Collect coverage from frontend during integration tests (#1472) This change will allow us to collect frontend code coverage from our Selenium based integration tests. Given that the frontend is embedded into the Go binary and the integration tests run with a compiled binary in Docker this poses some issues with the instrumented code and the ability for it to run in this manner. To fix this we need to relax Authelia's CSP for the integration tests. This is achieved by setting the env variable `ENVIRONMENT` to `dev`.
2020-11-19 01:50:34 +00:00
if os.Getenv("ENVIRONMENT") == dev {
Bootstrap Go implementation of Authelia. This is going to be the v4. Expected improvements: - More reliable due to static typing. - Bump of performance. - Improvement of logging. - Authelia can be shipped as a single binary. - Will likely work on ARM architecture.
2019-04-24 21:52:08 +00:00
duoAPI = duo.NewDuoAPI(duoapi.NewDuoApi(
configuration.DuoAPI.IntegrationKey,
configuration.DuoAPI.SecretKey,
configuration.DuoAPI.Hostname, "", duoapi.SetInsecure()))
} else {
duoAPI = duo.NewDuoAPI(duoapi.NewDuoApi(
configuration.DuoAPI.IntegrationKey,
configuration.DuoAPI.SecretKey,
configuration.DuoAPI.Hostname, ""))
}
[FEATURE] Allow Authelia to listen on a specified path (#1027) * [FEATURE] Allow Authelia to listen on a specified path * Fix linting and add a couple typescript types * Template index.html to support base_url * Update docs and configuration template * Access base path from body attribute. * Update CSP * Fix unit test Also remove check for body as this will never get triggered, react itself is loaded inside the body so this has to always be successful. * Template index.html with ${PUBLIC_URL} * Define PUBLIC_URL in .env(s) * Add docs clarification Co-authored-by: Amir Zarrinkafsh <nightah@me.com> Co-authored-by: Clement Michaud <clement.michaud34@gmail.com>
2020-05-21 02:20:55 +00:00
r.POST("/api/secondfactor/duo", autheliaMiddleware(
Bootstrap Go implementation of Authelia. This is going to be the v4. Expected improvements: - More reliable due to static typing. - Bump of performance. - Improvement of logging. - Authelia can be shipped as a single binary. - Will likely work on ARM architecture.
2019-04-24 21:52:08 +00:00
middlewares.RequireFirstFactor(handlers.SecondFactorDuoPost(duoAPI))))
}
feat(configuration): add error and warn log levels (#2050) This is so levels like warn and error can be used to exclude info or warn messages. Additionally there is a reasonable refactoring of logging moving the log config options to the logging key because there are a significant number of log options now. This also decouples the expvars and pprof handlers from the log level, and they are now configured by server.enable_expvars and server.enable_pprof at any logging level.
2021-06-01 04:09:50 +00:00
if configuration.Server.EnablePprof {
[FEATURE] Allow Authelia to listen on a specified path (#1027) * [FEATURE] Allow Authelia to listen on a specified path * Fix linting and add a couple typescript types * Template index.html to support base_url * Update docs and configuration template * Access base path from body attribute. * Update CSP * Fix unit test Also remove check for body as this will never get triggered, react itself is loaded inside the body so this has to always be successful. * Template index.html with ${PUBLIC_URL} * Define PUBLIC_URL in .env(s) * Add docs clarification Co-authored-by: Amir Zarrinkafsh <nightah@me.com> Co-authored-by: Clement Michaud <clement.michaud34@gmail.com>
2020-05-21 02:20:55 +00:00
r.GET("/debug/pprof/{name?}", pprofhandler.PprofHandler)
feat(configuration): add error and warn log levels (#2050) This is so levels like warn and error can be used to exclude info or warn messages. Additionally there is a reasonable refactoring of logging moving the log config options to the logging key because there are a significant number of log options now. This also decouples the expvars and pprof handlers from the log level, and they are now configured by server.enable_expvars and server.enable_pprof at any logging level.
2021-06-01 04:09:50 +00:00
}
if configuration.Server.EnableExpvars {
[FEATURE] Allow Authelia to listen on a specified path (#1027) * [FEATURE] Allow Authelia to listen on a specified path * Fix linting and add a couple typescript types * Template index.html to support base_url * Update docs and configuration template * Access base path from body attribute. * Update CSP * Fix unit test Also remove check for body as this will never get triggered, react itself is loaded inside the body so this has to always be successful. * Template index.html with ${PUBLIC_URL} * Define PUBLIC_URL in .env(s) * Add docs clarification Co-authored-by: Amir Zarrinkafsh <nightah@me.com> Co-authored-by: Clement Michaud <clement.michaud34@gmail.com>
2020-05-21 02:20:55 +00:00
r.GET("/debug/vars", expvarhandler.ExpvarHandler)
[MISC] Add http debug routes (#848) * [MISC] Add debug endpoints to Authelia * enabled only with trace logging * allows go tool pprof usage when enabled * enables both the expvarhandler and pprofhandler from fasthttp * simplify tls/non-tls listen and serve * make it easy to define custom settings of the fasthttp server in the future * make name param optional * add note about the trace setting in the documentation
2020-04-11 04:59:58 +00:00
}
[MISC] Template global config and refactor some /api endpoints (#1135) * [MISC] Template global config and refactor some /api endpoints * /api/configuration has been removed in favour of templating said global config * /api/configuration/extended has been renamed to /api/configuration and display_name has been removed * /api/user/info has been modified to include display_name Co-authored-by: Clement Michaud <clement.michaud34@gmail.com>
2020-06-21 13:40:37 +00:00
r.NotFound = serveIndexHandler
[FEATURE] Allow Authelia to listen on a specified path (#1027) * [FEATURE] Allow Authelia to listen on a specified path * Fix linting and add a couple typescript types * Template index.html to support base_url * Update docs and configuration template * Access base path from body attribute. * Update CSP * Fix unit test Also remove check for body as this will never get triggered, react itself is loaded inside the body so this has to always be successful. * Template index.html with ${PUBLIC_URL} * Define PUBLIC_URL in .env(s) * Add docs clarification Co-authored-by: Amir Zarrinkafsh <nightah@me.com> Co-authored-by: Clement Michaud <clement.michaud34@gmail.com>
2020-05-21 02:20:55 +00:00
handler := middlewares.LogRequestMiddleware(r.Handler)
if configuration.Server.Path != "" {
handler = middlewares.StripPathMiddleware(handler)
}
Fix and parallelize integration tests.
2019-11-30 16:49:52 +00:00
feature(oidc): add support for OpenID Connect OpenID connect has become a standard when it comes to authentication and in order to fix a security concern around forwarding authentication and authorization information it has been decided to add support for it. This feature is in beta version and only enabled when there is a configuration for it. Before enabling it in production, please consider that it's in beta with potential bugs and that there are several production critical features still missing such as all OIDC related data is stored in configuration or memory. This means you are potentially going to experience issues with HA deployments, or when restarting a single instance specifically related to OIDC. We are still working on adding the remaining set of features before making it GA as soon as possible. Related to #189 Co-authored-by: Clement Michaud <clement.michaud34@gmail.com>
2021-05-04 22:06:05 +00:00
if providers.OpenIDConnect.Fosite != nil {
handlers.RegisterOIDC(r, autheliaMiddleware)
}
return handler
}
// StartServer start Authelia server with the given configuration and providers.
func StartServer(configuration schema.Configuration, providers middlewares.Providers) {
logger := logging.Logger()
handler := registerRoutes(configuration, providers)
[MISC] Add http debug routes (#848) * [MISC] Add debug endpoints to Authelia * enabled only with trace logging * allows go tool pprof usage when enabled * enables both the expvarhandler and pprofhandler from fasthttp * simplify tls/non-tls listen and serve * make it easy to define custom settings of the fasthttp server in the future * make name param optional * add note about the trace setting in the documentation
2020-04-11 04:59:58 +00:00
server := &fasthttp.Server{
[SECURITY] Disable HTTP server header (#946) * [SECURITY] Disable HTTP Server Header * alphabetize fasthttp.Server property assignment
2020-04-30 03:16:41 +00:00
ErrorHandler: autheliaErrorHandler,
[FEATURE] Allow Authelia to listen on a specified path (#1027) * [FEATURE] Allow Authelia to listen on a specified path * Fix linting and add a couple typescript types * Template index.html to support base_url * Update docs and configuration template * Access base path from body attribute. * Update CSP * Fix unit test Also remove check for body as this will never get triggered, react itself is loaded inside the body so this has to always be successful. * Template index.html with ${PUBLIC_URL} * Define PUBLIC_URL in .env(s) * Add docs clarification Co-authored-by: Amir Zarrinkafsh <nightah@me.com> Co-authored-by: Clement Michaud <clement.michaud34@gmail.com>
2020-05-21 02:20:55 +00:00
Handler: handler,
[SECURITY] Disable HTTP server header (#946) * [SECURITY] Disable HTTP Server Header * alphabetize fasthttp.Server property assignment
2020-04-30 03:16:41 +00:00
NoDefaultServerHeader: true,
ReadBufferSize: configuration.Server.ReadBufferSize,
WriteBufferSize: configuration.Server.WriteBufferSize,
[MISC] Add http debug routes (#848) * [MISC] Add debug endpoints to Authelia * enabled only with trace logging * allows go tool pprof usage when enabled * enables both the expvarhandler and pprofhandler from fasthttp * simplify tls/non-tls listen and serve * make it easy to define custom settings of the fasthttp server in the future * make name param optional * add note about the trace setting in the documentation
2020-04-11 04:59:58 +00:00
}
[FEATURE] Buffer size configuration and additional http error handling (#944) * implement read buffer size config option * implement write buffer size config option * implement fasthttp ErrorHandler so we can log errors to Authelia as well * add struct/schema validation * add default value * add docs * add config key to validator * refactoring * apply suggestions from code review Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2020-04-30 02:03:05 +00:00
[FEATURE] Add IPv6 support (#1196)
2020-07-16 06:36:37 +00:00
addrPattern := net.JoinHostPort(configuration.Host, strconv.Itoa(configuration.Port))
listener, err := net.Listen("tcp", addrPattern)
if err != nil {
[MISC] Add missing CLI suite test (#1607) * [MISC] Add missing CLI suite test * Add missing test for `authelia version` command in CLI suite. * Standardise logger calls and swap CSP switch order
2021-01-16 23:23:35 +00:00
logger.Fatalf("Error initializing listener: %s", err)
[FEATURE] Add IPv6 support (#1196)
2020-07-16 06:36:37 +00:00
}
Bootstrap Go implementation of Authelia. This is going to be the v4. Expected improvements: - More reliable due to static typing. - Bump of performance. - Improvement of logging. - Authelia can be shipped as a single binary. - Will likely work on ARM architecture.
2019-04-24 21:52:08 +00:00
feature(oidc): add support for OpenID Connect OpenID connect has become a standard when it comes to authentication and in order to fix a security concern around forwarding authentication and authorization information it has been decided to add support for it. This feature is in beta version and only enabled when there is a configuration for it. Before enabling it in production, please consider that it's in beta with potential bugs and that there are several production critical features still missing such as all OIDC related data is stored in configuration or memory. This means you are potentially going to experience issues with HA deployments, or when restarting a single instance specifically related to OIDC. We are still working on adding the remaining set of features before making it GA as soon as possible. Related to #189 Co-authored-by: Clement Michaud <clement.michaud34@gmail.com>
2021-05-04 22:06:05 +00:00
// TODO(clems4ever): move that piece to a more related location, probably in the configuration package.
[MISC] Warn for poorly tuned argon2id deployments (#1426) The warnings are currently limited to Linux based deployments, however this covers both container and host (static binary) based deployments. We could potentially look to expand this to FreeBSD in future too.
2020-11-05 21:57:03 +00:00
if configuration.AuthenticationBackend.File != nil && configuration.AuthenticationBackend.File.Password.Algorithm == "argon2id" && runtime.GOOS == "linux" {
f, err := ioutil.ReadFile("/sys/fs/cgroup/memory/memory.limit_in_bytes")
if err != nil {
[MISC] Add missing CLI suite test (#1607) * [MISC] Add missing CLI suite test * Add missing test for `authelia version` command in CLI suite. * Standardise logger calls and swap CSP switch order
2021-01-16 23:23:35 +00:00
logger.Warnf("Error reading hosts memory limit: %s", err)
[MISC] Warn for poorly tuned argon2id deployments (#1426) The warnings are currently limited to Linux based deployments, however this covers both container and host (static binary) based deployments. We could potentially look to expand this to FreeBSD in future too.
2020-11-05 21:57:03 +00:00
} else {
m, _ := strconv.Atoi(strings.TrimSuffix(string(f), "\n"))
hostMem := float64(m) / 1024 / 1024 / 1024
argonMem := float64(configuration.AuthenticationBackend.File.Password.Memory) / 1024
if hostMem/argonMem <= 2 {
[MISC] Add missing CLI suite test (#1607) * [MISC] Add missing CLI suite test * Add missing test for `authelia version` command in CLI suite. * Standardise logger calls and swap CSP switch order
2021-01-16 23:23:35 +00:00
logger.Warnf("Authelia's password hashing memory parameter is set to: %gGB this is %g%% of the available memory: %gGB", argonMem, argonMem/hostMem*100, hostMem)
logger.Warn("Please read https://www.authelia.com/docs/configuration/authentication/file.html#memory and tune your deployment")
[MISC] Warn for poorly tuned argon2id deployments (#1426) The warnings are currently limited to Linux based deployments, however this covers both container and host (static binary) based deployments. We could potentially look to expand this to FreeBSD in future too.
2020-11-05 21:57:03 +00:00
}
}
}
[FEATURE] Add TLS support. (#677) * [FEATURE] Add TLS support. Fixes #368. * [FEATURE] Introduce OnError hook in suites. This hook allows to perform actions following an erroneous suite like displaying the logs of Authelia. * Display Authelia logs of Standalone suite when tests fail. * Fix Standalone suite. * Apply suggestions from code review * Rename ssl_key and ssl_cert into tls_key and tls_cert.
2020-03-03 07:18:25 +00:00
if configuration.TLSCert != "" && configuration.TLSKey != "" {
[MISC] Add missing CLI suite test (#1607) * [MISC] Add missing CLI suite test * Add missing test for `authelia version` command in CLI suite. * Standardise logger calls and swap CSP switch order
2021-01-16 23:23:35 +00:00
logger.Infof("Authelia is listening for TLS connections on %s%s", addrPattern, configuration.Server.Path)
logger.Fatal(server.ServeTLS(listener, configuration.TLSCert, configuration.TLSKey))
[FEATURE] Add TLS support. (#677) * [FEATURE] Add TLS support. Fixes #368. * [FEATURE] Introduce OnError hook in suites. This hook allows to perform actions following an erroneous suite like displaying the logs of Authelia. * Display Authelia logs of Standalone suite when tests fail. * Fix Standalone suite. * Apply suggestions from code review * Rename ssl_key and ssl_cert into tls_key and tls_cert.
2020-03-03 07:18:25 +00:00
} else {
[MISC] Add missing CLI suite test (#1607) * [MISC] Add missing CLI suite test * Add missing test for `authelia version` command in CLI suite. * Standardise logger calls and swap CSP switch order
2021-01-16 23:23:35 +00:00
logger.Infof("Authelia is listening for non-TLS connections on %s%s", addrPattern, configuration.Server.Path)
logger.Fatal(server.Serve(listener))
[FEATURE] Add TLS support. (#677) * [FEATURE] Add TLS support. Fixes #368. * [FEATURE] Introduce OnError hook in suites. This hook allows to perform actions following an erroneous suite like displaying the logs of Authelia. * Display Authelia logs of Standalone suite when tests fail. * Fix Standalone suite. * Apply suggestions from code review * Rename ssl_key and ssl_cert into tls_key and tls_cert.
2020-03-03 07:18:25 +00:00
}
Bootstrap Go implementation of Authelia. This is going to be the v4. Expected improvements: - More reliable due to static typing. - Bump of performance. - Improvement of logging. - Authelia can be shipped as a single binary. - Will likely work on ARM architecture.
2019-04-24 21:52:08 +00:00
}