2019-04-24 21:52:08 +00:00
|
|
|
package server
|
|
|
|
|
|
|
|
import (
|
2021-02-21 23:07:06 +00:00
|
|
|
"embed"
|
|
|
|
"io/fs"
|
2020-07-16 06:36:37 +00:00
|
|
|
"net"
|
2021-02-21 23:07:06 +00:00
|
|
|
"net/http"
|
2019-04-24 21:52:08 +00:00
|
|
|
"os"
|
2020-06-21 13:40:37 +00:00
|
|
|
"strconv"
|
2022-01-20 23:46:13 +00:00
|
|
|
"time"
|
2019-04-24 21:52:08 +00:00
|
|
|
|
2020-04-05 12:37:21 +00:00
|
|
|
duoapi "github.com/duosecurity/duo_api_golang"
|
|
|
|
"github.com/fasthttp/router"
|
|
|
|
"github.com/valyala/fasthttp"
|
2020-04-11 04:59:58 +00:00
|
|
|
"github.com/valyala/fasthttp/expvarhandler"
|
2020-04-28 14:07:20 +00:00
|
|
|
"github.com/valyala/fasthttp/fasthttpadaptor"
|
2020-04-11 04:59:58 +00:00
|
|
|
"github.com/valyala/fasthttp/pprofhandler"
|
2020-04-05 12:37:21 +00:00
|
|
|
|
2021-08-11 01:04:35 +00:00
|
|
|
"github.com/authelia/authelia/v4/internal/configuration/schema"
|
|
|
|
"github.com/authelia/authelia/v4/internal/duo"
|
|
|
|
"github.com/authelia/authelia/v4/internal/handlers"
|
|
|
|
"github.com/authelia/authelia/v4/internal/logging"
|
|
|
|
"github.com/authelia/authelia/v4/internal/middlewares"
|
2019-04-24 21:52:08 +00:00
|
|
|
)
|
|
|
|
|
2021-02-21 23:07:06 +00:00
|
|
|
//go:embed public_html
|
|
|
|
var assets embed.FS
|
|
|
|
|
2021-05-04 22:06:05 +00:00
|
|
|
func registerRoutes(configuration schema.Configuration, providers middlewares.Providers) fasthttp.RequestHandler {
|
2019-04-24 21:52:08 +00:00
|
|
|
autheliaMiddleware := middlewares.AutheliaMiddleware(configuration, providers)
|
2022-03-02 06:40:26 +00:00
|
|
|
rememberMe := strconv.FormatBool(configuration.Session.RememberMeDuration != -1)
|
2020-06-21 13:40:37 +00:00
|
|
|
resetPassword := strconv.FormatBool(!configuration.AuthenticationBackend.DisableResetPassword)
|
|
|
|
|
2021-12-01 03:32:58 +00:00
|
|
|
duoSelfEnrollment := f
|
|
|
|
if configuration.DuoAPI != nil {
|
|
|
|
duoSelfEnrollment = strconv.FormatBool(configuration.DuoAPI.EnableSelfEnrollment)
|
|
|
|
}
|
|
|
|
|
2021-02-21 23:07:06 +00:00
|
|
|
embeddedPath, _ := fs.Sub(assets, "public_html")
|
|
|
|
embeddedFS := fasthttpadaptor.NewFastHTTPHandler(http.FileServer(http.FS(embeddedPath)))
|
2020-05-21 02:20:55 +00:00
|
|
|
|
2021-10-10 10:19:47 +00:00
|
|
|
https := configuration.Server.TLS.Key != "" && configuration.Server.TLS.Certificate != ""
|
|
|
|
|
2021-12-01 03:32:58 +00:00
|
|
|
serveIndexHandler := ServeTemplatedFile(embeddedAssets, indexFile, configuration.Server.AssetPath, duoSelfEnrollment, rememberMe, resetPassword, configuration.Session.Name, configuration.Theme, https)
|
|
|
|
serveSwaggerHandler := ServeTemplatedFile(swaggerAssets, indexFile, configuration.Server.AssetPath, duoSelfEnrollment, rememberMe, resetPassword, configuration.Session.Name, configuration.Theme, https)
|
|
|
|
serveSwaggerAPIHandler := ServeTemplatedFile(swaggerAssets, apiFile, configuration.Server.AssetPath, duoSelfEnrollment, rememberMe, resetPassword, configuration.Session.Name, configuration.Theme, https)
|
2020-06-21 13:40:37 +00:00
|
|
|
|
2020-05-21 02:20:55 +00:00
|
|
|
r := router.New()
|
2022-02-06 13:37:28 +00:00
|
|
|
r.GET("/", autheliaMiddleware(serveIndexHandler))
|
2021-07-22 03:52:37 +00:00
|
|
|
r.OPTIONS("/", autheliaMiddleware(handleOPTIONS))
|
|
|
|
|
2022-02-06 13:37:28 +00:00
|
|
|
r.GET("/api/", autheliaMiddleware(serveSwaggerHandler))
|
|
|
|
r.GET("/api/"+apiFile, autheliaMiddleware(serveSwaggerAPIHandler))
|
2020-05-07 11:29:12 +00:00
|
|
|
|
|
|
|
for _, f := range rootFiles {
|
2021-11-15 08:37:58 +00:00
|
|
|
r.GET("/"+f, middlewares.AssetOverrideMiddleware(configuration.Server.AssetPath, embeddedFS))
|
2020-05-07 11:29:12 +00:00
|
|
|
}
|
|
|
|
|
2021-11-15 08:37:58 +00:00
|
|
|
r.GET("/static/{filepath:*}", middlewares.AssetOverrideMiddleware(configuration.Server.AssetPath, embeddedFS))
|
2021-03-11 07:36:58 +00:00
|
|
|
r.ANY("/api/{filepath:*}", embeddedFS)
|
2019-04-24 21:52:08 +00:00
|
|
|
|
2020-11-24 23:20:52 +00:00
|
|
|
r.GET("/api/health", autheliaMiddleware(handlers.HealthGet))
|
2020-05-21 02:20:55 +00:00
|
|
|
r.GET("/api/state", autheliaMiddleware(handlers.StateGet))
|
2019-04-24 21:52:08 +00:00
|
|
|
|
2020-06-21 13:40:37 +00:00
|
|
|
r.GET("/api/configuration", autheliaMiddleware(
|
|
|
|
middlewares.RequireFirstFactor(handlers.ConfigurationGet)))
|
2019-12-07 16:40:42 +00:00
|
|
|
|
2020-05-21 02:20:55 +00:00
|
|
|
r.GET("/api/verify", autheliaMiddleware(handlers.VerifyGet(configuration.AuthenticationBackend)))
|
|
|
|
r.HEAD("/api/verify", autheliaMiddleware(handlers.VerifyGet(configuration.AuthenticationBackend)))
|
2019-04-24 21:52:08 +00:00
|
|
|
|
2021-08-02 06:15:38 +00:00
|
|
|
r.POST("/api/checks/safe-redirection", autheliaMiddleware(handlers.CheckSafeRedirection))
|
|
|
|
|
2022-01-20 23:46:13 +00:00
|
|
|
r.POST("/api/firstfactor", autheliaMiddleware(handlers.FirstFactorPost(middlewares.TimingAttackDelay(10, 250, 85, time.Second))))
|
2020-05-21 02:20:55 +00:00
|
|
|
r.POST("/api/logout", autheliaMiddleware(handlers.LogoutPost))
|
2019-04-24 21:52:08 +00:00
|
|
|
|
2020-04-28 14:07:20 +00:00
|
|
|
// Only register endpoints if forgot password is not disabled.
|
2020-04-04 23:28:09 +00:00
|
|
|
if !configuration.AuthenticationBackend.DisableResetPassword {
|
|
|
|
// Password reset related endpoints.
|
2020-05-21 02:20:55 +00:00
|
|
|
r.POST("/api/reset-password/identity/start", autheliaMiddleware(
|
2020-04-04 23:28:09 +00:00
|
|
|
handlers.ResetPasswordIdentityStart))
|
2020-05-21 02:20:55 +00:00
|
|
|
r.POST("/api/reset-password/identity/finish", autheliaMiddleware(
|
2020-04-04 23:28:09 +00:00
|
|
|
handlers.ResetPasswordIdentityFinish))
|
2020-05-21 02:20:55 +00:00
|
|
|
r.POST("/api/reset-password", autheliaMiddleware(
|
2020-04-04 23:28:09 +00:00
|
|
|
handlers.ResetPasswordPost))
|
|
|
|
}
|
2019-04-24 21:52:08 +00:00
|
|
|
|
2020-04-28 14:07:20 +00:00
|
|
|
// Information about the user.
|
2020-05-21 02:20:55 +00:00
|
|
|
r.GET("/api/user/info", autheliaMiddleware(
|
2019-12-07 11:18:22 +00:00
|
|
|
middlewares.RequireFirstFactor(handlers.UserInfoGet)))
|
2020-05-21 02:20:55 +00:00
|
|
|
r.POST("/api/user/info/2fa_method", autheliaMiddleware(
|
2019-12-07 11:18:22 +00:00
|
|
|
middlewares.RequireFirstFactor(handlers.MethodPreferencePost)))
|
2021-12-01 12:11:29 +00:00
|
|
|
r.GET("/api/user/info/totp", autheliaMiddleware(
|
|
|
|
middlewares.RequireFirstFactor(handlers.UserTOTPGet)))
|
2019-04-24 21:52:08 +00:00
|
|
|
|
2020-04-28 14:07:20 +00:00
|
|
|
// TOTP related endpoints.
|
2020-05-21 02:20:55 +00:00
|
|
|
r.POST("/api/secondfactor/totp/identity/start", autheliaMiddleware(
|
2019-04-24 21:52:08 +00:00
|
|
|
middlewares.RequireFirstFactor(handlers.SecondFactorTOTPIdentityStart)))
|
2020-05-21 02:20:55 +00:00
|
|
|
r.POST("/api/secondfactor/totp/identity/finish", autheliaMiddleware(
|
2019-04-24 21:52:08 +00:00
|
|
|
middlewares.RequireFirstFactor(handlers.SecondFactorTOTPIdentityFinish)))
|
2020-05-21 02:20:55 +00:00
|
|
|
r.POST("/api/secondfactor/totp", autheliaMiddleware(
|
2021-12-01 12:11:29 +00:00
|
|
|
middlewares.RequireFirstFactor(handlers.SecondFactorTOTPPost)))
|
2019-04-24 21:52:08 +00:00
|
|
|
|
2020-04-28 14:07:20 +00:00
|
|
|
// U2F related endpoints.
|
2020-05-21 02:20:55 +00:00
|
|
|
r.POST("/api/secondfactor/u2f/identity/start", autheliaMiddleware(
|
2019-04-24 21:52:08 +00:00
|
|
|
middlewares.RequireFirstFactor(handlers.SecondFactorU2FIdentityStart)))
|
2020-05-21 02:20:55 +00:00
|
|
|
r.POST("/api/secondfactor/u2f/identity/finish", autheliaMiddleware(
|
2019-04-24 21:52:08 +00:00
|
|
|
middlewares.RequireFirstFactor(handlers.SecondFactorU2FIdentityFinish)))
|
|
|
|
|
2020-05-21 02:20:55 +00:00
|
|
|
r.POST("/api/secondfactor/u2f/register", autheliaMiddleware(
|
2019-04-24 21:52:08 +00:00
|
|
|
middlewares.RequireFirstFactor(handlers.SecondFactorU2FRegister)))
|
|
|
|
|
2020-05-21 02:20:55 +00:00
|
|
|
r.POST("/api/secondfactor/u2f/sign_request", autheliaMiddleware(
|
2019-04-24 21:52:08 +00:00
|
|
|
middlewares.RequireFirstFactor(handlers.SecondFactorU2FSignGet)))
|
2020-02-01 12:54:50 +00:00
|
|
|
|
2020-05-21 02:20:55 +00:00
|
|
|
r.POST("/api/secondfactor/u2f/sign", autheliaMiddleware(
|
2020-02-01 12:54:50 +00:00
|
|
|
middlewares.RequireFirstFactor(handlers.SecondFactorU2FSignPost(&handlers.U2FVerifierImpl{}))))
|
2019-04-24 21:52:08 +00:00
|
|
|
|
2020-04-28 14:07:20 +00:00
|
|
|
// Configure DUO api endpoint only if configuration exists.
|
2019-04-24 21:52:08 +00:00
|
|
|
if configuration.DuoAPI != nil {
|
|
|
|
var duoAPI duo.API
|
2020-11-19 01:50:34 +00:00
|
|
|
if os.Getenv("ENVIRONMENT") == dev {
|
2019-04-24 21:52:08 +00:00
|
|
|
duoAPI = duo.NewDuoAPI(duoapi.NewDuoApi(
|
|
|
|
configuration.DuoAPI.IntegrationKey,
|
|
|
|
configuration.DuoAPI.SecretKey,
|
|
|
|
configuration.DuoAPI.Hostname, "", duoapi.SetInsecure()))
|
|
|
|
} else {
|
|
|
|
duoAPI = duo.NewDuoAPI(duoapi.NewDuoApi(
|
|
|
|
configuration.DuoAPI.IntegrationKey,
|
|
|
|
configuration.DuoAPI.SecretKey,
|
|
|
|
configuration.DuoAPI.Hostname, ""))
|
|
|
|
}
|
|
|
|
|
2021-12-01 03:32:58 +00:00
|
|
|
r.GET("/api/secondfactor/duo_devices", autheliaMiddleware(
|
|
|
|
middlewares.RequireFirstFactor(handlers.SecondFactorDuoDevicesGet(duoAPI))))
|
|
|
|
|
2020-05-21 02:20:55 +00:00
|
|
|
r.POST("/api/secondfactor/duo", autheliaMiddleware(
|
2019-04-24 21:52:08 +00:00
|
|
|
middlewares.RequireFirstFactor(handlers.SecondFactorDuoPost(duoAPI))))
|
2021-12-01 03:32:58 +00:00
|
|
|
|
|
|
|
r.POST("/api/secondfactor/duo_device", autheliaMiddleware(
|
|
|
|
middlewares.RequireFirstFactor(handlers.SecondFactorDuoDevicePost)))
|
2019-04-24 21:52:08 +00:00
|
|
|
}
|
|
|
|
|
2021-06-01 04:09:50 +00:00
|
|
|
if configuration.Server.EnablePprof {
|
2020-05-21 02:20:55 +00:00
|
|
|
r.GET("/debug/pprof/{name?}", pprofhandler.PprofHandler)
|
2021-06-01 04:09:50 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
if configuration.Server.EnableExpvars {
|
2020-05-21 02:20:55 +00:00
|
|
|
r.GET("/debug/vars", expvarhandler.ExpvarHandler)
|
2020-04-11 04:59:58 +00:00
|
|
|
}
|
|
|
|
|
2022-02-06 13:37:28 +00:00
|
|
|
r.NotFound = autheliaMiddleware(serveIndexHandler)
|
2020-05-21 02:20:55 +00:00
|
|
|
|
|
|
|
handler := middlewares.LogRequestMiddleware(r.Handler)
|
|
|
|
if configuration.Server.Path != "" {
|
2021-08-10 00:31:08 +00:00
|
|
|
handler = middlewares.StripPathMiddleware(configuration.Server.Path, handler)
|
2020-05-21 02:20:55 +00:00
|
|
|
}
|
2019-11-30 16:49:52 +00:00
|
|
|
|
2021-05-04 22:06:05 +00:00
|
|
|
if providers.OpenIDConnect.Fosite != nil {
|
|
|
|
handlers.RegisterOIDC(r, autheliaMiddleware)
|
|
|
|
}
|
|
|
|
|
|
|
|
return handler
|
|
|
|
}
|
|
|
|
|
2021-08-03 09:55:21 +00:00
|
|
|
// Start Authelia's internal webserver with the given configuration and providers.
|
|
|
|
func Start(configuration schema.Configuration, providers middlewares.Providers) {
|
2021-05-04 22:06:05 +00:00
|
|
|
logger := logging.Logger()
|
|
|
|
|
|
|
|
handler := registerRoutes(configuration, providers)
|
|
|
|
|
2020-04-11 04:59:58 +00:00
|
|
|
server := &fasthttp.Server{
|
2020-04-30 03:16:41 +00:00
|
|
|
ErrorHandler: autheliaErrorHandler,
|
2020-05-21 02:20:55 +00:00
|
|
|
Handler: handler,
|
2020-04-30 03:16:41 +00:00
|
|
|
NoDefaultServerHeader: true,
|
|
|
|
ReadBufferSize: configuration.Server.ReadBufferSize,
|
|
|
|
WriteBufferSize: configuration.Server.WriteBufferSize,
|
2020-04-11 04:59:58 +00:00
|
|
|
}
|
2020-04-30 02:03:05 +00:00
|
|
|
|
2021-08-02 11:55:30 +00:00
|
|
|
addrPattern := net.JoinHostPort(configuration.Server.Host, strconv.Itoa(configuration.Server.Port))
|
2020-07-16 06:36:37 +00:00
|
|
|
|
|
|
|
listener, err := net.Listen("tcp", addrPattern)
|
|
|
|
if err != nil {
|
2021-01-16 23:23:35 +00:00
|
|
|
logger.Fatalf("Error initializing listener: %s", err)
|
2020-07-16 06:36:37 +00:00
|
|
|
}
|
2019-04-24 21:52:08 +00:00
|
|
|
|
2021-08-02 11:55:30 +00:00
|
|
|
if configuration.Server.TLS.Certificate != "" && configuration.Server.TLS.Key != "" {
|
2021-08-05 04:02:07 +00:00
|
|
|
if err = writeHealthCheckEnv(configuration.Server.DisableHealthcheck, "https", configuration.Server.Host, configuration.Server.Path, configuration.Server.Port); err != nil {
|
|
|
|
logger.Fatalf("Could not configure healthcheck: %v", err)
|
|
|
|
}
|
|
|
|
|
2021-08-10 00:31:08 +00:00
|
|
|
if configuration.Server.Path == "" {
|
|
|
|
logger.Infof("Listening for TLS connections on '%s' path '/'", addrPattern)
|
|
|
|
} else {
|
|
|
|
logger.Infof("Listening for TLS connections on '%s' paths '/' and '%s'", addrPattern, configuration.Server.Path)
|
|
|
|
}
|
|
|
|
|
2021-08-02 11:55:30 +00:00
|
|
|
logger.Fatal(server.ServeTLS(listener, configuration.Server.TLS.Certificate, configuration.Server.TLS.Key))
|
2020-03-03 07:18:25 +00:00
|
|
|
} else {
|
2021-08-05 04:02:07 +00:00
|
|
|
if err = writeHealthCheckEnv(configuration.Server.DisableHealthcheck, "http", configuration.Server.Host, configuration.Server.Path, configuration.Server.Port); err != nil {
|
|
|
|
logger.Fatalf("Could not configure healthcheck: %v", err)
|
|
|
|
}
|
|
|
|
|
2021-08-10 00:31:08 +00:00
|
|
|
if configuration.Server.Path == "" {
|
|
|
|
logger.Infof("Listening for non-TLS connections on '%s' path '/'", addrPattern)
|
|
|
|
} else {
|
|
|
|
logger.Infof("Listening for non-TLS connections on '%s' paths '/' and '%s'", addrPattern, configuration.Server.Path)
|
|
|
|
}
|
2021-01-16 23:23:35 +00:00
|
|
|
logger.Fatal(server.Serve(listener))
|
2020-03-03 07:18:25 +00:00
|
|
|
}
|
2019-04-24 21:52:08 +00:00
|
|
|
}
|