authelia/internal/commands/root.go

package commands

import (
	"fmt"
	"os"
	"strings"

	"github.com/sirupsen/logrus"
	"github.com/spf13/cobra"

	"github.com/authelia/authelia/v4/internal/authentication"
	"github.com/authelia/authelia/v4/internal/authorization"
	"github.com/authelia/authelia/v4/internal/configuration/schema"
	"github.com/authelia/authelia/v4/internal/logging"
	"github.com/authelia/authelia/v4/internal/middlewares"
	"github.com/authelia/authelia/v4/internal/notification"
	"github.com/authelia/authelia/v4/internal/ntp"
	"github.com/authelia/authelia/v4/internal/oidc"
	"github.com/authelia/authelia/v4/internal/regulation"
	"github.com/authelia/authelia/v4/internal/server"
	"github.com/authelia/authelia/v4/internal/session"
	"github.com/authelia/authelia/v4/internal/storage"
	"github.com/authelia/authelia/v4/internal/utils"
)

// NewRootCmd returns a new Root Cmd.
func NewRootCmd() (cmd *cobra.Command) {
	version := utils.Version()

	cmd = &cobra.Command{
		Use:     "authelia",
		Example: cmdAutheliaExample,
		Short:   fmt.Sprintf("authelia %s", version),
		Long:    fmt.Sprintf(fmtAutheliaLong, version),
		Version: version,
		Args:    cobra.NoArgs,
		PreRun:  newCmdWithConfigPreRun(true, true, true),
		Run:     cmdRootRun,
	}

	cmdWithConfigFlags(cmd)

	cmd.AddCommand(
		newBuildInfoCmd(),
		NewCertificatesCmd(),
		newCompletionCmd(),
		NewHashPasswordCmd(),
		NewRSACmd(),
		newValidateConfigCmd(),
	)

	return cmd
}

func cmdRootRun(_ *cobra.Command, _ []string) {
	logger := logging.Logger()

	logger.Infof("Authelia %s is starting", utils.Version())

	if os.Getenv("ENVIRONMENT") == "dev" {
		logger.Info("===> Authelia is running in development mode. <===")
	}

	if err := logging.InitializeLogger(config.Log, true); err != nil {
		logger.Fatalf("Cannot initialize logger: %v", err)
	}

	providers, warnings, errors := getProviders(config)
	if len(warnings) != 0 {
		for _, err := range warnings {
			logger.Warn(err)
		}
	}

	if len(errors) != 0 {
		for _, err := range errors {
			logger.Error(err)
		}

		logger.Fatalf("Errors occurred provisioning providers.")
	}

	doStartupChecks(config, &providers)

	server.Start(*config, providers)
}

func getProviders(config *schema.Configuration) (providers middlewares.Providers, warnings []error, errors []error) {
	// TODO: Adjust this so the CertPool can be used like a provider.
	autheliaCertPool, warnings, errors := utils.NewX509CertPool(config.CertificatesDirectory)
	if len(warnings) != 0 || len(errors) != 0 {
		return providers, warnings, errors
	}

	var storageProvider storage.Provider

	switch {
	case config.Storage.PostgreSQL != nil:
		storageProvider = storage.NewPostgreSQLProvider(*config.Storage.PostgreSQL)
	case config.Storage.MySQL != nil:
		storageProvider = storage.NewMySQLProvider(*config.Storage.MySQL)
	case config.Storage.Local != nil:
		storageProvider = storage.NewSQLiteProvider(config.Storage.Local.Path)
	default:
		// TODO: Add storage provider startup check and remove this.
		errors = append(errors, fmt.Errorf("unrecognized storage provider"))
	}

	var (
		userProvider authentication.UserProvider
		err          error
	)

	switch {
	case config.AuthenticationBackend.File != nil:
		userProvider = authentication.NewFileUserProvider(config.AuthenticationBackend.File)
	case config.AuthenticationBackend.LDAP != nil:
		userProvider = authentication.NewLDAPUserProvider(config.AuthenticationBackend, autheliaCertPool)
	}

	var notifier notification.Notifier

	switch {
	case config.Notifier.SMTP != nil:
		notifier = notification.NewSMTPNotifier(config.Notifier.SMTP, autheliaCertPool)
	case config.Notifier.FileSystem != nil:
		notifier = notification.NewFileNotifier(*config.Notifier.FileSystem)
	}

	var ntpProvider *ntp.Provider
	if config.NTP != nil {
		ntpProvider = ntp.NewProvider(config.NTP)
	}

	clock := utils.RealClock{}
	authorizer := authorization.NewAuthorizer(config)
	sessionProvider := session.NewProvider(config.Session, autheliaCertPool)
	regulator := regulation.NewRegulator(config.Regulation, storageProvider, clock)

	oidcProvider, err := oidc.NewOpenIDConnectProvider(config.IdentityProviders.OIDC)
	if err != nil {
		errors = append(errors, err)
	}

	return middlewares.Providers{
		Authorizer:      authorizer,
		UserProvider:    userProvider,
		Regulator:       regulator,
		OpenIDConnect:   oidcProvider,
		StorageProvider: storageProvider,
		NTP:             ntpProvider,
		Notifier:        notifier,
		SessionProvider: sessionProvider,
	}, warnings, errors
}

func doStartupChecks(config *schema.Configuration, providers *middlewares.Providers) {
	logger := logging.Logger()

	var (
		failures []string
		err      error
	)

	if err = doStartupCheck(logger, "user", providers.UserProvider, false); err != nil {
		logger.Errorf("Failure running the user provider startup check: %+v", err)

		failures = append(failures, "user")
	}

	if err = doStartupCheck(logger, "notification", providers.Notifier, config.Notifier.DisableStartupCheck); err != nil {
		logger.Errorf("Failure running the notification provider startup check: %+v", err)

		failures = append(failures, "notification")
	}

	if !config.NTP.DisableStartupCheck && !providers.Authorizer.IsSecondFactorEnabled() {
		logger.Debug("The NTP startup check was skipped due to there being no configured 2FA access control rules")
	} else if err = doStartupCheck(logger, "ntp", providers.NTP, config.NTP.DisableStartupCheck); err != nil {
		logger.Errorf("Failure running the user provider startup check: %+v", err)

		failures = append(failures, "ntp")
	}

	if len(failures) != 0 {
		logger.Fatalf("The following providers had fatal failures during startup: %s", strings.Join(failures, ", "))
	}
}

func doStartupCheck(logger *logrus.Logger, name string, provider middlewares.ProviderWithStartupCheck, disabled bool) (err error) {
	if disabled {
		logger.Debugf("%s provider: startup check skipped as it is disabled", name)
		return nil
	}

	if provider == nil {
		return fmt.Errorf("unrecognized provider or it is not configured properly")
	}

	if err = provider.StartupCheck(logger); err != nil {
		return err
	}

	return nil
}
feat(configuration): replace viper with koanf (#2053) This commit replaces github.com/spf13/viper with github.com/knadh/koanf. Koanf is very similar library to viper, with less dependencies and several quality of life differences. This also allows most config options to be defined by ENV. Lastly it also enables the use of split configuration files which can be configured by setting the --config flag multiple times. Co-authored-by: Amir Zarrinkafsh <nightah@me.com> 2021-08-03 09:55:21 +00:00			`package commands`

			`import (`
			`"fmt"`
			`"os"`
refactor: factorize startup checks (#2386) * refactor: factorize startup checks * refactor: address linting issues 2021-09-17 09:53:59 +00:00			`"strings"`
feat(configuration): replace viper with koanf (#2053) This commit replaces github.com/spf13/viper with github.com/knadh/koanf. Koanf is very similar library to viper, with less dependencies and several quality of life differences. This also allows most config options to be defined by ENV. Lastly it also enables the use of split configuration files which can be configured by setting the --config flag multiple times. Co-authored-by: Amir Zarrinkafsh <nightah@me.com> 2021-08-03 09:55:21 +00:00
refactor: factorize startup checks (#2386) * refactor: factorize startup checks * refactor: address linting issues 2021-09-17 09:53:59 +00:00			`"github.com/sirupsen/logrus"`
feat(configuration): replace viper with koanf (#2053) This commit replaces github.com/spf13/viper with github.com/knadh/koanf. Koanf is very similar library to viper, with less dependencies and several quality of life differences. This also allows most config options to be defined by ENV. Lastly it also enables the use of split configuration files which can be configured by setting the --config flag multiple times. Co-authored-by: Amir Zarrinkafsh <nightah@me.com> 2021-08-03 09:55:21 +00:00			`"github.com/spf13/cobra"`

fix: include major in go.mod module directive (#2278) * build: include major in go.mod module directive * fix: xflags * revert: cobra changes * fix: mock doc 2021-08-11 01:04:35 +00:00			`"github.com/authelia/authelia/v4/internal/authentication"`
			`"github.com/authelia/authelia/v4/internal/authorization"`
			`"github.com/authelia/authelia/v4/internal/configuration/schema"`
			`"github.com/authelia/authelia/v4/internal/logging"`
			`"github.com/authelia/authelia/v4/internal/middlewares"`
			`"github.com/authelia/authelia/v4/internal/notification"`
feat(ntp): check clock sync on startup (#2251) This adds method to validate the system clock is synchronized on startup. Configuration allows adjusting the server address, enabled state, desync limit, and if the error is fatal. Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com> 2021-09-17 04:44:35 +00:00			`"github.com/authelia/authelia/v4/internal/ntp"`
fix: include major in go.mod module directive (#2278) * build: include major in go.mod module directive * fix: xflags * revert: cobra changes * fix: mock doc 2021-08-11 01:04:35 +00:00			`"github.com/authelia/authelia/v4/internal/oidc"`
			`"github.com/authelia/authelia/v4/internal/regulation"`
			`"github.com/authelia/authelia/v4/internal/server"`
			`"github.com/authelia/authelia/v4/internal/session"`
			`"github.com/authelia/authelia/v4/internal/storage"`
			`"github.com/authelia/authelia/v4/internal/utils"`
feat(configuration): replace viper with koanf (#2053) This commit replaces github.com/spf13/viper with github.com/knadh/koanf. Koanf is very similar library to viper, with less dependencies and several quality of life differences. This also allows most config options to be defined by ENV. Lastly it also enables the use of split configuration files which can be configured by setting the --config flag multiple times. Co-authored-by: Amir Zarrinkafsh <nightah@me.com> 2021-08-03 09:55:21 +00:00			`)`

			`// NewRootCmd returns a new Root Cmd.`
			`func NewRootCmd() (cmd *cobra.Command) {`
			`version := utils.Version()`

			`cmd = &cobra.Command{`
			`Use: "authelia",`
			`Example: cmdAutheliaExample,`
			`Short: fmt.Sprintf("authelia %s", version),`
			`Long: fmt.Sprintf(fmtAutheliaLong, version),`
			`Version: version,`
			`Args: cobra.NoArgs,`
			`PreRun: newCmdWithConfigPreRun(true, true, true),`
			`Run: cmdRootRun,`
			`}`

			`cmdWithConfigFlags(cmd)`

			`cmd.AddCommand(`
			`newBuildInfoCmd(),`
			`NewCertificatesCmd(),`
			`newCompletionCmd(),`
			`NewHashPasswordCmd(),`
			`NewRSACmd(),`
			`newValidateConfigCmd(),`
			`)`

			`return cmd`
			`}`

			`func cmdRootRun(_ *cobra.Command, _ []string) {`
			`logger := logging.Logger()`

			`logger.Infof("Authelia %s is starting", utils.Version())`

			`if os.Getenv("ENVIRONMENT") == "dev" {`
			`logger.Info("===> Authelia is running in development mode. <===")`
			`}`

			`if err := logging.InitializeLogger(config.Log, true); err != nil {`
			`logger.Fatalf("Cannot initialize logger: %v", err)`
			`}`

			`providers, warnings, errors := getProviders(config)`
			`if len(warnings) != 0 {`
			`for _, err := range warnings {`
			`logger.Warn(err)`
			`}`
			`}`

			`if len(errors) != 0 {`
			`for _, err := range errors {`
			`logger.Error(err)`
			`}`

			`logger.Fatalf("Errors occurred provisioning providers.")`
			`}`

refactor: factorize startup checks (#2386) * refactor: factorize startup checks * refactor: address linting issues 2021-09-17 09:53:59 +00:00			`doStartupChecks(config, &providers)`

feat(configuration): replace viper with koanf (#2053) This commit replaces github.com/spf13/viper with github.com/knadh/koanf. Koanf is very similar library to viper, with less dependencies and several quality of life differences. This also allows most config options to be defined by ENV. Lastly it also enables the use of split configuration files which can be configured by setting the --config flag multiple times. Co-authored-by: Amir Zarrinkafsh <nightah@me.com> 2021-08-03 09:55:21 +00:00			`server.Start(*config, providers)`
			`}`

			`func getProviders(config *schema.Configuration) (providers middlewares.Providers, warnings []error, errors []error) {`
refactor: factorize startup checks (#2386) * refactor: factorize startup checks * refactor: address linting issues 2021-09-17 09:53:59 +00:00			`// TODO: Adjust this so the CertPool can be used like a provider.`
feat(configuration): replace viper with koanf (#2053) This commit replaces github.com/spf13/viper with github.com/knadh/koanf. Koanf is very similar library to viper, with less dependencies and several quality of life differences. This also allows most config options to be defined by ENV. Lastly it also enables the use of split configuration files which can be configured by setting the --config flag multiple times. Co-authored-by: Amir Zarrinkafsh <nightah@me.com> 2021-08-03 09:55:21 +00:00			`autheliaCertPool, warnings, errors := utils.NewX509CertPool(config.CertificatesDirectory)`
			`if len(warnings) != 0 \|\| len(errors) != 0 {`
			`return providers, warnings, errors`
			`}`

			`var storageProvider storage.Provider`

			`switch {`
			`case config.Storage.PostgreSQL != nil:`
			`storageProvider = storage.NewPostgreSQLProvider(*config.Storage.PostgreSQL)`
			`case config.Storage.MySQL != nil:`
			`storageProvider = storage.NewMySQLProvider(*config.Storage.MySQL)`
			`case config.Storage.Local != nil:`
			`storageProvider = storage.NewSQLiteProvider(config.Storage.Local.Path)`
			`default:`
refactor: factorize startup checks (#2386) * refactor: factorize startup checks * refactor: address linting issues 2021-09-17 09:53:59 +00:00			`// TODO: Add storage provider startup check and remove this.`
feat(configuration): replace viper with koanf (#2053) This commit replaces github.com/spf13/viper with github.com/knadh/koanf. Koanf is very similar library to viper, with less dependencies and several quality of life differences. This also allows most config options to be defined by ENV. Lastly it also enables the use of split configuration files which can be configured by setting the --config flag multiple times. Co-authored-by: Amir Zarrinkafsh <nightah@me.com> 2021-08-03 09:55:21 +00:00			`errors = append(errors, fmt.Errorf("unrecognized storage provider"))`
			`}`

			`var (`
			`userProvider authentication.UserProvider`
			`err error`
			`)`

			`switch {`
			`case config.AuthenticationBackend.File != nil:`
			`userProvider = authentication.NewFileUserProvider(config.AuthenticationBackend.File)`
			`case config.AuthenticationBackend.LDAP != nil:`
refactor: factorize startup checks (#2386) * refactor: factorize startup checks * refactor: address linting issues 2021-09-17 09:53:59 +00:00			`userProvider = authentication.NewLDAPUserProvider(config.AuthenticationBackend, autheliaCertPool)`
feat(configuration): replace viper with koanf (#2053) This commit replaces github.com/spf13/viper with github.com/knadh/koanf. Koanf is very similar library to viper, with less dependencies and several quality of life differences. This also allows most config options to be defined by ENV. Lastly it also enables the use of split configuration files which can be configured by setting the --config flag multiple times. Co-authored-by: Amir Zarrinkafsh <nightah@me.com> 2021-08-03 09:55:21 +00:00			`}`

			`var notifier notification.Notifier`

			`switch {`
			`case config.Notifier.SMTP != nil:`
fix(notifier): use sane default connection timeout (#2273) 2021-08-10 00:52:41 +00:00			`notifier = notification.NewSMTPNotifier(config.Notifier.SMTP, autheliaCertPool)`
feat(configuration): replace viper with koanf (#2053) This commit replaces github.com/spf13/viper with github.com/knadh/koanf. Koanf is very similar library to viper, with less dependencies and several quality of life differences. This also allows most config options to be defined by ENV. Lastly it also enables the use of split configuration files which can be configured by setting the --config flag multiple times. Co-authored-by: Amir Zarrinkafsh <nightah@me.com> 2021-08-03 09:55:21 +00:00			`case config.Notifier.FileSystem != nil:`
			`notifier = notification.NewFileNotifier(*config.Notifier.FileSystem)`
			`}`

feat(ntp): check clock sync on startup (#2251) This adds method to validate the system clock is synchronized on startup. Configuration allows adjusting the server address, enabled state, desync limit, and if the error is fatal. Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com> 2021-09-17 04:44:35 +00:00			`var ntpProvider *ntp.Provider`
			`if config.NTP != nil {`
			`ntpProvider = ntp.NewProvider(config.NTP)`
			`}`

feat(configuration): replace viper with koanf (#2053) This commit replaces github.com/spf13/viper with github.com/knadh/koanf. Koanf is very similar library to viper, with less dependencies and several quality of life differences. This also allows most config options to be defined by ENV. Lastly it also enables the use of split configuration files which can be configured by setting the --config flag multiple times. Co-authored-by: Amir Zarrinkafsh <nightah@me.com> 2021-08-03 09:55:21 +00:00			`clock := utils.RealClock{}`
			`authorizer := authorization.NewAuthorizer(config)`
			`sessionProvider := session.NewProvider(config.Session, autheliaCertPool)`
			`regulator := regulation.NewRegulator(config.Regulation, storageProvider, clock)`

			`oidcProvider, err := oidc.NewOpenIDConnectProvider(config.IdentityProviders.OIDC)`
			`if err != nil {`
			`errors = append(errors, err)`
			`}`

			`return middlewares.Providers{`
			`Authorizer: authorizer,`
			`UserProvider: userProvider,`
			`Regulator: regulator,`
			`OpenIDConnect: oidcProvider,`
			`StorageProvider: storageProvider,`
feat(ntp): check clock sync on startup (#2251) This adds method to validate the system clock is synchronized on startup. Configuration allows adjusting the server address, enabled state, desync limit, and if the error is fatal. Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com> 2021-09-17 04:44:35 +00:00			`NTP: ntpProvider,`
feat(configuration): replace viper with koanf (#2053) This commit replaces github.com/spf13/viper with github.com/knadh/koanf. Koanf is very similar library to viper, with less dependencies and several quality of life differences. This also allows most config options to be defined by ENV. Lastly it also enables the use of split configuration files which can be configured by setting the --config flag multiple times. Co-authored-by: Amir Zarrinkafsh <nightah@me.com> 2021-08-03 09:55:21 +00:00			`Notifier: notifier,`
			`SessionProvider: sessionProvider,`
			`}, warnings, errors`
			`}`
refactor: factorize startup checks (#2386) * refactor: factorize startup checks * refactor: address linting issues 2021-09-17 09:53:59 +00:00
			`func doStartupChecks(config schema.Configuration, providers middlewares.Providers) {`
			`logger := logging.Logger()`

			`var (`
			`failures []string`
			`err error`
			`)`

			`if err = doStartupCheck(logger, "user", providers.UserProvider, false); err != nil {`
			`logger.Errorf("Failure running the user provider startup check: %+v", err)`

			`failures = append(failures, "user")`
			`}`

			`if err = doStartupCheck(logger, "notification", providers.Notifier, config.Notifier.DisableStartupCheck); err != nil {`
			`logger.Errorf("Failure running the notification provider startup check: %+v", err)`

			`failures = append(failures, "notification")`
			`}`

			`if !config.NTP.DisableStartupCheck && !providers.Authorizer.IsSecondFactorEnabled() {`
			`logger.Debug("The NTP startup check was skipped due to there being no configured 2FA access control rules")`
			`} else if err = doStartupCheck(logger, "ntp", providers.NTP, config.NTP.DisableStartupCheck); err != nil {`
			`logger.Errorf("Failure running the user provider startup check: %+v", err)`

			`failures = append(failures, "ntp")`
			`}`

			`if len(failures) != 0 {`
			`logger.Fatalf("The following providers had fatal failures during startup: %s", strings.Join(failures, ", "))`
			`}`
			`}`

			`func doStartupCheck(logger *logrus.Logger, name string, provider middlewares.ProviderWithStartupCheck, disabled bool) (err error) {`
			`if disabled {`
			`logger.Debugf("%s provider: startup check skipped as it is disabled", name)`
			`return nil`
			`}`

			`if provider == nil {`
			`return fmt.Errorf("unrecognized provider or it is not configured properly")`
			`}`

			`if err = provider.StartupCheck(logger); err != nil {`
			`return err`
			`}`

			`return nil`
			`}`