* feat(web): replace cra with vite
* fix: add istanbul
* fix: add jest
* fix: inject env vars
* fix: replicate cra output directories
* fix: post-frontend build for go templating
* fix: dynamic publicpath
* fix(web): import resolution with aliases for .module.css files
* refactor(server): baseurl var
* refactor(web): drop babel-jest for esbuild-jest
* refactor(web): add inline sourcemap for coverage bundle
* build(deps): update web deps
* build(deps): downgrade vite-plugin-istanbul to 2.2.0
98bf77dbaa is a breaking change that means production mode builds can no longer be instrumented.
* refactor(web): match frontend name and version
* refactor(web): drop cra readme
* Check for pnpm in authelia-scripts
* Improve husky hooks to check for required apps
* Use pnpm in coverage dockerfile
* Use pnpm in dev workflow
* Stop buildx log truncation
* Ignore pnpm lockfile in yamllint
* Update versions required for docker and docker-compose in contributing docs
* feat: hardened authelia binaries
This change ensures that all Authelia binaries which are compiled and distributed are hardened with the following standards:
* RELRO
* Stack canary
* NX
* PIE/ASLR
* Stripped RPATH AND RUNPATH
* Stripped Symbols
* Fortify
The musl variants currently [do not support Fortify](https://wiki.musl-libc.org/future-ideas.html#Fortify).
* refactor: docker pull for authelia/crossbuild in background
* feat: builds with gox and buildx
This change builds all of Authelia respective binaries in parallel within a single step and distributes as necessary to subsequent steps, we now also build and distribute for the following OS/Architecture: freebsd/amd64.
Our CI/CD pipeline now also utilises docker buildx as a default for builds and pushes.
* refactor: clean up docker helper
* Remove `authelia-scripts docker push-image` command as all pushes will be performed with buildx and manifests
* Rename the --arch flag to --container
* Add Dockerfile.dev for users that want to build an Authelia container from source without utilising suites
* Set Dockerfile.dev as default for `authelia-scripts docker build` command
* refactor: variant -> container
* refactor: cra build path
The `authelia-scripts` helper currently performs steps to move files around in different stages of development and CI/CD.
We now utilise the `BUILD_PATH` environment variable to adjust the output directory for the web frontend from the default of `./web/build/` simplifying the helper somewhat.
Additionally we no longer build the Go binary in the unit test stage of our CI/CD as this is not necessary.
* fix: build output directory in coverage dockerfile
* refactor: drop cgo requirement for sqlite
Replace github.com/mattn/go-sqlite3 with modernc.org/sqlite which drops our CGO requirement.
* refactor: newline for consistency with dockerfiles
This commit adjusts the build flags to include version information in the LDFLAGS using the -X options. Additionally this makes the information recorded at build time more comprehensive. All build information can now be obtained via the `authelia build` command, and the `authelia version` command is now `authelia --version`. Lastly this adjusts the Dockerfile to utilize docker cache more effectively.
* feat: go:embed static assets
Go 1.16 introduced the ability to embed files within a generated binary directly with the go tool chain. This simplifies our dependencies and the significantly improves the development workflow for future developers.
Key points to note:
Due to the inability to embed files that do not reside within the local package we need to duplicate our `config.template.yml` within `internal/configuration`.
To avoid issues with the development workflow empty mock files have been included within `internal/server/public_html`. These are substituted with the respective generated files during the CI/CD and build workflows.
* fix(suites): increase ldap suite test timeout
* fix(server): fix swagger asset CSP
* [FEATURE] Add API docs and swagger-ui
This change will serve out swagger-ui at the `/api/` root path.
* Update descriptions and summaries in API spec
* Utilise frontend assets from unit testing for Docker build steps
* Fix tag for /api/user/* endpoints
* Fix response schema for /api/user/info/2fa_method
* Template and inject the session name during runtime into swagger-ui
This change also factorises and renames index.go into template.go, this can now be generically utilised to template any file.
* Fix integration tests
* Add U2F endpoints
* Change swagger directory to api
This change is to more closely conform to the golang-standards project layout.
* Add authentication for u2f endpoints
* Modify u2f endpoint descriptions
* Rename and fix u2f 2fa sign endpoints
* Fix request body for /api/secondfactor/u2f/sign endpoint
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
* [FEATURE] Docker simplification and configuration generation
The Authelia binary now will attempt to generate configuration based on the latest template assuming that the config location specified on startup does not exist. If a file based backend is selected and the backend cannot be found similarly it will generate a `user_database.yml` based a template.
This will allow more seamless bootstrapping of an environment no matter the deployment method.
We have also squashed the Docker volume requirement down to just `/config` thus removing the requirement for `/var/lib/authelia` this is primarily in attempts to simplify the Docker deployment.
Users with the old volume mappings have two options:
1. Change their mappings to conform to `/config`
2. Change the container entrypoint from `authelia --config /config/configuration.yml` to their old mapping
* Adjust paths relative to `/etc/authelia` and simplify to single volume for compose
* Add generation for file backend based user database
* Refactor Docker volumes and paths to /config
* Refactor Docker WORKDIR to /app
* Fix integration tests
* Update BREAKING.md for v4.20.0
* Run go mod tidy
* Fix log_file_path in miscellaneous.md docs
* Generate config and userdb with 0600 permissions
* Fix log_file_path in config.template.yml
* [FEATURE] Embed static assets in Go binary
* Refactor/consolidate code and specify public_html via configuration
* Update docs and config template for assets
* Update AUR package pre-requisites and systemd unit
* Include static assets as Buildkite and GitHub artifacts
* Remove references to PUBLIC_DIR
* Only serve assets via embedded filesystem and remove configuration references
* Update authelia-scripts helper to build the embedded filesystem
* Mock the embedded filesystem for unit tests
Add to gitignore to ensure this isn't overwritten.
* Move go:generate to satisfy linter
CSP is used to avoid some attacks where the hacker tries to execute
untrusted code in the browser.
The policy is to use assets hosted on the the original website and in order to make CSP work with material UI, a nonce is generated at each request of index.html and injected in the template as well as provided in the Content-Security-Policy header (https://material-ui.com/styles/advanced/#how-does-one-implement-csp)
Fix#815
* added regulation validator
* made regulations find_time and ban_time values duration notation strings
* added DefaultRegulationConfiguration for the validator
* made session expiration and inactivity values duration notation strings
* TOTP period does not need to be converted because adjustment should be discouraged
* moved TOTP defaults to DefaultTOTPConfiguration and removed the consts
* arranged the root config validator in configuration file order
* adjusted tests for the changes
* moved duration notation docs to root of configuration
* added references to duration notation where applicable
* project wide gofmt and goimports:
* run gofmt
* run goimports -local github.com/authelia/authelia -w on all files
* Make jwt_secret error uniform and add tests
* now at 100% coverage for internal/configuration/validator/configuration.go
Some tests are not fully rewritten in Go, a typescript wrapper is called
instead until we remove the remaining TS tests and dependencies.
Also, dockerize every components (mainly Authelia backend, frontend and kind)
so that the project does not interfere with user host anymore (open ports for instance).
The only remaining intrusive change is the one done during bootstrap to add entries in /etc/hosts.
It will soon be avoided using authelia.com domain that I own.
Amir Zarrinkafsh
James Elliott
Clément Michaud