* refactor: replace sqlite library with the original cgo variant
This change reverts our SQLite library back to the original for compatibility and performance reasons now that we always package with CGO.
* fix: cgo and build flags
* fix: gcc requirement
* fix: gcc in dev workflow too
* Check for pnpm in authelia-scripts
* Improve husky hooks to check for required apps
* Use pnpm in coverage dockerfile
* Use pnpm in dev workflow
* Stop buildx log truncation
* Ignore pnpm lockfile in yamllint
* Update versions required for docker and docker-compose in contributing docs
* feat: hardened authelia binaries
This change ensures that all Authelia binaries which are compiled and distributed are hardened with the following standards:
* RELRO
* Stack canary
* NX
* PIE/ASLR
* Stripped RPATH AND RUNPATH
* Stripped Symbols
* Fortify
The musl variants currently [do not support Fortify](https://wiki.musl-libc.org/future-ideas.html#Fortify).
* refactor: docker pull for authelia/crossbuild in background
* refactor(handlers): lower case error messages
also refactor verifyAuth function to detect malicious activity both with session
cookie and authorization header.
* refacto(handlers): simplify error construction
* fix(handlers): check prefix in authorization header to determine auth method
* fix(handlers): determining the method should be done with headers instead of query arg
* refacto(handlers): rollback changes of verifyAuth
* don't lowercase log messages
* Apply suggestions from code review
Make sure logger errors are not lowercased.
* fix: uppercase logger errors and remove unused param
* Do not lowercase logger errors
* Remove unused param targetURL
* Rename url variable to not conflict with imported package
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
This adds method to validate the system clock is synchronized on startup. Configuration allows adjusting the server address, enabled state, desync limit, and if the error is fatal.
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
* feat: builds with gox and buildx
This change builds all of Authelia respective binaries in parallel within a single step and distributes as necessary to subsequent steps, we now also build and distribute for the following OS/Architecture: freebsd/amd64.
Our CI/CD pipeline now also utilises docker buildx as a default for builds and pushes.
* refactor: clean up docker helper
* Remove `authelia-scripts docker push-image` command as all pushes will be performed with buildx and manifests
* Rename the --arch flag to --container
* Add Dockerfile.dev for users that want to build an Authelia container from source without utilising suites
* Set Dockerfile.dev as default for `authelia-scripts docker build` command
* refactor: variant -> container
Given the fact that many Linux OSes are defaulting to CGroups v2 and also Authelia changing the default memory config for argon2id this warning is now obselete.
Amir Zarrinkafsh
renovate[bot]
allcontributors[bot]
Michael Campbell
dependabot[bot]
James Elliott
contrun
Clément Michaud
yossbg