Commit Graph

70 Commits (b770939983c17fc8b878de6f875c5cceb4e8b97d)

Author SHA1 Message Date
renovate[bot] 1b5bbb7e6b
build(deps): update arm64v8/alpine docker tag to v3.14.2 (#2327) 2021-08-28 10:53:42 +10:00
renovate[bot] 0aba819899
build(deps): update golang docker tag (#2293)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-08-17 13:46:47 +10:00
renovate[bot] 9ceca59c54
build(deps): update arm64v8/alpine docker tag to v3.14.1 (#2264)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-08-07 07:53:30 +10:00
renovate[bot] 172dc40576
build(deps): update golang docker tag to v1.16.7 (#2254)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-08-06 09:43:11 +10:00
James Elliott c5c6bda8b0
refactor: configuration agnostic healthcheck (#2231)
This makes the healthcheck simple and configured directly by Authelia's configuration on startup.
2021-08-05 14:02:07 +10:00
renovate[bot] 69bfc28a60
build(deps): update golang docker tag to v1.16.6 (#2176)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-07-13 12:07:31 +10:00
Amir Zarrinkafsh 8db0bc9ae1
refactor: drop qemu binary requirement (#2116)
QEMU binaries no longer need to be baked into containers.
2021-06-24 18:24:47 +10:00
Amir Zarrinkafsh 4cab3a4a4e
refactor: drop cgo requirement for sqlite (#2101)
* refactor: drop cgo requirement for sqlite

Replace github.com/mattn/go-sqlite3 with modernc.org/sqlite which drops our CGO requirement.

* refactor: newline for consistency with dockerfiles
2021-06-22 10:45:33 +10:00
James Elliott 0d7b33022c
build: add enhanced information (#2067)
This commit adjusts the build flags to include version information in the LDFLAGS using the -X options. Additionally this makes the information recorded at build time more comprehensive. All build information can now be obtained via the `authelia build` command, and the `authelia version` command is now `authelia --version`. Lastly this adjusts the Dockerfile to utilize docker cache more effectively.
2021-06-18 14:35:43 +10:00
renovate[bot] d0921efa28
build(deps): update arm64v8/alpine docker tag to v3.14.0 (#2085)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-06-16 10:13:37 +10:00
James Elliott e029f4b5af
build: optimize docker builds (#2059)
* build: optimize docker builds

This change is so that each of the COPY/RUN steps occurs in a single layer which should theoretically decrease build times.

* build: include license and move scripts
2021-06-06 14:46:31 +10:00
renovate[bot] 0c91f5c898
build(deps): update golang docker tag to v1.16.5 (#2060)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-06-04 14:36:51 +10:00
renovate[bot] 544373de17
build(deps): update golang docker tag to v1.16.4 (#1984)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-05-07 10:24:17 +10:00
renovate[bot] 756ba04980
build(deps): update arm64v8/alpine docker tag to v3.13.5 (#1917)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-04-15 12:43:24 +10:00
renovate[bot] ce3ac65326
build(deps): update golang docker tag to v1.16.3 (#1884)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-04-03 22:09:23 +11:00
renovate[bot] 2275fe0a7c
build(deps): update arm64v8/alpine docker tag to v3.13.4 (#1878)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-04-01 17:02:15 +11:00
renovate[bot] 77e21165c9
build(deps): update arm64v8/alpine docker tag to v3.13.3 (#1855)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-03-26 13:54:11 +11:00
James Elliott 5e72f8e8c7
build(deps): update to golang 1.16.2 explicitly (#1818) 2021-03-13 09:32:13 +11:00
Amir Zarrinkafsh 74721a9f41
feat: go:embed static assets (#1733)
* feat: go:embed static assets

Go 1.16 introduced the ability to embed files within a generated binary directly with the go tool chain. This simplifies our dependencies and the significantly improves the development workflow for future developers.

Key points to note:

Due to the inability to embed files that do not reside within the local package we need to duplicate our `config.template.yml` within `internal/configuration`.

To avoid issues with the development workflow empty mock files have been included within `internal/server/public_html`. These are substituted with the respective generated files during the CI/CD and build workflows.

* fix(suites): increase ldap suite test timeout

* fix(server): fix swagger asset CSP
2021-02-22 10:07:06 +11:00
renovate[bot] 1f16f0945a
build(deps): update arm64v8/alpine docker tag to v3.13.2 (#1727)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-02-18 14:09:39 +11:00
renovate[bot] 681a42afff
build(deps): update arm64v8/alpine docker tag to v3.13.1 (#1651)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-01-31 09:11:51 +11:00
dependabot-preview[bot] f74ada099c
[MISC] (deps): Bump golang from 1.15.6-alpine to 1.15.7-alpine (#1621)
Bumps golang from 1.15.6-alpine to 1.15.7-alpine.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2021-01-22 09:34:05 +11:00
dependabot-preview[bot] fc272415ea
[MISC] (deps): Bump arm64v8/alpine from 3.12.3 to 3.13.0 (#1613)
Bumps arm64v8/alpine from 3.12.3 to 3.13.0.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2021-01-18 11:28:13 +11:00
Amir Zarrinkafsh 3487fd392e
[FEATURE] Add API docs and swagger-ui (#1544)
* [FEATURE] Add API docs and swagger-ui

This change will serve out swagger-ui at the `/api/` root path.

* Update descriptions and summaries in API spec

* Utilise frontend assets from unit testing for Docker build steps

* Fix tag for /api/user/* endpoints

* Fix response schema for /api/user/info/2fa_method

* Template and inject the session name during runtime into swagger-ui

This change also factorises and renames index.go into template.go, this can now be generically utilised to template any file.

* Fix integration tests

* Add U2F endpoints

* Change swagger directory to api

This change is to more closely conform to the golang-standards project layout.

* Add authentication for u2f endpoints

* Modify u2f endpoint descriptions

* Rename and fix u2f 2fa sign endpoints

* Fix request body for /api/secondfactor/u2f/sign endpoint

Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2021-01-03 15:28:46 +11:00
dependabot-preview[bot] 620f51d610
[MISC] (deps): Bump arm64v8/alpine from 3.12.2 to 3.12.3 (#1571)
Bumps arm64v8/alpine from 3.12.2 to 3.12.3.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>

Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2020-12-31 08:07:29 +11:00
dependabot-preview[bot] b5e23f3392
[MISC] (deps): Bump arm64v8/alpine from 3.12.1 to 3.12.2 (#1539)
Bumps arm64v8/alpine from 3.12.1 to 3.12.2.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-12-15 22:29:24 +01:00
dependabot-preview[bot] c2708c40ab
[MISC] (deps): Bump golang from 1.15.5-alpine to 1.15.6-alpine (#1519)
Bumps golang from 1.15.5-alpine to 1.15.6-alpine.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2020-12-12 10:52:08 +11:00
dependabot-preview[bot] 7c5dd9af2c
[MISC] (deps): Bump golang from 1.15.4-alpine to 1.15.5-alpine (#1462)
Bumps golang from 1.15.4-alpine to 1.15.5-alpine.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-11-16 10:27:51 +11:00
Amir Zarrinkafsh 423cd09f26
[BUGFIX] Dynamically determine healthcheck URL (#1444) 2020-11-11 15:22:09 +11:00
dependabot-preview[bot] e67c52524d
[MISC] (deps): Bump golang from 1.15.3-alpine to 1.15.4-alpine (#1437)
Bumps golang from 1.15.3-alpine to 1.15.4-alpine.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-11-10 09:57:58 +11:00
Amir Zarrinkafsh 43af825f47
[FEATURE] Add health checks to containers (#1425) 2020-11-05 11:59:06 +11:00
dependabot-preview[bot] 9891f99752
[MISC] (deps): Bump arm64v8/alpine from 3.12.0 to 3.12.1 (#1408)
Bumps arm64v8/alpine from 3.12.0 to 3.12.1.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-10-26 22:04:11 +11:00
dependabot-preview[bot] 563d1416f8
[MISC] (deps): Bump node from 14-alpine to 15-alpine (#1409)
Bumps node from 14-alpine to 15-alpine.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-10-26 11:33:24 +11:00
dependabot-preview[bot] 5b67c38e57
[MISC] (deps): Bump golang from 1.15.2-alpine to 1.15.3-alpine (#1389)
Bumps golang from 1.15.2-alpine to 1.15.3-alpine.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-10-20 21:44:39 +11:00
Amir Zarrinkafsh 15b165f503
[BUGFIX] Fix Dockerfile WORKDIR (#1392)
The WORKDIR needs to be set early to ensure that the files are copied into the appropriate directory.
This is a minor regression that was introduced in af2ae328e7.
2020-10-19 11:24:24 +11:00
akusei af2ae328e7
[FEATURE] Container privilege de-escalation (#1370)
* support for running as non-root

* forgot to save file

* removed write perms for user on entrypoint script

* preserve existing user behavior

* fix entrypoint permissions to account for non-root user

* typo in chmod on line 63

* better entrypoint script; moved to root

* execute bit

* support for running as non-root

* forgot to save file

* removed write perms for user on entrypoint script

* preserve existing user behavior

* fix entrypoint permissions to account for non-root user

* typo in chmod on line 63

* better entrypoint script; moved to root

* execute bit

* very rough draft documentation

* added missing header

* typo changes -> changed

* Update entrypoint.sh

Co-authored-by: Amir Zarrinkafsh <nightah@me.com>

* Apply suggestions from code review

looks good

Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2020-10-19 10:12:21 +11:00
dependabot-preview[bot] 7e4744d308
[MISC] (deps): Bump golang from 1.15.1-alpine to 1.15.2-alpine (#1314)
Bumps golang from 1.15.1-alpine to 1.15.2-alpine.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-09-11 11:36:45 +10:00
dependabot-preview[bot] 8f0865bd63
[MISC] (deps): Bump golang from 1.15.0-alpine to 1.15.1-alpine (#1304)
Bumps golang from 1.15.0-alpine to 1.15.1-alpine.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-09-04 10:57:24 +10:00
dependabot-preview[bot] bdb752ed48
[MISC] (deps): Bump golang from 1.14.6-alpine to 1.15.0-alpine (#1269)
Bumps golang from 1.14.6-alpine to 1.15.0-alpine.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-08-13 11:28:03 +10:00
dependabot-preview[bot] bf9695beef
[MISC] (deps): Bump golang from 1.14.5-alpine to 1.14.6-alpine (#1236)
Bumps golang from 1.14.5-alpine to 1.14.6-alpine.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-07-28 11:39:08 +10:00
dependabot-preview[bot] 0a1697bf60
[MISC] (deps): Bump golang from 1.14.4-alpine to 1.14.5-alpine (#1208)
Bumps golang from 1.14.4-alpine to 1.14.5-alpine.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-07-17 10:24:20 +10:00
Amir Zarrinkafsh ddfce52939
[MISC] Strip debugging information from compiled binaries (#1141) 2020-06-21 21:52:35 +10:00
Amir Zarrinkafsh ff7f9a50ab
[FEATURE] Docker simplification and configuration generation (#1113)
* [FEATURE] Docker simplification and configuration generation
The Authelia binary now will attempt to generate configuration based on the latest template assuming that the config location specified on startup does not exist. If a file based backend is selected and the backend cannot be found similarly it will generate a `user_database.yml` based a template.

This will allow more seamless bootstrapping of an environment no matter the deployment method.

We have also squashed the Docker volume requirement down to just `/config` thus removing the requirement for `/var/lib/authelia` this is primarily in attempts to simplify the Docker deployment.

Users with the old volume mappings have two options:
1. Change their mappings to conform to `/config`
2. Change the container entrypoint from `authelia --config /config/configuration.yml` to their old mapping

* Adjust paths relative to `/etc/authelia` and simplify to single volume for compose
* Add generation for file backend based user database
* Refactor Docker volumes and paths to /config
* Refactor Docker WORKDIR to /app
* Fix integration tests
* Update BREAKING.md for v4.20.0
* Run go mod tidy
* Fix log_file_path in miscellaneous.md docs
* Generate config and userdb with 0600 permissions
* Fix log_file_path in config.template.yml
2020-06-17 16:25:35 +10:00
dependabot-preview[bot] 7c6cb402f5
[MISC] (deps): Bump golang from 1.14.3-alpine to 1.14.4-alpine (#1086)
Bumps golang from 1.14.3-alpine to 1.14.4-alpine.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-06-04 22:02:52 +02:00
dependabot-preview[bot] 7dc79b2ac4
[MISC] (deps): Bump arm64v8/alpine from 3.11.6 to 3.12.0 (#1071)
Bumps arm64v8/alpine from 3.11.6 to 3.12.0.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2020-06-01 13:32:31 +10:00
dependabot-preview[bot] 13e2050d91
[MISC] (deps): Bump golang from 1.14.2-alpine to 1.14.3-alpine (#1029)
Bumps golang from 1.14.2-alpine to 1.14.3-alpine.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2020-05-19 08:22:02 +10:00
Amir Zarrinkafsh f8bd506326
[FEATURE] Embed static assets in Go binary (#916)
* [FEATURE] Embed static assets in Go binary

* Refactor/consolidate code and specify public_html via configuration

* Update docs and config template for assets

* Update AUR package pre-requisites and systemd unit

* Include static assets as Buildkite and GitHub artifacts

* Remove references to PUBLIC_DIR

* Only serve assets via embedded filesystem and remove configuration references

* Update authelia-scripts helper to build the embedded filesystem

* Mock the embedded filesystem for unit tests
Add to gitignore to ensure this isn't overwritten.

* Move go:generate to satisfy linter
2020-04-29 00:07:20 +10:00
dependabot-preview[bot] 3ba06c2e9d
[MISC] (deps): Bump node from 12-alpine to 14-alpine (#932)
Bumps node from 12-alpine to 14-alpine.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2020-04-28 09:38:20 +10:00
Daniel Sutton ca4a890fb2
[MISC] Update to alpine 3.11.6 (#917)
* update to alpine 3.11.6

Signed-off-by: Daniel Sutton <daniel@ducksecops.uk>
2020-04-25 22:56:32 +02:00
Clément Michaud b12d9d405f
[FEATURE] Add Content-Security-Policy meta to login portal. (#822)
CSP is used to avoid some attacks where the hacker tries to execute
untrusted code in the browser.

The policy is to use assets hosted on the the original website and in order to make CSP work with material UI, a nonce is generated at each request of index.html and injected in the template as well as provided in the Content-Security-Policy header (https://material-ui.com/styles/advanced/#how-does-one-implement-csp)

Fix #815
2020-04-21 10:23:28 +10:00