-
Notifications
You must be signed in to change notification settings - Fork 25
Expand file tree
/
Copy pathsetup.go
More file actions
108 lines (93 loc) · 3.05 KB
/
setup.go
File metadata and controls
108 lines (93 loc) · 3.05 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
package beyond
import (
"crypto/tls"
"flag"
"net/http"
"strings"
"github.com/koding/websocketproxy"
"github.com/presbrey/beyond/internal/authn"
"github.com/presbrey/beyond/internal/authz"
"github.com/presbrey/beyond/internal/docker"
"github.com/sirupsen/logrus"
)
var (
debug = flag.Bool("debug", true, "set debug loglevel")
host = flag.String("beyond-host", "beyond.myorg.net", "hostname of self")
healthPath = flag.String("health-path", "/healthz/ping", "URL of the health endpoint")
healthReply = flag.String("health-reply", "ok", "response body of the health endpoint")
fouroFourMessage = flag.String("404-message", "Please contact the application administrators to setup access.", "message to use when backend apps do not respond")
fouroOneCode = flag.Int("401-code", 418, "status to respond when a user needs authentication")
headerPrefix = flag.String("header-prefix", "Beyond", "prefix extra headers with this string")
skipVerify = flag.Bool("insecure-skip-verify", false, "allow TLS backends without valid certificates")
wsCompress = flag.Bool("websocket-compression", false, "allow websocket transport compression (gorilla/experimental)")
tlsConfig = &tls.Config{}
)
// Setup initializes all configured modules
func Setup() error {
var err error
if *debug {
logrus.SetLevel(logrus.DebugLevel)
}
// setup session management
err = authn.SetupSession()
if err != nil {
return err
}
if len(*authn.CookieKey) == 0 {
logrus.Warn("No cookie key provided, generated random key for this session:")
logrus.Warnf(" -cookie-key %s", *authn.CookieKey)
logrus.Warn("IMPORTANT: Sessions will not persist across restarts. Set explicit key for production use.")
}
// setup backend encryption
tlsConfig.InsecureSkipVerify = *skipVerify
http.DefaultTransport = &http.Transport{TLSClientConfig: tlsConfig}
// setup websockets
if websocketproxy.DefaultDialer.TLSClientConfig == nil {
websocketproxy.DefaultDialer.TLSClientConfig = &tls.Config{}
}
websocketproxy.DefaultDialer.TLSClientConfig.InsecureSkipVerify = *skipVerify
websocketproxy.DefaultDialer.EnableCompression = *wsCompress
websocketproxy.DefaultUpgrader.EnableCompression = *wsCompress
websocketproxy.DefaultUpgrader.CheckOrigin = websocketproxyCheckOrigin
dURLs := []string{*docker.DockerBase}
if len(*docker.DockerURLs) > 0 {
dURLs = append(dURLs, strings.Split(*docker.DockerURLs, ",")...)
}
ghpHosts := map[string]bool{}
for _, k := range strings.Split(*docker.GHPHost, ",") {
ghpHosts[k] = true
}
docker.SetGHPHosts(ghpHosts)
err = docker.Setup(dURLs...)
if err == nil {
err = authn.FederateSetup()
}
if err == nil {
err = authz.HostsSetup(*authz.HostsCSV)
}
if err == nil {
err = authz.RefreshHosts()
}
if err == nil {
err = logSetup()
}
if err == nil {
err = authn.OIDCSetup(*authn.OIDCIssuer, *host)
}
if err == nil {
err = authn.SAMLSetup(*host)
}
if err == nil {
err = authz.RefreshFence()
}
if err == nil {
err = authz.RefreshSites()
}
if err == nil {
err = authz.RefreshAllowlist()
}
if err == nil {
err = reproxy()
}
return err
}