authentik/internal/outpost/proxyv2/refresh.go

package proxyv2

import (
	"context"
	"fmt"
	"net"
	"net/http"
	"net/url"
	"os"
	"path"

	"github.com/getsentry/sentry-go"
	"goauthentik.io/internal/constants"
	"goauthentik.io/internal/outpost/ak"
	"goauthentik.io/internal/outpost/proxyv2/application"
	"goauthentik.io/internal/utils/web"
	"golang.org/x/exp/maps"
)

func (ps *ProxyServer) Refresh() error {
	req := ps.akAPI.Client.OutpostsAPI.OutpostsProxyList(context.Background())
	ps.log.WithField("outpost_pk", ps.akAPI.Outpost.Pk).Debug("Requesting providers for outpost")
	providers, err := ak.Paginator(req, ak.PaginatorOptions{
		PageSize: 100,
		Logger:   ps.log,
	})
	if err != nil {
		ps.log.WithError(err).Error("Failed to fetch providers")
	}
	if err != nil {
		return err
	}
	ps.log.WithField("count", len(providers)).Debug("Fetched providers")
	if len(providers) == 0 && !ps.akAPI.IsEmbedded() {
		ps.log.Warning("No providers assigned to this outpost, check outpost configuration in authentik")
	}
	for i, p := range providers {
		ps.log.WithField("index", i).WithField("name", p.Name).WithField("external_host", p.ExternalHost).WithField("assigned_to_app", p.AssignedApplicationName).Debug("Provider details")
	}
	apps := make(map[string]*application.Application)
	for _, provider := range providers {
		rsp := sentry.StartSpan(context.Background(), "authentik.outposts.proxy.application_ss")
		ua := fmt.Sprintf(" (provider=%s)", provider.Name)
		var transport http.RoundTripper
		if ps.akAPI.IsEmbedded() {
			transport = &http.Transport{
				DialContext: func(_ context.Context, _, _ string) (net.Conn, error) {
					return net.Dial("unix", path.Join(os.TempDir(), "authentik.sock"))
				},
			}
		} else {
			transport = ak.GetTLSTransport()
		}
		hc := &http.Client{
			Transport: web.NewUserAgentTransport(
				constants.UserAgentOutpost()+ua,
				web.NewTracingTransport(
					rsp.Context(),
					transport,
				),
			),
		}
		externalHost, err := url.Parse(provider.ExternalHost)
		if err != nil {
			ps.log.WithError(err).Warning("failed to parse URL, skipping provider")
			continue
		}
		existing, ok := ps.apps[externalHost.Host]
		a, err := application.NewApplication(provider, hc, ps, existing)
		if ok {
			existing.Stop()
		}
		if err != nil {
			ps.log.WithError(err).Warning("failed to setup application")
			continue
		}
		ps.log.WithField("name", provider.Name).WithField("host", externalHost.Host).Info("Loaded application")
		apps[externalHost.Host] = a
	}
	ps.apps = apps
	ps.log.Debug("Swapped maps")
	return nil
}

func (ps *ProxyServer) API() *ak.APIController {
	return ps.akAPI
}

func (ps *ProxyServer) CryptoStore() *ak.CryptoStore {
	return ps.cryptoStore
}

func (ps *ProxyServer) Apps() []*application.Application {
	return maps.Values(ps.apps)
}

func (ps *ProxyServer) SessionBackend() string {
	if ps.akAPI.IsEmbedded() {
		return "postgres"
	}
	if !ps.akAPI.IsEmbedded() {
		return "filesystem"
	}
	ps.log.Panic("failed to determine session backend type")
	return ""
}