Commit Graph

122 Commits

Author SHA1 Message Date
Amir Zarrinkafsh
86865cea29
build(deps): update swagger-ui to v4.1.0 (#2576) 2021-11-09 10:59:01 +11:00
Amir Zarrinkafsh
722f2daf9a
build(deps): update swagger-ui to v3.52.4 (#2493) 2021-10-12 15:52:50 +11:00
Amir Zarrinkafsh
9445878ca2
refactor(web): use transformindexhtml vite hook (#2488) 2021-10-11 20:30:02 +11:00
Clément Michaud
1f28bc9b26
docs: provide installation guidelines for installing missing tools (#2481) 2021-10-09 20:41:02 +02:00
Amir Zarrinkafsh
a3e84769b5
feat(web): replace cra with vite (#2457)
* feat(web): replace cra with vite

* fix: add istanbul
* fix: add jest
* fix: inject env vars
* fix: replicate cra output directories
* fix: post-frontend build for go templating
* fix: dynamic publicpath

* fix(web): import resolution with aliases for .module.css files

* refactor(server): baseurl var

* refactor(web): drop babel-jest for esbuild-jest

* refactor(web): add inline sourcemap for coverage bundle

* build(deps): update web deps

* build(deps): downgrade vite-plugin-istanbul to 2.2.0

98bf77dbaa is a breaking change that means production mode builds can no longer be instrumented.

* refactor(web): match frontend name and version

* refactor(web): drop cra readme
2021-10-08 15:00:06 +11:00
Amir Zarrinkafsh
982e1c2638
ci(buildkite): perform frontend install for renovate deps (#2463) 2021-10-07 10:14:52 +11:00
Amir Zarrinkafsh
26de57a297
ci(buildkite): skip front/backend builds for renovate deps (#2462)
* ci(buildkite): skip front/backend builds for renovate deps

* ci(buildkite): make unit-test artifact compression conditional
2021-10-07 09:45:37 +11:00
Amir Zarrinkafsh
3d312cf3b9
refactor: replace yarn with pnpm (#2424)
* Check for pnpm in authelia-scripts
* Improve husky hooks to check for required apps
* Use pnpm in coverage dockerfile
* Use pnpm in dev workflow
* Stop buildx log truncation
* Ignore pnpm lockfile in yamllint
* Update versions required for docker and docker-compose in contributing docs
2021-09-29 17:24:21 +10:00
Amir Zarrinkafsh
f37cb76f6f
feat(web): remove sourcemap generation (#2423) 2021-09-28 17:09:31 +10:00
Amir Zarrinkafsh
c9f5b3de88
feat(web): replace babel-loader and terser with esbuild (#2422) 2021-09-28 16:27:06 +10:00
Amir Zarrinkafsh
d7763a20ec
build(deps): update swagger-ui to v3.52.3 (#2412) 2021-09-26 12:25:14 +10:00
Amir Zarrinkafsh
bd6a8e3ea2
feat: hardened authelia binaries (#2410)
* feat: hardened authelia binaries

This change ensures that all Authelia binaries which are compiled and distributed are hardened with the following standards:

* RELRO
* Stack canary
* NX
* PIE/ASLR
* Stripped RPATH AND RUNPATH
* Stripped Symbols
* Fortify

The musl variants currently [do not support Fortify](https://wiki.musl-libc.org/future-ideas.html#Fortify).

* refactor: docker pull for authelia/crossbuild in background
2021-09-26 12:08:47 +10:00
Amir Zarrinkafsh
92ec00d7c5
feat: builds with gox and buildx (#2381)
* feat: builds with gox and buildx

This change builds all of Authelia respective binaries in parallel within a single step and distributes as necessary to subsequent steps, we now also build and distribute for the following OS/Architecture: freebsd/amd64.

Our CI/CD pipeline now also utilises docker buildx as a default for builds and pushes.

* refactor: clean up docker helper

* Remove `authelia-scripts docker push-image` command as all pushes will be performed with buildx and manifests
* Rename the --arch flag to --container
* Add Dockerfile.dev for users that want to build an Authelia container from source without utilising suites
* Set Dockerfile.dev as default for `authelia-scripts docker build` command

* refactor: variant -> container
2021-09-16 22:39:18 +10:00
Amir Zarrinkafsh
719447b719
build(deps): update swagger-ui to v3.52.2 (#2374) 2021-09-14 16:17:13 +10:00
Amir Zarrinkafsh
4b3e7ac724
build(deps): update swagger-ui to v3.52.1 (#2367) 2021-09-13 18:33:51 +10:00
James Elliott
b4e570358e
fix: include major in go.mod module directive (#2278)
* build: include major in go.mod module directive

* fix: xflags

* revert: cobra changes

* fix: mock doc
2021-08-11 11:16:46 +10:00
Amir Zarrinkafsh
6033b7df70
build(deps): update swagger-ui to v3.52.0 (#2276) 2021-08-10 11:20:44 +10:00
Amir Zarrinkafsh
2c3bc4a133
fix(cmd): remove microbadger references (#2243)
MicroBadger is dead, so we need to remove all references of it.
2021-08-05 16:36:45 +10:00
James Elliott
a7e867a699
feat(configuration): replace viper with koanf (#2053)
This commit replaces github.com/spf13/viper with github.com/knadh/koanf. Koanf is very similar library to viper, with less dependencies and several quality of life differences. This also allows most config options to be defined by ENV. Lastly it also enables the use of split configuration files which can be configured by setting the --config flag multiple times.

Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2021-08-03 19:55:21 +10:00
Amir Zarrinkafsh
03274c171e
build(deps): update swagger-ui to v3.51.2 (#2222) 2021-08-02 14:55:34 +10:00
Amir Zarrinkafsh
c8b51d1190
build(deps): update swagger-ui to v3.51.1 (#2140) 2021-07-02 19:08:10 +10:00
Amir Zarrinkafsh
756aee507f
refactor: cra build path (#2117)
* refactor: cra build path

The `authelia-scripts` helper currently performs steps to move files around in different stages of development and CI/CD.

We now utilise the `BUILD_PATH` environment variable to adjust the output directory for the web frontend from the default of `./web/build/` simplifying the helper somewhat.

Additionally we no longer build the Go binary in the unit test stage of our CI/CD as this is not necessary.

* fix: build output directory in coverage dockerfile
2021-06-25 21:53:20 +10:00
Amir Zarrinkafsh
41f1162651
build(deps): update swagger-ui to v3.51.0 (#2118) 2021-06-25 18:46:50 +10:00
Amir Zarrinkafsh
8db0bc9ae1
refactor: drop qemu binary requirement (#2116)
QEMU binaries no longer need to be baked into containers.
2021-06-24 18:24:47 +10:00
Amir Zarrinkafsh
4cab3a4a4e
refactor: drop cgo requirement for sqlite (#2101)
* refactor: drop cgo requirement for sqlite

Replace github.com/mattn/go-sqlite3 with modernc.org/sqlite which drops our CGO requirement.

* refactor: newline for consistency with dockerfiles
2021-06-22 10:45:33 +10:00
James Elliott
0d7b33022c
build: add enhanced information (#2067)
This commit adjusts the build flags to include version information in the LDFLAGS using the -X options. Additionally this makes the information recorded at build time more comprehensive. All build information can now be obtained via the `authelia build` command, and the `authelia version` command is now `authelia --version`. Lastly this adjusts the Dockerfile to utilize docker cache more effectively.
2021-06-18 14:35:43 +10:00
Amir Zarrinkafsh
8a171e6344
ci(golangci-lint): replace golint with revive linter (#2078)
Remove deprecated `golint` linter and replace with `revive` linter.

Also fix outstanding issues due to upgraded linters.
2021-06-11 10:30:53 +10:00
Amir Zarrinkafsh
50878b1e7f
build(deps): update swagger-ui to v3.50.0 (#2070) 2021-06-08 10:59:03 +10:00
Amir Zarrinkafsh
a31a17b222
fix(cmd): retry clean tag logic for dockerhub (#1976)
This change will ensure that if the curl command for the cleaning of Docker tags on DockerHub fails it will be reattempted up to 2 more times (total of 3) with a 10 second sleep between each attempt.

The clean tag logic itself within curl attempts to execute the http request upto 3 times so this will ensure a maximum of 9 attempts.
2021-05-05 17:09:31 +10:00
James Elliott
ddea31193b
feature(oidc): add support for OpenID Connect
OpenID connect has become a standard when it comes to authentication and
in order to fix a security concern around forwarding authentication and authorization information
it has been decided to add support for it.

This feature is in beta version and only enabled when there is a configuration for it.
Before enabling it in production, please consider that it's in beta with potential bugs and that there
are several production critical features still missing such as all OIDC related data is stored in
configuration or memory. This means you are potentially going to experience issues with HA
deployments, or when restarting a single instance specifically related to OIDC.

We are still working on adding the remaining set of features before making it GA as soon as possible.

Related to #189

Co-authored-by: Clement Michaud <clement.michaud34@gmail.com>
2021-05-05 00:15:36 +02:00
Amir Zarrinkafsh
9f3bd0e589
build(deps): update swagger-ui to v3.48.0 (#1967) 2021-05-04 08:31:50 +10:00
Amir Zarrinkafsh
fab6813093
build(deps): update swagger-ui to v3.46.0 (#1891) 2021-04-07 12:48:26 +10:00
Amir Zarrinkafsh
e816a2e563
ci: publish docker images to ghcr (#1860)
* ci: publish docker images to ghcr

* ci: remove ghcr images with no tags

* ci: remove unnecessary ghcr jq args for empty tags

* ci: move ghcr empty tag clean up

Publishes Docker container images on both DockerHub and GitHub Container Registry.
2021-03-30 09:17:19 +11:00
Amir Zarrinkafsh
6855898f92
build(deps): update swagger-ui to v3.45.0 (#1861) 2021-03-29 10:55:09 +11:00
James Elliott
e041143f87
feat(session): add redis sentinel provider (#1768)
* feat(session): add redis sentinel provider

* refactor(session): use int for ports as per go standards

* refactor(configuration): adjust tests and validation

* refactor(configuration): add err format consts

* refactor(configuration): explicitly map redis structs

* refactor(session): merge redis/redis sentinel providers

* refactor(session): add additional checks to redis providers

* feat(session): add redis cluster provider

* fix: update config for new values

* fix: provide nil certpool to affected tests/mocks

* test: add additional tests to cover uncovered code

* docs: expand explanation of host and nodes relation for redis

* ci: add redis-sentinel to suite highavailability, add redis-sentinel quorum

* fix(session): sentinel password

* test: use redis alpine library image for redis sentinel, use expose instead of ports, use redis ip, adjust redis ip range, adjust redis config

* test: make entrypoint.sh executable, fix entrypoint.sh if/elif

* test: add redis failover tests

* test: defer docker start, adjust sleep, attempt logout before login, attempt visit before login and tune timeouts, add additional logging

* test: add sentinel integration test

* test: add secondary node failure to tests, fix password usage, bump test timeout, add sleep

* feat: use sentinel failover cluster

* fix: renamed addrs to sentineladdrs upstream

* test(session): sentinel failover

* test: add redis standard back into testing

* test: move redis standalone test to traefik2

* fix/docs: apply suggestions from code review
2021-03-10 10:03:05 +11:00
Amir Zarrinkafsh
74721a9f41
feat: go:embed static assets (#1733)
* feat: go:embed static assets

Go 1.16 introduced the ability to embed files within a generated binary directly with the go tool chain. This simplifies our dependencies and the significantly improves the development workflow for future developers.

Key points to note:

Due to the inability to embed files that do not reside within the local package we need to duplicate our `config.template.yml` within `internal/configuration`.

To avoid issues with the development workflow empty mock files have been included within `internal/server/public_html`. These are substituted with the respective generated files during the CI/CD and build workflows.

* fix(suites): increase ldap suite test timeout

* fix(server): fix swagger asset CSP
2021-02-22 10:07:06 +11:00
Amir Zarrinkafsh
59fa332088
build(deps): update swagger-ui to v3.43.0 (#1717) 2021-02-12 21:16:46 +11:00
Amir Zarrinkafsh
f60af69187
build(deps): update swagger-ui to v3.42.0 (#1700) 2021-02-05 10:21:18 +11:00
Amir Zarrinkafsh
5eebeb68fc
build(deps): update swagger-ui to v3.41.1 (#1683) 2021-02-02 19:21:03 +11:00
Amir Zarrinkafsh
6965d06854
[CI] Fix DockerHub README update (#1628)
Since introducing the All Contributors spec for our README.md we have been unable to sync and update the README to DockerHub.

This is because DockerHub has a 25000 character limit and the All Contributors spec exceeds this. So we retain a similar README to the prior for the contributors section only for DockerHub.
2021-01-25 10:05:28 +11:00
Amir Zarrinkafsh
d92e4b94d6
[MISC] Update Swagger UI to 3.40.0 (#1606) 2021-01-16 20:31:13 +11:00
Amir Zarrinkafsh
079d069cd6
[CI] Update QEMU to v5.2.0-2 (#1582) 2021-01-05 12:54:37 +11:00
Amir Zarrinkafsh
3487fd392e
[FEATURE] Add API docs and swagger-ui (#1544)
* [FEATURE] Add API docs and swagger-ui

This change will serve out swagger-ui at the `/api/` root path.

* Update descriptions and summaries in API spec

* Utilise frontend assets from unit testing for Docker build steps

* Fix tag for /api/user/* endpoints

* Fix response schema for /api/user/info/2fa_method

* Template and inject the session name during runtime into swagger-ui

This change also factorises and renames index.go into template.go, this can now be generically utilised to template any file.

* Fix integration tests

* Add U2F endpoints

* Change swagger directory to api

This change is to more closely conform to the golang-standards project layout.

* Add authentication for u2f endpoints

* Modify u2f endpoint descriptions

* Rename and fix u2f 2fa sign endpoints

* Fix request body for /api/secondfactor/u2f/sign endpoint

Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2021-01-03 15:28:46 +11:00
Amir Zarrinkafsh
49ae9b0a69
[CI] Update QEMU to v5.2.0-1 (#1567)
* [CI] Update QEMU to v5.2.0-1

* Fix linting error from golangci-lint 1.34.1 update

Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2020-12-30 07:23:24 +11:00
Amir Zarrinkafsh
b989c1b169
[MISC] Refactor and address most errcheck linter ignores (#1511)
* [MISC] Refactor and address most errcheck linter ignores

This is mostly a quality of life change.
When we first implemented the errcheck linter we ignored a number of items in our legacy codebase with intent to revisit down the track.

* Handle errors for regulation marks and remove unnecessary logging
2020-12-16 12:47:31 +11:00
Amir Zarrinkafsh
774c1c0207
[MISC] Consistently utilise correct logging interface (#1487)
This change aims to utilise the correct logging interface consistently.

The only instances where stdlib log is utilised is for tests and when commands that Authelia supports; for example certificate generation, password hashing and config validation.
2020-11-25 09:54:36 +11:00
Amir Zarrinkafsh
6db5455762
[CI] Collect coverage from frontend during integration tests (#1472)
This change will allow us to collect frontend code coverage from our Selenium based integration tests.

Given that the frontend is embedded into the Go binary and the integration tests run with a compiled binary in Docker this poses some issues with the instrumented code and the ability for it to run in this manner. To fix this we need to relax Authelia's CSP for the integration tests. This is achieved by setting the env variable `ENVIRONMENT` to `dev`.
2020-11-19 12:50:34 +11:00
Amir Zarrinkafsh
f2e0f16d39
[CI] Update QEMU to v5.1.0-7 (#1457) 2020-11-16 21:22:09 +11:00
Amir Zarrinkafsh
e3675adf8b
[CI] Update QEMU to v5.1.0-5 (#1393) 2020-10-19 22:42:50 +11:00
Amir Zarrinkafsh
b1a01b1727
[CI] Update QEMU to v5.1.0-2 (#1321)
* [CI] Update QEMU to v5.1.0-2

* Fix linter errors from golangci-lint update
2020-09-18 22:05:43 +10:00