yanis/weval-l99
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
master
weval-l99/wevia-sso-systemic.py.PAUSED
Yanis Mahboub 37ba75cf4a Claude added to webchat
2026-04-13 12:43:21 +02:00

66 lines
2.7 KiB
Python
Executable File
Raw Permalink Blame History

#!/usr/bin/env python3
"""SSO SYSTEMIC FIXER — scans ALL nginx, fixes ALL gaps globally"""
import os,glob,re,subprocess as sp
fixes=[]
def lg(m):print(m,flush=True)
lg("SSO SYSTEMIC FIXER — scanning ALL nginx configs")
API_BLOCK=" location /api/v3/ {\n proxy_pass http://127.0.0.1:9090;\n proxy_set_header Host $host;\n proxy_set_header X-Forwarded-Proto https;\n }\n"
APP_BLOCK=" location /application/ {\n proxy_pass http://127.0.0.1:9090;\n proxy_set_header Host $host;\n proxy_set_header X-Forwarded-Proto https;\n }\n"
CB_BLOCK=" location /outpost.goauthentik.io/callback {\n proxy_pass http://127.0.0.1:9090/outpost.goauthentik.io/callback;\n proxy_redirect off;\n proxy_set_header Host $host;\n proxy_set_header X-Forwarded-Proto https;\n }\n"
COOKIE_NEW="auth_request /outpost.goauthentik.io/auth/nginx;\n auth_request_set $auth_cookie $upstream_http_set_cookie;\n add_header Set-Cookie $auth_cookie;"
COOKIE_OLD="auth_request /outpost.goauthentik.io/auth/nginx;"
for nf in sorted(glob.glob("/etc/nginx/sites-enabled/*")):
if not os.path.isfile(nf):continue
c=open(nf).read()
if "auth_request" not in c or "goauthentik" not in c:continue
fname=os.path.basename(nf)
changed=False
os.system(f"chattr -i {nf} 2>/dev/null")
anchor=" location /flows/ {"
if anchor not in c:
os.system(f"chattr +i {nf} 2>/dev/null")
continue
if "/api/v3/" not in c:
c=c.replace(anchor, API_BLOCK+anchor)
changed=True;fixes.append(f"{fname}: +/api/v3/")
if "/application/" not in c:
c=c.replace(anchor, APP_BLOCK+anchor)
changed=True;fixes.append(f"{fname}: +/application/")
if "/outpost.goauthentik.io/callback" not in c and "outpost.goauthentik.io" in c:
m=" location /outpost.goauthentik.io {"
if m in c:
c=c.replace(m, CB_BLOCK+m)
changed=True;fixes.append(f"{fname}: +callback")
if "auth_request_set" not in c and COOKIE_OLD in c:
c=c.replace(COOKIE_OLD, COOKIE_NEW)
changed=True;fixes.append(f"{fname}: +cookie")
if changed:
open(nf,"w").write(c)
lg(f" FIXED: {fname}")
else:
lg(f" OK: {fname}")
os.system(f"chattr +i {nf} 2>/dev/null")
if fixes:
r=sp.run(["nginx","-t"],capture_output=True,text=True,timeout=5)
if "successful" in r.stderr:
sp.run(["systemctl","reload","nginx"],timeout=5)
lg(f"Nginx reloaded. {len(fixes)} fixes applied.")
else:
lg(f"NGINX ERROR: {r.stderr[:80]}")
else:
lg("All configs OK. 0 fixes needed.")
for f in fixes:lg(f" {f}")
Reference in New Issue View Git Blame Copy Permalink