mirror of
https://github.com/miniflux/v2.git
synced 2025-09-15 18:57:04 +00:00
Implement support for authentication via Auth Proxy
Auth Proxy allows to authenticate a user using an HTTP header provided by an external authentication service. This provides a way to authenticate users in miniflux using authentication schemes not supported by miniflux itself (LDAP, non-Google OAuth2 providers, etc.) and to implement SSO for multiple applications behind single authentication service. Auth Proxy header is checked for the '/' endpoint only, as the rest are protected by the miniflux user/app sessions. Closes #534 Signed-off-by: Pavel Borzenkov <pavel.borzenkov@gmail.com>
This commit is contained in:
parent
d5adf8b9f6
commit
7389c79c52
5 changed files with 159 additions and 1 deletions
|
@ -44,6 +44,8 @@ const (
|
|||
defaultPocketConsumerKey = ""
|
||||
defaultHTTPClientTimeout = 20
|
||||
defaultHTTPClientMaxBodySize = 15
|
||||
defaultAuthProxyHeader = ""
|
||||
defaultAuthProxyUserCreation = false
|
||||
)
|
||||
|
||||
// Options contains configuration options.
|
||||
|
@ -82,6 +84,8 @@ type Options struct {
|
|||
pocketConsumerKey string
|
||||
httpClientTimeout int
|
||||
httpClientMaxBodySize int64
|
||||
authProxyHeader string
|
||||
authProxyUserCreation bool
|
||||
}
|
||||
|
||||
// NewOptions returns Options with default values.
|
||||
|
@ -121,6 +125,8 @@ func NewOptions() *Options {
|
|||
pocketConsumerKey: defaultPocketConsumerKey,
|
||||
httpClientTimeout: defaultHTTPClientTimeout,
|
||||
httpClientMaxBodySize: defaultHTTPClientMaxBodySize * 1024 * 1024,
|
||||
authProxyHeader: defaultAuthProxyHeader,
|
||||
authProxyUserCreation: defaultAuthProxyUserCreation,
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -297,6 +303,18 @@ func (o *Options) HTTPClientMaxBodySize() int64 {
|
|||
return o.httpClientMaxBodySize
|
||||
}
|
||||
|
||||
// AuthProxyHeader returns an HTTP header name that contains username for
|
||||
// authentication using auth proxy.
|
||||
func (o *Options) AuthProxyHeader() string {
|
||||
return o.authProxyHeader
|
||||
}
|
||||
|
||||
// IsAuthProxyUserCreationAllowed returns true if user creation is allowed for
|
||||
// users authenticated using auth proxy.
|
||||
func (o *Options) IsAuthProxyUserCreationAllowed() bool {
|
||||
return o.authProxyUserCreation
|
||||
}
|
||||
|
||||
func (o *Options) String() string {
|
||||
var builder strings.Builder
|
||||
builder.WriteString(fmt.Sprintf("LOG_DATE_TIME: %v\n", o.logDateTime))
|
||||
|
@ -333,5 +351,7 @@ func (o *Options) String() string {
|
|||
builder.WriteString(fmt.Sprintf("OAUTH2_PROVIDER: %v\n", o.oauth2Provider))
|
||||
builder.WriteString(fmt.Sprintf("HTTP_CLIENT_TIMEOUT: %v\n", o.httpClientTimeout))
|
||||
builder.WriteString(fmt.Sprintf("HTTP_CLIENT_MAX_BODY_SIZE: %v\n", o.httpClientMaxBodySize))
|
||||
builder.WriteString(fmt.Sprintf("AUTH_PROXY_HEADER: %v\n", o.authProxyHeader))
|
||||
builder.WriteString(fmt.Sprintf("AUTH_PROXY_USER_CREATION: %v\n", o.authProxyUserCreation))
|
||||
return builder.String()
|
||||
}
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue