mirror of
https://github.com/miniflux/v2.git
synced 2025-09-15 18:57:04 +00:00
Implement support for authentication via Auth Proxy
Auth Proxy allows to authenticate a user using an HTTP header provided by an external authentication service. This provides a way to authenticate users in miniflux using authentication schemes not supported by miniflux itself (LDAP, non-Google OAuth2 providers, etc.) and to implement SSO for multiple applications behind single authentication service. Auth Proxy header is checked for the '/' endpoint only, as the rest are protected by the miniflux user/app sessions. Closes #534 Signed-off-by: Pavel Borzenkov <pavel.borzenkov@gmail.com>
This commit is contained in:
parent
d5adf8b9f6
commit
7389c79c52
5 changed files with 159 additions and 1 deletions
|
@ -17,6 +17,7 @@ import (
|
|||
"miniflux.app/logger"
|
||||
"miniflux.app/model"
|
||||
"miniflux.app/storage"
|
||||
"miniflux.app/ui/session"
|
||||
|
||||
"github.com/gorilla/mux"
|
||||
)
|
||||
|
@ -155,3 +156,66 @@ func (m *middleware) getUserSessionFromCookie(r *http.Request) *model.UserSessio
|
|||
|
||||
return session
|
||||
}
|
||||
|
||||
func (m *middleware) handleAuthProxy(next http.Handler) http.Handler {
|
||||
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
if request.IsAuthenticated(r) || config.Opts.AuthProxyHeader() == "" {
|
||||
next.ServeHTTP(w, r)
|
||||
return
|
||||
}
|
||||
|
||||
username := r.Header.Get(config.Opts.AuthProxyHeader())
|
||||
if username == "" {
|
||||
next.ServeHTTP(w, r)
|
||||
return
|
||||
}
|
||||
|
||||
sess := session.New(m.store, request.SessionID(r))
|
||||
clientIP := request.ClientIP(r)
|
||||
|
||||
logger.Info("[AuthProxy] Successful auth for %s", username)
|
||||
|
||||
user, err := m.store.UserByUsername(username)
|
||||
if err != nil {
|
||||
html.ServerError(w, r, err)
|
||||
return
|
||||
}
|
||||
|
||||
if user == nil {
|
||||
if !config.Opts.IsAuthProxyUserCreationAllowed() {
|
||||
html.Forbidden(w, r)
|
||||
return
|
||||
}
|
||||
|
||||
user = model.NewUser()
|
||||
user.Username = username
|
||||
user.IsAdmin = false
|
||||
|
||||
if err := m.store.CreateUser(user); err != nil {
|
||||
html.ServerError(w, r, err)
|
||||
return
|
||||
}
|
||||
}
|
||||
|
||||
sessionToken, _, err := m.store.CreateUserSession(user.Username, r.UserAgent(), clientIP)
|
||||
if err != nil {
|
||||
html.ServerError(w, r, err)
|
||||
return
|
||||
}
|
||||
|
||||
logger.Info("[AuthProxy] username=%s just logged in", user.Username)
|
||||
|
||||
m.store.SetLastLogin(user.ID)
|
||||
sess.SetLanguage(user.Language)
|
||||
sess.SetTheme(user.Theme)
|
||||
|
||||
http.SetCookie(w, cookie.New(
|
||||
cookie.CookieUserSessionID,
|
||||
sessionToken,
|
||||
config.Opts.HTTPS,
|
||||
config.Opts.BasePath(),
|
||||
))
|
||||
|
||||
html.Redirect(w, r, route.Path(m.router, "unread"))
|
||||
})
|
||||
}
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue