1
0
Fork 0
mirror of https://github.com/miniflux/v2.git synced 2025-09-15 18:57:04 +00:00

Implement support for authentication via Auth Proxy

Auth Proxy allows to authenticate a user using an HTTP header provided
by an external authentication service. This provides a way to
authenticate users in miniflux using authentication schemes not
supported by miniflux itself (LDAP, non-Google OAuth2 providers, etc.)
and to implement SSO for multiple applications behind single
authentication service.

Auth Proxy header is checked for the '/' endpoint only, as the rest are
protected by the miniflux user/app sessions.

Closes #534

Signed-off-by: Pavel Borzenkov <pavel.borzenkov@gmail.com>
This commit is contained in:
Pavel Borzenkov 2020-01-29 13:45:59 +03:00 committed by Frédéric Guillot
parent d5adf8b9f6
commit 7389c79c52
5 changed files with 159 additions and 1 deletions

View file

@ -17,6 +17,7 @@ import (
"miniflux.app/logger"
"miniflux.app/model"
"miniflux.app/storage"
"miniflux.app/ui/session"
"github.com/gorilla/mux"
)
@ -155,3 +156,66 @@ func (m *middleware) getUserSessionFromCookie(r *http.Request) *model.UserSessio
return session
}
func (m *middleware) handleAuthProxy(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
if request.IsAuthenticated(r) || config.Opts.AuthProxyHeader() == "" {
next.ServeHTTP(w, r)
return
}
username := r.Header.Get(config.Opts.AuthProxyHeader())
if username == "" {
next.ServeHTTP(w, r)
return
}
sess := session.New(m.store, request.SessionID(r))
clientIP := request.ClientIP(r)
logger.Info("[AuthProxy] Successful auth for %s", username)
user, err := m.store.UserByUsername(username)
if err != nil {
html.ServerError(w, r, err)
return
}
if user == nil {
if !config.Opts.IsAuthProxyUserCreationAllowed() {
html.Forbidden(w, r)
return
}
user = model.NewUser()
user.Username = username
user.IsAdmin = false
if err := m.store.CreateUser(user); err != nil {
html.ServerError(w, r, err)
return
}
}
sessionToken, _, err := m.store.CreateUserSession(user.Username, r.UserAgent(), clientIP)
if err != nil {
html.ServerError(w, r, err)
return
}
logger.Info("[AuthProxy] username=%s just logged in", user.Username)
m.store.SetLastLogin(user.ID)
sess.SetLanguage(user.Language)
sess.SetTheme(user.Theme)
http.SetCookie(w, cookie.New(
cookie.CookieUserSessionID,
sessionToken,
config.Opts.HTTPS,
config.Opts.BasePath(),
))
html.Redirect(w, r, route.Path(m.router, "unread"))
})
}