Implement support for authentication via Auth Proxy

Auth Proxy allows to authenticate a user using an HTTP header provided by an external authentication service. This provides a way to authenticate users in miniflux using authentication schemes not supported by miniflux itself (LDAP, non-Google OAuth2 providers, etc.) and to implement SSO for multiple applications behind single authentication service. Auth Proxy header is checked for the '/' endpoint only, as the rest are protected by the miniflux user/app sessions. Closes #534 Signed-off-by: Pavel Borzenkov <pavel.borzenkov@gmail.com>
2025-09-15 18:57:04 +00:00 · 2020-01-29 13:45:59 +03:00 · 2020-01-29 13:45:59 +03:00 · 7389c79c52
commit 7389c79c52
parent d5adf8b9f6
5 changed files with 159 additions and 1 deletions
--- a/ui/ui.go
+++ b/ui/ui.go
@ -123,7 +123,7 @@ func Serve(router *mux.Router, store *storage.Storage, pool *worker.Pool, feedHa
 	// Authentication pages.
 	uiRouter.HandleFunc("/login", handler.checkLogin).Name("checkLogin").Methods("POST")
 	uiRouter.HandleFunc("/logout", handler.logout).Name("logout").Methods("GET")
-	uiRouter.HandleFunc("/", handler.showLoginPage).Name("login").Methods("GET")
+	uiRouter.Handle("/", middleware.handleAuthProxy(http.HandlerFunc(handler.showLoginPage))).Name("login").Methods("GET")

 	router.HandleFunc("/robots.txt", func(w http.ResponseWriter, r *http.Request) {
 		w.Header().Set("Content-Type", "text/plain")