OpenSource/homepage
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Working version

Browse Source
This commit is contained in:
Aaron Dalton 2024-02-07 18:08:55 -05:00 committed by Aaron Dalton
parent b28c9c4f26
commit 84b85008be
6 changed files with 14 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
docs/configs/settings.md
View File

@ -526,8 +526,8 @@ section. For example:
```yaml
auth:
groups:
My Service Group:
- My Service Group:
allowGroups: ["Group1", "Group2"]
My Other Group:
- My Other Group:
allowGroups: ["Group1"]
```

2
src/pages/api/auth.js
View File

@ -6,7 +6,7 @@ export default async function handler(req, res) {
const { provider, groups } = readAuthSettings(getSettings().auth);
try {
if (checkAllowedGroup(provider.permissions(req), groups, group)) {
if (checkAllowedGroup(provider.authorize(req), groups, group)) {
res.json({ group });
} else {
res.status(401).json({ message: "Group unathorized" });

2
src/pages/api/bookmarks.js
View File

@ -4,5 +4,5 @@ import { getSettings } from "utils/config/config";
export default async function handler(req, res) {
const { provider, groups } = readAuthSettings(getSettings().auth);
res.send(await bookmarksResponse(provider.permissions(req), groups));
res.send(await bookmarksResponse(provider.authorize(req), groups));
}

2
src/pages/api/services/index.js
View File

@ -4,5 +4,5 @@ import { getSettings } from "utils/config/config";
export default async function handler(req, res) {
const { provider, groups } = readAuthSettings(getSettings().auth);
res.send(await servicesResponse(provider.permissions(req), groups));
res.send(await servicesResponse(provider.authorize(req), groups));
}

2
src/pages/api/widgets/index.js
View File

@ -4,5 +4,5 @@ import { getSettings } from "utils/config/config";
export default async function handler(req, res) {
const { provider } = readAuthSettings(getSettings().auth);
res.send(await widgetsResponse(provider.permissions(req)));
res.send(await widgetsResponse(provider.authorize(req)));
}

12
src/utils/auth/proxy.js
View File

@ -1,8 +1,10 @@
// 'proxy' auth provider is meant to be used by a reverse proxy that injects permission headers into the origin
// request. In this case we are relying on our proxy to authenitcate our users and validate.
function getProxyPermissions(userHeader, groupHeader, request) {
const user = userHeader ? request.headers[userHeader] : null;
const groupsString = groupHeader ? request.headers[groupHeader] : "";
const user =
userHeader && request.headers[userHeader.toLowerCase()] ? request.headers[userHeader.toLowerCase()] : null;
const groupsString =
groupHeader && request.headers[groupHeader.toLowerCase()] ? request.headers[groupHeader.toLowerCase()] : "";
return { user, groups: groupsString ? groupsString.split(",").map((v) => v.trimStart()) : [] };
}
@ -11,8 +13,10 @@ function createProxyAuth({ groupHeader, userHeader }) {
return {
getContext: (request) => ({
provider: "proxy",
...(userHeader && { [userHeader]: request.headers[userHeader] }),
...(groupHeader && { [groupHeader]: request.headers[groupHeader] }),
...(userHeader &&
request.headers[userHeader] && { [userHeader.toLowerCase()]: request.headers[userHeader.toLowerCase()] }),
...(groupHeader &&
request.headers[groupHeader] && { [groupHeader.toLowerCase()]: request.headers[groupHeader.toLowerCase()] }),
}),
authorize: (request) => getProxyPermissions(userHeader, groupHeader, request),
};