From 84b85008be4db7275de153a4809db24aecae2cf9 Mon Sep 17 00:00:00 2001 From: Aaron Dalton Date: Wed, 7 Feb 2024 18:08:55 -0500 Subject: [PATCH] Working version --- docs/configs/settings.md | 4 ++-- src/pages/api/auth.js | 2 +- src/pages/api/bookmarks.js | 2 +- src/pages/api/services/index.js | 2 +- src/pages/api/widgets/index.js | 2 +- src/utils/auth/proxy.js | 12 ++++++++---- 6 files changed, 14 insertions(+), 10 deletions(-) diff --git a/docs/configs/settings.md b/docs/configs/settings.md index ce09c8a5..81dd1c28 100644 --- a/docs/configs/settings.md +++ b/docs/configs/settings.md @@ -526,8 +526,8 @@ section. For example: ```yaml auth: groups: - My Service Group: + - My Service Group: allowGroups: ["Group1", "Group2"] - My Other Group: + - My Other Group: allowGroups: ["Group1"] ``` diff --git a/src/pages/api/auth.js b/src/pages/api/auth.js index 5c876e56..79e8f750 100644 --- a/src/pages/api/auth.js +++ b/src/pages/api/auth.js @@ -6,7 +6,7 @@ export default async function handler(req, res) { const { provider, groups } = readAuthSettings(getSettings().auth); try { - if (checkAllowedGroup(provider.permissions(req), groups, group)) { + if (checkAllowedGroup(provider.authorize(req), groups, group)) { res.json({ group }); } else { res.status(401).json({ message: "Group unathorized" }); diff --git a/src/pages/api/bookmarks.js b/src/pages/api/bookmarks.js index 99699495..f05f5f44 100644 --- a/src/pages/api/bookmarks.js +++ b/src/pages/api/bookmarks.js @@ -4,5 +4,5 @@ import { getSettings } from "utils/config/config"; export default async function handler(req, res) { const { provider, groups } = readAuthSettings(getSettings().auth); - res.send(await bookmarksResponse(provider.permissions(req), groups)); + res.send(await bookmarksResponse(provider.authorize(req), groups)); } diff --git a/src/pages/api/services/index.js b/src/pages/api/services/index.js index 88925b4d..a43257a4 100644 --- a/src/pages/api/services/index.js +++ b/src/pages/api/services/index.js @@ -4,5 +4,5 @@ import { getSettings } from "utils/config/config"; export default async function handler(req, res) { const { provider, groups } = readAuthSettings(getSettings().auth); - res.send(await servicesResponse(provider.permissions(req), groups)); + res.send(await servicesResponse(provider.authorize(req), groups)); } diff --git a/src/pages/api/widgets/index.js b/src/pages/api/widgets/index.js index 10d726d9..e98aed32 100644 --- a/src/pages/api/widgets/index.js +++ b/src/pages/api/widgets/index.js @@ -4,5 +4,5 @@ import { getSettings } from "utils/config/config"; export default async function handler(req, res) { const { provider } = readAuthSettings(getSettings().auth); - res.send(await widgetsResponse(provider.permissions(req))); + res.send(await widgetsResponse(provider.authorize(req))); } diff --git a/src/utils/auth/proxy.js b/src/utils/auth/proxy.js index 3d905e29..7d891a1b 100644 --- a/src/utils/auth/proxy.js +++ b/src/utils/auth/proxy.js @@ -1,8 +1,10 @@ // 'proxy' auth provider is meant to be used by a reverse proxy that injects permission headers into the origin // request. In this case we are relying on our proxy to authenitcate our users and validate. function getProxyPermissions(userHeader, groupHeader, request) { - const user = userHeader ? request.headers[userHeader] : null; - const groupsString = groupHeader ? request.headers[groupHeader] : ""; + const user = + userHeader && request.headers[userHeader.toLowerCase()] ? request.headers[userHeader.toLowerCase()] : null; + const groupsString = + groupHeader && request.headers[groupHeader.toLowerCase()] ? request.headers[groupHeader.toLowerCase()] : ""; return { user, groups: groupsString ? groupsString.split(",").map((v) => v.trimStart()) : [] }; } @@ -11,8 +13,10 @@ function createProxyAuth({ groupHeader, userHeader }) { return { getContext: (request) => ({ provider: "proxy", - ...(userHeader && { [userHeader]: request.headers[userHeader] }), - ...(groupHeader && { [groupHeader]: request.headers[groupHeader] }), + ...(userHeader && + request.headers[userHeader] && { [userHeader.toLowerCase()]: request.headers[userHeader.toLowerCase()] }), + ...(groupHeader && + request.headers[groupHeader] && { [groupHeader.toLowerCase()]: request.headers[groupHeader.toLowerCase()] }), }), authorize: (request) => getProxyPermissions(userHeader, groupHeader, request), };