Working version

2024-02-07 18:08:55 -05:00 · 2024-02-07 18:08:55 -05:00 · 84b85008be
commit 84b85008be
parent b28c9c4f26
6 changed files with 14 additions and 10 deletions
--- a/docs/configs/settings.md
+++ b/docs/configs/settings.md
@ -526,8 +526,8 @@ section. For example:
 ```yaml
 auth:
  groups:
-    My Service Group:
+    - My Service Group:
      allowGroups: ["Group1", "Group2"]
-    My Other Group:
+    - My Other Group:
      allowGroups: ["Group1"]
 ```
--- a/src/pages/api/auth.js
+++ b/src/pages/api/auth.js
@ -6,7 +6,7 @@ export default async function handler(req, res) {
  const { provider, groups } = readAuthSettings(getSettings().auth);
  try {
-    if (checkAllowedGroup(provider.permissions(req), groups, group)) {
+    if (checkAllowedGroup(provider.authorize(req), groups, group)) {
      res.json({ group });
    } else {
      res.status(401).json({ message: "Group unathorized" });
--- a/src/pages/api/bookmarks.js
+++ b/src/pages/api/bookmarks.js
@ -4,5 +4,5 @@ import { getSettings } from "utils/config/config";
 export default async function handler(req, res) {
  const { provider, groups } = readAuthSettings(getSettings().auth);
-  res.send(await bookmarksResponse(provider.permissions(req), groups));
+  res.send(await bookmarksResponse(provider.authorize(req), groups));
 }
--- a/src/pages/api/services/index.js
+++ b/src/pages/api/services/index.js
@ -4,5 +4,5 @@ import { getSettings } from "utils/config/config";
 export default async function handler(req, res) {
  const { provider, groups } = readAuthSettings(getSettings().auth);
-  res.send(await servicesResponse(provider.permissions(req), groups));
+  res.send(await servicesResponse(provider.authorize(req), groups));
 }
--- a/src/pages/api/widgets/index.js
+++ b/src/pages/api/widgets/index.js
@ -4,5 +4,5 @@ import { getSettings } from "utils/config/config";
 export default async function handler(req, res) {
  const { provider } = readAuthSettings(getSettings().auth);
-  res.send(await widgetsResponse(provider.permissions(req)));
+  res.send(await widgetsResponse(provider.authorize(req)));
 }
--- a/src/utils/auth/proxy.js
+++ b/src/utils/auth/proxy.js
@ -1,8 +1,10 @@
 // 'proxy' auth provider is meant to be used by a reverse proxy that injects permission headers into the origin
 // request. In this case we are relying on our proxy to authenitcate our users and validate.
 function getProxyPermissions(userHeader, groupHeader, request) {
-  const user = userHeader ? request.headers[userHeader] : null;
+  const user =
-  const groupsString = groupHeader ? request.headers[groupHeader] : "";
+    userHeader && request.headers[userHeader.toLowerCase()] ? request.headers[userHeader.toLowerCase()] : null;
  const groupsString =
    groupHeader && request.headers[groupHeader.toLowerCase()] ? request.headers[groupHeader.toLowerCase()] : "";
  return { user, groups: groupsString ? groupsString.split(",").map((v) => v.trimStart()) : [] };
 }
@ -11,8 +13,10 @@ function createProxyAuth({ groupHeader, userHeader }) {
  return {
    getContext: (request) => ({
      provider: "proxy",
-      ...(userHeader && { [userHeader]: request.headers[userHeader] }),
+      ...(userHeader &&
-      ...(groupHeader && { [groupHeader]: request.headers[groupHeader] }),
+        request.headers[userHeader] && { [userHeader.toLowerCase()]: request.headers[userHeader.toLowerCase()] }),
      ...(groupHeader &&
        request.headers[groupHeader] && { [groupHeader.toLowerCase()]: request.headers[groupHeader.toLowerCase()] }),
    }),
    authorize: (request) => getProxyPermissions(userHeader, groupHeader, request),
  };