diff --git a/docs/configs/settings.md b/docs/configs/settings.md
index 81dd1c28..c254184b 100644
--- a/docs/configs/settings.md
+++ b/docs/configs/settings.md
@@ -492,21 +492,21 @@ or per service widget (`services.yaml`) with:
If either value is set to true, the error message will be hidden.
-## Authentication
+## User ID based visibiltiy
-Basic auth integration is implemeted via an `auth` section. An auth provider can be configured using the `provider` section with the given type. Currently the only provider supported is `proxy`, where the users identification and group membership are passed via HTTP Request headers (in plaintext). The expectation is that the application will be accessed only via an authenticating proxy (i.e treafik ).
+Basic user identity integration is implemeted via an `identity` section. An identity provider can be configured using the `provider` section with the given type. Currently the only provider supported is `proxy`, where the users identification and group membership are passed via HTTP Request headers (in plaintext). The expectation is that the application will be accessed only via an authenticating proxy (i.e treafik ).
The group and user headers are both configurable like so:
```yaml
-auth:
+identity:
provider:
type: proxy
groupHeader: "X-group-header"
userHeader: "X-user-header"
```
-Auth can be configured on the service, bookmark, and widget level using the `allowUsers` and `allowGroups` list.
+Identity based visibility can be configured on the service, bookmark, and widget level using the `allowUsers` and `allowGroups` list.
```yaml
- Example Servie:
@@ -520,11 +520,11 @@ Auth can be configured on the service, bookmark, and widget level using the `all
- User3
```
-Auth for groups can be set in the `groups` under `auth`. In general the `groups` tag follows the format of the `layout`
+Identity visibility for groups can be set in the `groups` under `identity`. In general the `groups` tag follows the format of the `layout`
section. For example:
```yaml
-auth:
+identity:
groups:
- My Service Group:
allowGroups: ["Group1", "Group2"]
diff --git a/src/pages/api/auth.js b/src/pages/api/auth.js
index 79e8f750..98a94cb7 100644
--- a/src/pages/api/auth.js
+++ b/src/pages/api/auth.js
@@ -1,17 +1,17 @@
-import { checkAllowedGroup, readAuthSettings } from "utils/auth/auth-helpers";
+import { checkAllowedGroup, readIdentitySettings } from "utils/identity/identity-helpers";
import { getSettings } from "utils/config/config";
export default async function handler(req, res) {
const { group } = req.query;
- const { provider, groups } = readAuthSettings(getSettings().auth);
+ const { provider, groups } = readIdentitySettings(getSettings().identity);
try {
- if (checkAllowedGroup(provider.authorize(req), groups, group)) {
+ if (checkAllowedGroup(provider.getIdentity(req), groups, group)) {
res.json({ group });
} else {
res.status(401).json({ message: "Group unathorized" });
}
} catch (err) {
- res.status(500).send("Error authenticating");
+ res.status(500).send("Error getting user identitiy");
}
}
diff --git a/src/pages/api/bookmarks.js b/src/pages/api/bookmarks.js
index f05f5f44..760228b8 100644
--- a/src/pages/api/bookmarks.js
+++ b/src/pages/api/bookmarks.js
@@ -1,8 +1,8 @@
-import { readAuthSettings } from "utils/auth/auth-helpers";
+import { readAuthSettings } from "utils/identitiy/identity-helpers";
import { bookmarksResponse } from "utils/config/api-response";
import { getSettings } from "utils/config/config";
export default async function handler(req, res) {
- const { provider, groups } = readAuthSettings(getSettings().auth);
+ const { provider, groups } = readAuthSettings(getSettings().identity);
res.send(await bookmarksResponse(provider.authorize(req), groups));
}
diff --git a/src/pages/api/services/index.js b/src/pages/api/services/index.js
index a43257a4..8cff9e41 100644
--- a/src/pages/api/services/index.js
+++ b/src/pages/api/services/index.js
@@ -1,8 +1,8 @@
-import { readAuthSettings } from "utils/auth/auth-helpers";
+import { readAuthSettings } from "utils/identity/identity-helpers";
import { servicesResponse } from "utils/config/api-response";
import { getSettings } from "utils/config/config";
export default async function handler(req, res) {
- const { provider, groups } = readAuthSettings(getSettings().auth);
- res.send(await servicesResponse(provider.authorize(req), groups));
+ const { provider, groups } = readIdentitySettings(getSettings().identity);
+ res.send(await servicesResponse(provider.getIdentity(req), groups));
}
diff --git a/src/pages/api/widgets/index.js b/src/pages/api/widgets/index.js
index e98aed32..d7a2365f 100644
--- a/src/pages/api/widgets/index.js
+++ b/src/pages/api/widgets/index.js
@@ -1,8 +1,8 @@
-import { readAuthSettings } from "utils/auth/auth-helpers";
+import { readAuthSettings } from "utils/identitiy/identitiy-helpers";
import { widgetsResponse } from "utils/config/api-response";
import { getSettings } from "utils/config/config";
export default async function handler(req, res) {
- const { provider } = readAuthSettings(getSettings().auth);
- res.send(await widgetsResponse(provider.authorize(req)));
+ const { provider } = readAuthSettings(getSettings().identity);
+ res.send(await widgetsResponse(provider.getIdentity(req)));
}
diff --git a/src/pages/index.jsx b/src/pages/index.jsx
index 871c4295..ab33e346 100644
--- a/src/pages/index.jsx
+++ b/src/pages/index.jsx
@@ -10,7 +10,7 @@ import { BiError } from "react-icons/bi";
import { serverSideTranslations } from "next-i18next/serverSideTranslations";
import { useRouter } from "next/router";
-import NullAuthProvider from "utils/auth/null";
+import NullIdentityProvider from "utils/identity/null";
import Tab, { slugifyAndEncode } from "components/tab";
import ServicesGroup from "components/services/group";
import BookmarksGroup from "components/bookmarks/group";
@@ -28,7 +28,7 @@ import ErrorBoundary from "components/errorboundry";
import themes from "utils/styles/themes";
import QuickLaunch from "components/quicklaunch";
import { getStoredProvider, searchProviders } from "components/widgets/search/search";
-import { fetchWithAuth, readAuthSettings } from "utils/auth/auth-helpers";
+import { fetchWithIdentity, readIdentitySettings } from "utils/identity/identity-helpers";
const ThemeToggle = dynamic(() => import("components/toggles/theme"), {
ssr: false,
@@ -48,24 +48,24 @@ export async function getServerSideProps({ req }) {
let logger;
try {
logger = createLogger("index");
- const { providers, auth, ...settings } = getSettings();
- const { provider, groups } = readAuthSettings(auth);
+ const { providers, identity, ...settings } = getSettings();
+ const { provider, groups } = readIdentitySettings(identity);
- const services = await servicesResponse(provider.authorize(req), groups);
- const bookmarks = await bookmarksResponse(provider.authorize(req), groups);
- const widgets = await widgetsResponse(provider.authorize(req));
- const authContext = provider.getContext(req);
+ const services = await servicesResponse(provider.getIdentity(req), groups);
+ const bookmarks = await bookmarksResponse(provider.getIdentity(req), groups);
+ const widgets = await widgetsResponse(provider.getIdentity(req));
+ const identityContext = provider.getContext(req);
return {
props: {
initialSettings: settings,
fallback: {
- [unstableSerialize(["/api/services", authContext])]: services,
- [unstableSerialize(["/api/bookmarks", authContext])]: bookmarks,
- [unstableSerialize(["/api/widgets", authContext])]: widgets,
+ [unstableSerialize(["/api/services", identityContext])]: services,
+ [unstableSerialize(["/api/bookmarks", identityContext])]: bookmarks,
+ [unstableSerialize(["/api/widgets", identityContext])]: widgets,
"/api/hash": false,
},
- authContext,
+ identityContext,
...(await serverSideTranslations(settings.language ?? "en")),
},
};
@@ -73,24 +73,24 @@ export async function getServerSideProps({ req }) {
if (logger && e) {
logger.error(e);
}
- const authContext = NullAuthProvider.create().getContext(req);
+ const identityContext = NullIdentityProvider.create().getContext(req);
return {
props: {
initialSettings: {},
fallback: {
- [unstableSerialize(["/api/services", authContext])]: [],
- [unstableSerialize(["/api/bookmarks", authContext])]: [],
- [unstableSerialize(["/api/widgets", authContext])]: [],
+ [unstableSerialize(["/api/services", identityContext])]: [],
+ [unstableSerialize(["/api/bookmarks", identityContext])]: [],
+ [unstableSerialize(["/api/widgets", identityContext])]: [],
"/api/hash": false,
},
- authContext,
+ identityContext,
...(await serverSideTranslations("en")),
},
};
}
}
-function Index({ initialSettings, fallback, authContext }) {
+function Index({ initialSettings, fallback, identityContext }) {
const windowFocused = useWindowFocus();
const [stale, setStale] = useState(false);
const { data: errorsData } = useSWR("/api/validate");
@@ -160,7 +160,7 @@ function Index({ initialSettings, fallback, authContext }) {
return (
fetch(resource, init).then((res) => res.json()) }}>
-
+
);
@@ -174,7 +174,7 @@ const headerStyles = {
boxedWidgets: "m-5 mb-0 sm:m-9 sm:mb-0 sm:mt-1",
};
-function Home({ initialSettings, authContext }) {
+function Home({ initialSettings, identityContext }) {
const { i18n } = useTranslation();
const { theme, setTheme } = useContext(ThemeContext);
const { color, setColor } = useContext(ColorContext);
@@ -186,9 +186,9 @@ function Home({ initialSettings, authContext }) {
setSettings(initialSettings);
}, [initialSettings, setSettings]);
- const { data: services } = useSWR(["/api/services", authContext], fetchWithAuth);
- const { data: bookmarks } = useSWR(["/api/bookmarks", authContext], fetchWithAuth);
- const { data: widgets } = useSWR(["/api/widgets", authContext], fetchWithAuth);
+ const { data: services } = useSWR(["/api/services", identityContext], fetchWithIdentity);
+ const { data: bookmarks } = useSWR(["/api/bookmarks", identityContext], fetchWithIdentity);
+ const { data: widgets } = useSWR(["/api/widgets", identityContext], fetchWithIdentity);
const servicesAndBookmarks = [
...services.map((sg) => sg.services).flat(),
@@ -461,7 +461,7 @@ function Home({ initialSettings, authContext }) {
);
}
-export default function Wrapper({ initialSettings, fallback, authContext }) {
+export default function Wrapper({ initialSettings, fallback, identityContext }) {
const wrappedStyle = {};
let backgroundBlur = false;
let backgroundSaturate = false;
@@ -512,7 +512,7 @@ export default function Wrapper({ initialSettings, fallback, authContext }) {
backgroundBrightness && `backdrop-brightness-${initialSettings.background.brightness}`,
)}
>
-
+
diff --git a/src/utils/config/api-response.js b/src/utils/config/api-response.js
index 58df71f1..ef8f2b9f 100644
--- a/src/utils/config/api-response.js
+++ b/src/utils/config/api-response.js
@@ -12,7 +12,7 @@ import {
servicesFromKubernetes,
} from "utils/config/service-helpers";
import { cleanWidgetGroups, widgetsFromConfig } from "utils/config/widget-helpers";
-import { filterAllowedBookmarks, filterAllowedServices, filterAllowedWidgets } from "utils/auth/auth-helpers";
+import { filterAllowedBookmarks, filterAllowedServices, filterAllowedWidgets } from "utils/identity/identity-helpers";
/**
* Compares services by weight then by name.
@@ -25,7 +25,7 @@ function compareServices(service1, service2) {
return service1.name.localeCompare(service2.name);
}
-export async function bookmarksResponse(perms, authGroups) {
+export async function bookmarksResponse(perms, idGroups) {
checkAndCopyConfig("bookmarks.yaml");
const bookmarksYaml = path.join(CONF_DIR, "bookmarks.yaml");
@@ -48,7 +48,7 @@ export async function bookmarksResponse(perms, authGroups) {
// map easy to write YAML objects into easy to consume JS arrays
const bookmarksArray = filterAllowedBookmarks(
perms,
- authGroups,
+ idGroups,
bookmarks.map((group) => ({
name: Object.keys(group)[0],
bookmarks: group[Object.keys(group)[0]].map((entries) => ({
@@ -89,14 +89,14 @@ export async function widgetsResponse(perms) {
return configuredWidgets;
}
-export async function servicesResponse(perms, authGroups) {
+export async function servicesResponse(perms, idGroups) {
let discoveredDockerServices;
let discoveredKubernetesServices;
let configuredServices;
let initialSettings;
try {
- discoveredDockerServices = filterAllowedServices(perms, authGroups, cleanServiceGroups(await servicesFromDocker()));
+ discoveredDockerServices = filterAllowedServices(perms, idGroups, cleanServiceGroups(await servicesFromDocker()));
if (discoveredDockerServices?.length === 0) {
console.debug("No containers were found with homepage labels.");
}
@@ -109,7 +109,7 @@ export async function servicesResponse(perms, authGroups) {
try {
discoveredKubernetesServices = filterAllowedServices(
perms,
- authGroups,
+ idGroups,
cleanServiceGroups(await servicesFromKubernetes()),
);
} catch (e) {
@@ -119,7 +119,7 @@ export async function servicesResponse(perms, authGroups) {
}
try {
- configuredServices = filterAllowedServices(perms, authGroups, cleanServiceGroups(await servicesFromConfig()));
+ configuredServices = filterAllowedServices(perms, idGroups, cleanServiceGroups(await servicesFromConfig()));
} catch (e) {
console.error("Failed to load services.yaml, please check for errors");
if (e) console.error(e.toString());
diff --git a/src/utils/auth/auth-helpers.js b/src/utils/identity/identity-helpers.js
similarity index 51%
rename from src/utils/auth/auth-helpers.js
rename to src/utils/identity/identity-helpers.js
index 59ea2055..5580ced0 100644
--- a/src/utils/auth/auth-helpers.js
+++ b/src/utils/identity/identity-helpers.js
@@ -1,16 +1,16 @@
-import ProxyAuthProvider from "./proxy";
-import NullAuthProvider from "./null";
+import ProxyIdentityProvider from "./proxy";
+import NullIdentityProvider from "./null";
-const AuthProviders = {
- null: NullAuthProvider,
- proxy: ProxyAuthProvider,
+const IdentityProviders = {
+ null: NullIdentityProvider,
+ proxy: ProxyIdentityProvider,
};
function getProviderByKey(key) {
- return AuthProviders[key] || NullAuthProvider;
+ return IdentityProviders[key] || NullIdentityProvider;
}
-function authAllow({ user, groups }, item) {
+function identityAllow({ user, groups }, item) {
const groupAllow =
"allowGroups" in item && item.allowGroups && groups.some((group) => item.allowGroups.includes(group));
const userAllow = "allowUsers" in item && item.allowUsers && item.allowUsers.includes(user);
@@ -19,22 +19,22 @@ function authAllow({ user, groups }, item) {
return userAllow || groupAllow || allowAll;
}
-export function checkAllowedGroup(perms, authGroups, groupName) {
- const testGroup = authGroups.find((group) => group.name === groupName);
- return testGroup ? authAllow(perms, testGroup) : true;
+export function checkAllowedGroup(perms, idGroups, groupName) {
+ const testGroup = idGroups.find((group) => group.name === groupName);
+ return testGroup ? identityAllow(perms, testGroup) : true;
}
-function filterAllowedItems(perms, authGroups, groups, groupKey) {
+function filterAllowedItems(perms, idGroups, groups, groupKey) {
return groups
- .filter((group) => checkAllowedGroup(perms, authGroups, group.name))
+ .filter((group) => checkAllowedGroup(perms, idGroups, group.name))
.map((group) => ({
name: group.name,
- [groupKey]: group[groupKey].filter((item) => authAllow(perms, item)),
+ [groupKey]: group[groupKey].filter((item) => identityAllow(perms, item)),
}))
.filter((group) => group[groupKey].length);
}
-export function readAuthSettings({ provider, groups } = {}) {
+export function readIdentitySettings({ provider, groups } = {}) {
let groupArray = [];
if (groups) {
if (Array.isArray(groups)) {
@@ -53,17 +53,17 @@ export function readAuthSettings({ provider, groups } = {}) {
}
return {
- provider: provider ? getProviderByKey(provider.type).create(provider) : NullAuthProvider.create(),
+ provider: provider ? getProviderByKey(provider.type).create(provider) : NullIdentityProvider.create(),
groups: groupArray,
};
}
-export async function fetchWithAuth(key, context) {
+export async function fetchWithIdentity(key, context) {
return getProviderByKey(context.provider).fetch([key, context]);
}
-export const filterAllowedServices = (perms, authGroups, services) =>
- filterAllowedItems(perms, authGroups, services, "services");
-export const filterAllowedBookmarks = (perms, authGroups, bookmarks) =>
- filterAllowedItems(perms, authGroups, bookmarks, "bookmarks");
-export const filterAllowedWidgets = (perms, widgets) => widgets.filter((widget) => authAllow(perms, widget.options));
+export const filterAllowedServices = (perms, idGroups, services) =>
+ filterAllowedItems(perms, idGroups, services, "services");
+export const filterAllowedBookmarks = (perms, idGroups, bookmarks) =>
+ filterAllowedItems(perms, idGroups, bookmarks, "bookmarks");
+export const filterAllowedWidgets = (perms, widgets) => widgets.filter((widget) => identityAllow(perms, widget.options));
diff --git a/src/utils/auth/null.js b/src/utils/identity/null.js
similarity index 52%
rename from src/utils/auth/null.js
rename to src/utils/identity/null.js
index 659824f1..767fe736 100644
--- a/src/utils/auth/null.js
+++ b/src/utils/identity/null.js
@@ -1,6 +1,6 @@
const NullPermissions = { user: null, groups: [] };
-function createNullAuth() {
+function createNullIdentity() {
return {
authorize: () => NullPermissions,
getContext: () => ({
@@ -9,13 +9,13 @@ function createNullAuth() {
};
}
-async function fetchNullAuth([key]) {
+async function fetchNullIdentity([key]) {
return fetch(key).then((res) => res.json());
}
-const NullAuthProvider = {
- create: createNullAuth,
- fetch: fetchNullAuth,
+const NullIdentityProvider = {
+ create: createNullIdentity,
+ fetch: fetchNullIdentity,
};
-export default NullAuthProvider;
+export default NullIdentityProvider;
diff --git a/src/utils/auth/proxy.js b/src/utils/identity/proxy.js
similarity index 65%
rename from src/utils/auth/proxy.js
rename to src/utils/identity/proxy.js
index 8e32a90e..6f2abf3d 100644
--- a/src/utils/auth/proxy.js
+++ b/src/utils/identity/proxy.js
@@ -1,5 +1,5 @@
-// 'proxy' auth provider is meant to be used by a reverse proxy that injects permission headers into the origin
-// request. In this case we are relying on our proxy to authenitcate our users and validate.
+// 'proxy' identity provider is meant to be used by a reverse proxy that injects permission headers into the origin
+// request. In this case we are relying on our proxy to authenitcate our users and validate their identity.
function getProxyPermissions(userHeader, groupHeader, request) {
const user =
userHeader && request.headers[userHeader.toLowerCase()] ? request.headers[userHeader.toLowerCase()] : null;
@@ -9,7 +9,7 @@ function getProxyPermissions(userHeader, groupHeader, request) {
return { user, groups: groupsString ? groupsString.split("|").map((v) => v.trim()) : [] };
}
-function createProxyAuth({ groupHeader, userHeader }) {
+function createProxyIdentity({ groupHeader, userHeader }) {
return {
getContext: (request) => ({
provider: "proxy",
@@ -18,17 +18,17 @@ function createProxyAuth({ groupHeader, userHeader }) {
...(groupHeader &&
request.headers[groupHeader] && { [groupHeader.toLowerCase()]: request.headers[groupHeader.toLowerCase()] }),
}),
- authorize: (request) => getProxyPermissions(userHeader, groupHeader, request),
+ getIdentity: (request) => getProxyPermissions(userHeader, groupHeader, request),
};
}
-async function fetchProxyAuth([key, context]) {
+async function fetchProxyIdentity([key, context]) {
return fetch(key, { headers: context.headers }).then((res) => res.json());
}
-const ProxyAuthProvider = {
- create: createProxyAuth,
- fetch: fetchProxyAuth,
+const ProxyIdentityProvider = {
+ create: createProxyIdentity,
+ fetch: fetchProxyIdentity,
};
-export default ProxyAuthProvider;
+export default ProxyIdentityProvider;