lumin/phoenix
1
0
Fork 0
mirror of https://github.com/ordinary-dev/phoenix synced 2024-09-19 19:30:28 +05:00
Code Issues Actions Packages Projects Releases Wiki Activity

Add support for basic SSO via Trusted Header Auth

Browse source
This commit is contained in:
James Mills 2023-08-28 00:26:16 +10:00
parent 5df95b26d9
commit e827f0cb23
No known key found for this signature in database
GPG key ID: AC4C014F1440EBD6
4 changed files with 27 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
.gitignore vendored
View file

@ -1,2 +1,7 @@
*.sqlite3 *~
*.db *.db
*.bak
*.sqlite3
**/.DS_Store
/phoenix

1
config/main.go
View file

@ -12,6 +12,7 @@ type Config struct {
LogLevel string `default:"warning"` LogLevel string `default:"warning"`
EnableGinLogger bool `default:"false"` EnableGinLogger bool `default:"false"`
Production bool `default:"true"` Production bool `default:"true"`
HeaderAuth bool `default:"false"`
DefaultUsername string DefaultUsername string
DefaultPassword string DefaultPassword string
} }

2
readme.md
View file

@ -8,6 +8,7 @@ Self-hosted start page without the extra stuff.
- No javascript - No javascript
- Relatively low resource consumption (around 7 MiB of RAM) - Relatively low resource consumption (around 7 MiB of RAM)
- Authorization support - Authorization support
- SSO via Trusted Header Auth (_Reverse Proxy_)
## Configuration ## Configuration
Service settings can be set through environment variables. Service settings can be set through environment variables.
@ -19,6 +20,7 @@ Service settings can be set through environment variables.
| P_LOGLEVEL | Log level settings: `debug`, `info`, `warning`, `error`, `fatal` | `warning` | | P_LOGLEVEL | Log level settings: `debug`, `info`, `warning`, `error`, `fatal` | `warning` |
| P_ENABLEGINLOGGER | Enable gin's logging middleware. Can create a lot of logs. | `false` | | P_ENABLEGINLOGGER | Enable gin's logging middleware. Can create a lot of logs. | `false` |
| P_PRODUCTION | Is this instance running in production mode? | `true` | | P_PRODUCTION | Is this instance running in production mode? | `true` |
| P_HEADERAUTH | Enable Trusted Header Auth (SSO) | `false` |
| P_DEFAULTUSERNAME | Data for the first user. | | | P_DEFAULTUSERNAME | Data for the first user. | |
| P_DEFAULTPASSWORD | Data for the first user. | | | P_DEFAULTPASSWORD | Data for the first user. | |

25
views/auth.go
View file

@ -3,13 +3,14 @@ package views
import ( import (
"errors" "errors"
"fmt" "fmt"
"net/http"
"time"
"github.com/gin-gonic/gin" "github.com/gin-gonic/gin"
"github.com/golang-jwt/jwt/v5" "github.com/golang-jwt/jwt/v5"
"github.com/ordinary-dev/phoenix/config" "github.com/ordinary-dev/phoenix/config"
"github.com/ordinary-dev/phoenix/database" "github.com/ordinary-dev/phoenix/database"
"gorm.io/gorm" "gorm.io/gorm"
"net/http"
"time"
) )
func ShowRegistrationForm(c *gin.Context, db *gorm.DB) { func ShowRegistrationForm(c *gin.Context, db *gorm.DB) {
@ -69,13 +70,23 @@ func RequireAuth(c *gin.Context, cfg *config.Config) (*jwt.RegisteredClaims, err
func AuthMiddleware(c *gin.Context, db *gorm.DB, cfg *config.Config) { func AuthMiddleware(c *gin.Context, db *gorm.DB, cfg *config.Config) {
claims, err := RequireAuth(c, cfg) claims, err := RequireAuth(c, cfg)
if err != nil { if err != nil {
if database.CountAdmins(db) < 1 { if cfg.HeaderAuth && c.Request.Header.Get("Remote-User") != "" {
c.Redirect(http.StatusFound, "/registration") // Generate access token.
token, err := GetJWTToken(cfg)
if err != nil {
ShowError(c, err)
return
}
SetTokenCookie(c, token)
} else { } else {
c.Redirect(http.StatusFound, "/signin") if database.CountAdmins(db) < 1 {
c.Redirect(http.StatusFound, "/registration")
} else {
c.Redirect(http.StatusFound, "/signin")
}
c.Abort()
return
} }
c.Abort()
return
} }
// Create a new token if the old one is about to expire // Create a new token if the old one is about to expire