mirror of
https://github.com/ordinary-dev/phoenix
synced 2024-09-19 19:30:28 +05:00
Add support for basic SSO via Trusted Header Auth
This commit is contained in:
parent
5df95b26d9
commit
e827f0cb23
7
.gitignore
vendored
7
.gitignore
vendored
|
@ -1,2 +1,7 @@
|
|||
*.sqlite3
|
||||
*~
|
||||
*.db
|
||||
*.bak
|
||||
*.sqlite3
|
||||
**/.DS_Store
|
||||
|
||||
/phoenix
|
||||
|
|
|
@ -12,6 +12,7 @@ type Config struct {
|
|||
LogLevel string `default:"warning"`
|
||||
EnableGinLogger bool `default:"false"`
|
||||
Production bool `default:"true"`
|
||||
HeaderAuth bool `default:"false"`
|
||||
DefaultUsername string
|
||||
DefaultPassword string
|
||||
}
|
||||
|
|
|
@ -8,6 +8,7 @@ Self-hosted start page without the extra stuff.
|
|||
- No javascript
|
||||
- Relatively low resource consumption (around 7 MiB of RAM)
|
||||
- Authorization support
|
||||
- SSO via Trusted Header Auth (_Reverse Proxy_)
|
||||
|
||||
## Configuration
|
||||
Service settings can be set through environment variables.
|
||||
|
@ -19,6 +20,7 @@ Service settings can be set through environment variables.
|
|||
| P_LOGLEVEL | Log level settings: `debug`, `info`, `warning`, `error`, `fatal` | `warning` |
|
||||
| P_ENABLEGINLOGGER | Enable gin's logging middleware. Can create a lot of logs. | `false` |
|
||||
| P_PRODUCTION | Is this instance running in production mode? | `true` |
|
||||
| P_HEADERAUTH | Enable Trusted Header Auth (SSO) | `false` |
|
||||
| P_DEFAULTUSERNAME | Data for the first user. | |
|
||||
| P_DEFAULTPASSWORD | Data for the first user. | |
|
||||
|
||||
|
|
|
@ -3,13 +3,14 @@ package views
|
|||
import (
|
||||
"errors"
|
||||
"fmt"
|
||||
"net/http"
|
||||
"time"
|
||||
|
||||
"github.com/gin-gonic/gin"
|
||||
"github.com/golang-jwt/jwt/v5"
|
||||
"github.com/ordinary-dev/phoenix/config"
|
||||
"github.com/ordinary-dev/phoenix/database"
|
||||
"gorm.io/gorm"
|
||||
"net/http"
|
||||
"time"
|
||||
)
|
||||
|
||||
func ShowRegistrationForm(c *gin.Context, db *gorm.DB) {
|
||||
|
@ -69,6 +70,15 @@ func RequireAuth(c *gin.Context, cfg *config.Config) (*jwt.RegisteredClaims, err
|
|||
func AuthMiddleware(c *gin.Context, db *gorm.DB, cfg *config.Config) {
|
||||
claims, err := RequireAuth(c, cfg)
|
||||
if err != nil {
|
||||
if cfg.HeaderAuth && c.Request.Header.Get("Remote-User") != "" {
|
||||
// Generate access token.
|
||||
token, err := GetJWTToken(cfg)
|
||||
if err != nil {
|
||||
ShowError(c, err)
|
||||
return
|
||||
}
|
||||
SetTokenCookie(c, token)
|
||||
} else {
|
||||
if database.CountAdmins(db) < 1 {
|
||||
c.Redirect(http.StatusFound, "/registration")
|
||||
} else {
|
||||
|
@ -77,6 +87,7 @@ func AuthMiddleware(c *gin.Context, db *gorm.DB, cfg *config.Config) {
|
|||
c.Abort()
|
||||
return
|
||||
}
|
||||
}
|
||||
|
||||
// Create a new token if the old one is about to expire
|
||||
if time.Now().Add(12 * time.Hour).After(claims.ExpiresAt.Time) {
|
||||
|
|
Loading…
Reference in a new issue