mirror of
https://github.com/ordinary-dev/phoenix
synced 2024-09-20 03:40:29 +05:00
Merge pull request #40 from prologic/sso_header_auth
Add support for basic SSO via Trusted Header Auth
This commit is contained in:
commit
f129268c9f
7
.gitignore
vendored
7
.gitignore
vendored
|
@ -1,2 +1,7 @@
|
||||||
*.sqlite3
|
*~
|
||||||
*.db
|
*.db
|
||||||
|
*.bak
|
||||||
|
*.sqlite3
|
||||||
|
**/.DS_Store
|
||||||
|
|
||||||
|
/phoenix
|
||||||
|
|
|
@ -12,6 +12,7 @@ type Config struct {
|
||||||
LogLevel string `default:"warning"`
|
LogLevel string `default:"warning"`
|
||||||
EnableGinLogger bool `default:"false"`
|
EnableGinLogger bool `default:"false"`
|
||||||
Production bool `default:"true"`
|
Production bool `default:"true"`
|
||||||
|
HeaderAuth bool `default:"false"`
|
||||||
DefaultUsername string
|
DefaultUsername string
|
||||||
DefaultPassword string
|
DefaultPassword string
|
||||||
}
|
}
|
||||||
|
|
|
@ -8,6 +8,7 @@ Self-hosted start page without the extra stuff.
|
||||||
- No javascript
|
- No javascript
|
||||||
- Relatively low resource consumption (around 7 MiB of RAM)
|
- Relatively low resource consumption (around 7 MiB of RAM)
|
||||||
- Authorization support
|
- Authorization support
|
||||||
|
- SSO via Trusted Header Auth (_Reverse Proxy_)
|
||||||
|
|
||||||
## Configuration
|
## Configuration
|
||||||
Service settings can be set through environment variables.
|
Service settings can be set through environment variables.
|
||||||
|
@ -19,6 +20,7 @@ Service settings can be set through environment variables.
|
||||||
| P_LOGLEVEL | Log level settings: `debug`, `info`, `warning`, `error`, `fatal` | `warning` |
|
| P_LOGLEVEL | Log level settings: `debug`, `info`, `warning`, `error`, `fatal` | `warning` |
|
||||||
| P_ENABLEGINLOGGER | Enable gin's logging middleware. Can create a lot of logs. | `false` |
|
| P_ENABLEGINLOGGER | Enable gin's logging middleware. Can create a lot of logs. | `false` |
|
||||||
| P_PRODUCTION | Is this instance running in production mode? | `true` |
|
| P_PRODUCTION | Is this instance running in production mode? | `true` |
|
||||||
|
| P_HEADERAUTH | Enable Trusted Header Auth (SSO) | `false` |
|
||||||
| P_DEFAULTUSERNAME | Data for the first user. | |
|
| P_DEFAULTUSERNAME | Data for the first user. | |
|
||||||
| P_DEFAULTPASSWORD | Data for the first user. | |
|
| P_DEFAULTPASSWORD | Data for the first user. | |
|
||||||
|
|
||||||
|
|
|
@ -3,13 +3,14 @@ package views
|
||||||
import (
|
import (
|
||||||
"errors"
|
"errors"
|
||||||
"fmt"
|
"fmt"
|
||||||
|
"net/http"
|
||||||
|
"time"
|
||||||
|
|
||||||
"github.com/gin-gonic/gin"
|
"github.com/gin-gonic/gin"
|
||||||
"github.com/golang-jwt/jwt/v5"
|
"github.com/golang-jwt/jwt/v5"
|
||||||
"github.com/ordinary-dev/phoenix/config"
|
"github.com/ordinary-dev/phoenix/config"
|
||||||
"github.com/ordinary-dev/phoenix/database"
|
"github.com/ordinary-dev/phoenix/database"
|
||||||
"gorm.io/gorm"
|
"gorm.io/gorm"
|
||||||
"net/http"
|
|
||||||
"time"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
func ShowRegistrationForm(c *gin.Context, db *gorm.DB) {
|
func ShowRegistrationForm(c *gin.Context, db *gorm.DB) {
|
||||||
|
@ -69,6 +70,17 @@ func RequireAuth(c *gin.Context, cfg *config.Config) (*jwt.RegisteredClaims, err
|
||||||
func AuthMiddleware(c *gin.Context, db *gorm.DB, cfg *config.Config) {
|
func AuthMiddleware(c *gin.Context, db *gorm.DB, cfg *config.Config) {
|
||||||
claims, err := RequireAuth(c, cfg)
|
claims, err := RequireAuth(c, cfg)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
if cfg.HeaderAuth && c.Request.Header.Get("Remote-User") != "" {
|
||||||
|
// Generate access token.
|
||||||
|
token, err := GetJWTToken(cfg)
|
||||||
|
if err != nil {
|
||||||
|
ShowError(c, err)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
SetTokenCookie(c, token)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
if database.CountAdmins(db) < 1 {
|
if database.CountAdmins(db) < 1 {
|
||||||
c.Redirect(http.StatusFound, "/registration")
|
c.Redirect(http.StatusFound, "/registration")
|
||||||
} else {
|
} else {
|
||||||
|
|
Loading…
Reference in a new issue