Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Enable forms based auth and proxy auth #15450

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Enable forms based auth and proxy auth #15450

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
40 changes: 22 additions & 18 deletions frigate/api/auth.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -180,28 +180,32 @@ def auth():

fail_response = make_response({}, 401)

# ensure the proxy secret matches if configured
# if the request is coming from a proxy with a auth header attempt header auth
if (
proxy_config.auth_secret is not None
and request.headers.get("x-proxy-secret", "", type=str)
!= proxy_config.auth_secret
auth_config.trusted_proxies is not None
and proxy_config.header_map.user is not None
and proxy_config.header_map.user in request.headers
):
logger.debug("X-Proxy-Secret header does not match configured secret value")
return fail_response
# ensure the proxy secret matches if configured
if (
proxy_config.auth_secret is not None
and request.headers.get("x-proxy-secret", "", type=str)
!= proxy_config.auth_secret
):
logger.debug("X-Proxy-Secret header does not match configured secret value")
return fail_response

# if auth is disabled, just apply the proxy header map and return success
upstream_user_header_value = request.headers.get(
proxy_config.header_map.user,
type=str,
default="anonymous",
)
success_response.headers["remote-user"] = upstream_user_header_value
return success_response

# if auth is disabled, return success
if not auth_config.enabled:
# pass the user header value from the upstream proxy if a mapping is specified
# or use anonymous if none are specified
if proxy_config.header_map.user is not None:
upstream_user_header_value = request.headers.get(
proxy_config.header_map.user,
type=str,
default="anonymous",
)
success_response.headers["remote-user"] = upstream_user_header_value
else:
success_response.headers["remote-user"] = "anonymous"
success_response.headers["remote-user"] = "anonymous"
return success_response

# now apply authentication
Expand Down
Loading