Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

User auth via proxy request header #594

Closed
wants to merge 2 commits into from
Closed

User auth via proxy request header #594

wants to merge 2 commits into from

Conversation

chain710
Copy link
Contributor

The Auth Proxy enables user authentication using an HTTP header from an external authentication service. I propose adding two arguments in serve command:

  1. reverse-proxy-auth-user: This argument specifies the name of the proxy authentication HTTP header, such as X-Auth-User.
  2. trusted-proxies: This argument ensures that the auth-proxy is only used when requests come from trusted IP addresses.

Use case:

  1. Authentication is provided by either Authelia or Keycloak.
  2. Nginx passes the X-Auth-User header to Shiori, which comes from the authentication provider.
  3. Shiori looks up the user in the database and returns a session.

Let me know if you have any further questions or if you'd like me to make any additional revisions.

Reference:

https://grafana.com/docs/grafana/latest/setup-grafana/configure-security/configure-authentication/auth-proxy/
gogs/gogs#165
miniflux/v2#570

@chain710
User auth via proxy request header
ac4f6c4 
Auth Proxy allows to authenticate a user using an HTTP header provided by an external authentication service.
@cycomanic
Copy link

I'm very interested in seeing this merged. However it would be great if the arguments could also be specified via environment variables, making the feature easier to use in docker containers

@fmartingr
Copy link
Member

Hey @chain710, thanks for the contribution! Before I jump into the code reviews again, do you have any easy guidelines to check this feature locally? It would help when I clone and review this, so I can also check how it works.

I would also follow @cycomanic's comment, to make it more configurable for the admins. What do you think?

@fmartingr fmartingr self-requested a review June 11, 2023 15:48
@fmartingr fmartingr removed their request for review January 13, 2024 08:44
@PterX
Copy link

PterX commented Jan 27, 2024

This is a very useful feature, any progress?

@fmartingr
Copy link
Member

This is a very useful feature, any progress?

I guess is stalled, I wanted to test it properly to prepare for a potential e2e test but didn't get any response since then. If you want to continue the work feel free to do so. Keep in mind that some things have changed since then since we are currently migrating the server to a different library, though implementing this should be easier now (I hope!)

@PterX
Copy link

PterX commented Feb 7, 2024

This is a very useful feature, any progress?

I guess is stalled, I wanted to test it properly to prepare for a potential e2e test but didn't get any response since then. If you want to continue the work feel free to do so. Keep in mind that some things have changed since then since we are currently migrating the server to a different library, though implementing this should be easier now (I hope!)

#836 I was push a pr, please check it

@fmartingr fmartingr mentioned this pull request Feb 7, 2024
Merged
@PterX PterX mentioned this pull request Mar 17, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@chain710 chain710

Labels
tag:waiting-for-assignee
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@chain710 @cycomanic @fmartingr @PterX