barbercollie/tinyauth
1
0
Fork 1
mirror of https://github.com/steveiliop56/tinyauth.git synced 2025-10-28 12:45:47 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: add support for nginx/nginx proxy manager (breaking)

Browse Source
This commit is contained in:
Stavros
2025-02-07 16:36:47 +02:00
parent 87393d3c64
commit ce567ae3de
3 changed files with 88 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@@ -5,7 +5,7 @@ internal/assets/dist
tinyauth tinyauth
# test docker compose # test docker compose
docker-compose.test.yml docker-compose.test*
# users file # users file
users.txt users.txt

104
internal/api/api.go
View File

@@ -95,8 +95,17 @@ func (api *API) Init() {
} }
func (api *API) SetupRoutes() { func (api *API) SetupRoutes() {
api.Router.GET("/api/auth", func(c *gin.Context) { api.Router.GET("/api/auth/:proxy", func(c *gin.Context) {
log.Debug().Msg("Checking auth") var proxy types.Proxy
bindErr := c.BindUri(&proxy)
if api.handleError(c, "Failed to bind URI", bindErr) {
return
}
log.Debug().Interface("proxy", proxy.Proxy).Msg("Got proxy")
userContext := api.Hooks.UseUserContext(c) userContext := api.Hooks.UseUserContext(c)
uri := c.Request.Header.Get("X-Forwarded-Uri") uri := c.Request.Header.Get("X-Forwarded-Uri")
@@ -108,22 +117,59 @@ func (api *API) SetupRoutes() {
appAllowed, appAllowedErr := api.Auth.ResourceAllowed(userContext, host) appAllowed, appAllowedErr := api.Auth.ResourceAllowed(userContext, host)
log.Debug().Bool("appAllowed", appAllowed).Msg("Checking if user is allowed") if appAllowedErr != nil {
switch proxy.Proxy {
if api.handleError(c, "Failed to check if resource is allowed", appAllowedErr) { case "nginx":
return log.Error().Err(appAllowedErr).Msg("Failed to check if resource is allowed")
c.JSON(501, gin.H{
"status": 501,
"message": "Internal Server Error",
})
return
default:
if api.handleError(c, "Failed to check if resource is allowed", appAllowedErr) {
return
}
}
} }
log.Debug().Bool("appAllowed", appAllowed).Msg("Checking if app is allowed")
if !appAllowed { if !appAllowed {
log.Warn().Str("username", userContext.Username).Str("host", host).Msg("User not allowed") log.Warn().Str("username", userContext.Username).Str("host", host).Msg("User not allowed")
queries, queryErr := query.Values(types.UnauthorizedQuery{ queries, queryErr := query.Values(types.UnauthorizedQuery{
Username: userContext.Username, Username: userContext.Username,
Resource: strings.Split(host, ".")[0], Resource: strings.Split(host, ".")[0],
}) })
if api.handleError(c, "Failed to build query", queryErr) {
if queryErr != nil {
switch proxy.Proxy {
case "nginx":
log.Error().Err(queryErr).Msg("Failed to build query")
c.JSON(501, gin.H{
"status": 501,
"message": "Internal Server Error",
})
return
default:
if api.handleError(c, "Failed to build query", queryErr) {
return
}
}
}
switch proxy.Proxy {
case "nginx":
c.JSON(401, gin.H{
"status": 401,
"message": "Unauthorized",
})
return
default:
c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/unauthorized?%s", api.Config.AppURL, queries.Encode()))
return return
} }
c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/unauthorized?%s", api.Config.AppURL, queries.Encode()))
} }
c.JSON(200, gin.H{ c.JSON(200, gin.H{
@@ -133,22 +179,38 @@ func (api *API) SetupRoutes() {
return return
} }
queries, queryErr := query.Values(types.LoginQuery{ switch proxy.Proxy {
RedirectURI: fmt.Sprintf("%s://%s%s", proto, host, uri), case "nginx":
}) c.JSON(401, gin.H{
"status": 401,
log.Debug().Interface("redirect_uri", fmt.Sprintf("%s://%s%s", proto, host, uri)).Msg("Redirecting to login") "message": "Unauthorized",
if queryErr != nil {
log.Error().Err(queryErr).Msg("Failed to build query")
c.JSON(501, gin.H{
"status": 501,
"message": "Internal Server Error",
}) })
return return
} default:
queries, queryErr := query.Values(types.LoginQuery{
RedirectURI: fmt.Sprintf("%s://%s%s", proto, host, uri),
})
c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/?%s", api.Config.AppURL, queries.Encode())) log.Debug().Interface("redirect_uri", fmt.Sprintf("%s://%s%s", proto, host, uri)).Msg("Redirecting to login")
if queryErr != nil {
switch proxy.Proxy {
case "nginx":
log.Error().Err(queryErr).Msg("Failed to build query")
c.JSON(501, gin.H{
"status": 501,
"message": "Internal Server Error",
})
return
default:
if api.handleError(c, "Failed to build query", queryErr) {
return
}
}
}
c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/?%s", api.Config.AppURL, queries.Encode()))
}
}) })
api.Router.POST("/api/login", func(c *gin.Context) { api.Router.POST("/api/login", func(c *gin.Context) {

4
internal/types/types.go
View File

@@ -110,3 +110,7 @@ type TinyauthLabels struct {
type TailscaleQuery struct { type TailscaleQuery struct {
Code int `url:"code"` Code int `url:"code"`
} }
type Proxy struct {
Proxy string `uri:"proxy" binding:"required"`
}