From f3ec4baf3cf79a775ceeb68dc8b4b6053be00aeb Mon Sep 17 00:00:00 2001 From: Stavros Date: Fri, 20 Jun 2025 11:33:06 +0300 Subject: [PATCH] feat: add support for logging in to a basic auth protected app (#203) --- internal/handlers/handlers.go | 18 ++++++++++++++---- internal/types/config.go | 7 +++++++ internal/utils/utils.go | 12 +++++++++++- 3 files changed, 32 insertions(+), 5 deletions(-) diff --git a/internal/handlers/handlers.go b/internal/handlers/handlers.go index 5060f45..5ba49e0 100644 --- a/internal/handlers/handlers.go +++ b/internal/handlers/handlers.go @@ -119,8 +119,12 @@ func (h *Handlers) AuthHandler(c *gin.Context) { if !authEnabled { headersParsed := utils.ParseHeaders(labels.Headers) for key, value := range headersParsed { - log.Debug().Str("key", key).Str("value", value).Msg("Setting header") - c.Header(key, utils.SanitizeHeader(value)) + log.Debug().Str("key", key).Msg("Setting header") + c.Header(key, value) + } + if labels.Basic.User != "" && labels.Basic.Password != "" { + log.Debug().Str("username", labels.Basic.User).Msg("Setting basic auth headers") + c.Header("Authorization", fmt.Sprintf("Basic %s", utils.GetBasicAuth(labels.Basic.User, labels.Basic.Password))) } c.JSON(200, gin.H{ "status": 200, @@ -242,8 +246,14 @@ func (h *Handlers) AuthHandler(c *gin.Context) { // Set the rest of the headers parsedHeaders := utils.ParseHeaders(labels.Headers) for key, value := range parsedHeaders { - log.Debug().Str("key", key).Str("value", value).Msg("Setting header") - c.Header(key, utils.SanitizeHeader(value)) + log.Debug().Str("key", key).Msg("Setting header") + c.Header(key, value) + } + + // Set basic auth headers if configured + if labels.Basic.User != "" && labels.Basic.Password != "" { + log.Debug().Str("username", labels.Basic.User).Msg("Setting basic auth headers") + c.Header("Authorization", fmt.Sprintf("Basic %s", utils.GetBasicAuth(labels.Basic.User, labels.Basic.Password))) } // The user is allowed to access the app diff --git a/internal/types/config.go b/internal/types/config.go index 788d7bd..80c6805 100644 --- a/internal/types/config.go +++ b/internal/types/config.go @@ -99,11 +99,18 @@ type OAuthLabels struct { Groups string } +// Basic auth labels for a tinyauth protected container +type BasicLabels struct { + User string + Password string +} + // Labels is a struct that contains the labels for a tinyauth protected container type Labels struct { Users string Allowed string Headers []string Domain string + Basic BasicLabels OAuth OAuthLabels } diff --git a/internal/utils/utils.go b/internal/utils/utils.go index 3003bbf..39bd762 100644 --- a/internal/utils/utils.go +++ b/internal/utils/utils.go @@ -1,6 +1,7 @@ package utils import ( + "encoding/base64" "errors" "net/url" "os" @@ -201,7 +202,7 @@ func GetLabels(labels map[string]string) (types.Labels, error) { var labelsParsed types.Labels // Decode the labels into the labels struct - err := parser.Decode(labels, &labelsParsed, "tinyauth", "tinyauth.users", "tinyauth.allowed", "tinyauth.headers", "tinyauth.domain", "tinyauth.oauth") + err := parser.Decode(labels, &labelsParsed, "tinyauth", "tinyauth.users", "tinyauth.allowed", "tinyauth.headers", "tinyauth.domain", "tinyauth.basic", "tinyauth.oauth") // Check if there was an error if err != nil { @@ -358,3 +359,12 @@ func GenerateIdentifier(str string) string { // Convert the UUID to a string return strings.Split(uuidString, "-")[0] } + +// Get a basic auth header from a username and password +func GetBasicAuth(username string, password string) string { + // Create the auth string + auth := username + ":" + password + + // Encode the auth string to base64 + return base64.StdEncoding.EncodeToString([]byte(auth)) +}