docs: regenerate readme sponsors list

README.md

@@ -53,7 +53,7 @@ Tinyauth is licensed under the GNU General Public License v3.0. TL;DR — You ma
 
 A big thank you to the following people for providing me with more coffee:
 
-<!-- sponsors --><a href="https://github.com/erwinkramer"><img src="https:&#x2F;&#x2F;github.com&#x2F;erwinkramer.png" width="64px" alt="User avatar: erwinkramer" /></a>&nbsp;&nbsp;<a href="https://github.com/nicotsx"><img src="https:&#x2F;&#x2F;github.com&#x2F;nicotsx.png" width="64px" alt="User avatar: nicotsx" /></a>&nbsp;&nbsp;<a href="https://github.com/SimpleHomelab"><img src="https:&#x2F;&#x2F;github.com&#x2F;SimpleHomelab.png" width="64px" alt="User avatar: SimpleHomelab" /></a>&nbsp;&nbsp;<a href="https://github.com/jmadden91"><img src="https:&#x2F;&#x2F;github.com&#x2F;jmadden91.png" width="64px" alt="User avatar: jmadden91" /></a>&nbsp;&nbsp;<a href="https://github.com/tribor"><img src="https:&#x2F;&#x2F;github.com&#x2F;tribor.png" width="64px" alt="User avatar: tribor" /></a>&nbsp;&nbsp;<a href="https://github.com/eliasbenb"><img src="https:&#x2F;&#x2F;github.com&#x2F;eliasbenb.png" width="64px" alt="User avatar: eliasbenb" /></a>&nbsp;&nbsp;<!-- sponsors -->
+<!-- sponsors --><a href="https://github.com/erwinkramer"><img src="https:&#x2F;&#x2F;github.com&#x2F;erwinkramer.png" width="64px" alt="User avatar: erwinkramer" /></a>&nbsp;&nbsp;<a href="https://github.com/nicotsx"><img src="https:&#x2F;&#x2F;github.com&#x2F;nicotsx.png" width="64px" alt="User avatar: nicotsx" /></a>&nbsp;&nbsp;<a href="https://github.com/SimpleHomelab"><img src="https:&#x2F;&#x2F;github.com&#x2F;SimpleHomelab.png" width="64px" alt="User avatar: SimpleHomelab" /></a>&nbsp;&nbsp;<a href="https://github.com/jmadden91"><img src="https:&#x2F;&#x2F;github.com&#x2F;jmadden91.png" width="64px" alt="User avatar: jmadden91" /></a>&nbsp;&nbsp;<a href="https://github.com/tribor"><img src="https:&#x2F;&#x2F;github.com&#x2F;tribor.png" width="64px" alt="User avatar: tribor" /></a>&nbsp;&nbsp;<a href="https://github.com/eliasbenb"><img src="https:&#x2F;&#x2F;github.com&#x2F;eliasbenb.png" width="64px" alt="User avatar: eliasbenb" /></a>&nbsp;&nbsp;<a href="https://github.com/afunworm"><img src="https:&#x2F;&#x2F;github.com&#x2F;afunworm.png" width="64px" alt="User avatar: afunworm" /></a>&nbsp;&nbsp;<!-- sponsors -->
 
 ## Acknowledgements
 

frontend/src/lib/i18n/locales/ar-SA.json

@@ -19,7 +19,7 @@
     "continueInvalidRedirectTitle": "إعادة توجيه غير صالحة",
     "continueInvalidRedirectSubtitle": "رابط إعادة التوجيه غير صالح",
     "continueInsecureRedirectTitle": "إعادة توجيه غير آمنة",
-    "continueInsecureRedirectSubtitle": "You are trying to redirect from <code>https</code> to <code>http</code> which is not secure. Are you sure you want to continue?",
+    "continueInsecureRedirectSubtitle": "أنت تحاول إعادة التوجيه من <code>https</code> إلى <code>http</code>، هل أنت متأكد أنك تريد المتابعة؟",
     "continueTitle": "متابعة",
     "continueSubtitle": "انقر الزر للمتابعة إلى التطبيق الخاص بك.",
     "logoutFailTitle": "فشل تسجيل الخروج",
@@ -45,7 +45,7 @@
     "unauthorizedIpSubtitle": "Your IP address <code>{{ip}}</code> is not authorized to access the resource <code>{{resource}}</code>.",
     "unauthorizedButton": "حاول مجددا",
     "untrustedRedirectTitle": "إعادة توجيه غير موثوقة",
-    "untrustedRedirectSubtitle": "You are trying to redirect to a domain that does not match your configured domain (<code>{{domain}}</code>). Are you sure you want to continue?",
+    "untrustedRedirectSubtitle": "أنت تحاول إعادة التوجيه إلى نطاق لا يتطابق مع النطاق المكون الخاص بك (<code>{{domain}}</code>). هل أنت متأكد من أنك تريد المتابعة؟",
     "cancelTitle": "إلغاء",
     "forgotPasswordTitle": "نسيت كلمة المرور؟",
     "failedToFetchProvidersTitle": "Failed to load authentication providers. Please check your configuration.",

internal/auth/auth.go

@@ -452,10 +452,7 @@ func (auth *Auth) GetBasicAuth(c *gin.Context) *types.User {
 	}
 }
 
-func (auth *Auth) CheckIP(c *gin.Context, labels types.Labels) bool {
+func (auth *Auth) CheckIP(labels types.Labels, ip string) bool {
-	// Get the IP address from the request
-	ip := c.ClientIP()
-
 	// Check if the IP is in block list
 	for _, blocked := range labels.IP.Block {
 		res, err := utils.FilterIP(blocked, ip)
@@ -492,3 +489,22 @@ func (auth *Auth) CheckIP(c *gin.Context, labels types.Labels) bool {
 
 	return true
 }
+
+func (auth *Auth) BypassedIP(labels types.Labels, ip string) bool {
+	// For every IP in the bypass list, check if the IP matches
+	for _, bypassed := range labels.IP.Bypass {
+		res, err := utils.FilterIP(bypassed, ip)
+		if err != nil {
+			log.Warn().Err(err).Str("item", bypassed).Msg("Invalid IP/CIDR in bypass list")
+			continue
+		}
+		if res {
+			log.Debug().Str("ip", ip).Str("item", bypassed).Msg("IP is in bypass list, allowing access")
+			return true
+		}
+	}
+
+	log.Debug().Str("ip", ip).Msg("IP not in bypass list, continuing with authentication")
+
+	return false
+}

internal/handlers/handlers.go

@@ -96,11 +96,29 @@ func (h *Handlers) AuthHandler(c *gin.Context) {
 		return
 	}
 
-	// Check if the IP is allowed/blocked
+	// Get client IP
 	ip := c.ClientIP()
-	if !h.Auth.CheckIP(c, labels) {
-		log.Warn().Str("ip", ip).Msg("IP not allowed")
 
+	// Check if the IP is in bypass list
+	if h.Auth.BypassedIP(labels, ip) {
+		headersParsed := utils.ParseHeaders(labels.Headers)
+		for key, value := range headersParsed {
+			log.Debug().Str("key", key).Msg("Setting header")
+			c.Header(key, value)
+		}
+		if labels.Basic.Username != "" && utils.GetSecret(labels.Basic.Password.Plain, labels.Basic.Password.File) != "" {
+			log.Debug().Str("username", labels.Basic.Username).Msg("Setting basic auth headers")
+			c.Header("Authorization", fmt.Sprintf("Basic %s", utils.GetBasicAuth(labels.Basic.Username, utils.GetSecret(labels.Basic.Password.Plain, labels.Basic.Password.File))))
+		}
+		c.JSON(200, gin.H{
+			"status":  200,
+			"message": "Authenticated",
+		})
+		return
+	}
+
+	// Check if the IP is allowed/blocked
+	if !h.Auth.CheckIP(labels, ip) {
 		if proxy.Proxy == "nginx" || !isBrowser {
 			c.JSON(403, gin.H{
 				"status":  403,

internal/types/config.go

@@ -122,6 +122,7 @@ type PassowrdLabels struct {
 type IPLabels struct {
 	Allow  []string
 	Block  []string
+	Bypass []string
 }
 
 // Labels is a struct that contains the labels for a tinyauth protected container