New translations en.json (Arabic) (#245 )

feat: add support for bypassing authentication for specific IPs
2025-10-29 05:05:42 +00:00 · 2025-07-10 01:00:34 +03:00 · 2025-07-10 00:53:22 +03:00
4 changed files with 46 additions and 11 deletions
--- a/frontend/src/lib/i18n/locales/ar-SA.json
+++ b/frontend/src/lib/i18n/locales/ar-SA.json
@@ -19,7 +19,7 @@
    "continueInvalidRedirectTitle": "إعادة توجيه غير صالحة",
    "continueInvalidRedirectSubtitle": "رابط إعادة التوجيه غير صالح",
    "continueInsecureRedirectTitle": "إعادة توجيه غير آمنة",
-    "continueInsecureRedirectSubtitle": "You are trying to redirect from <code>https</code> to <code>http</code> which is not secure. Are you sure you want to continue?",
+    "continueInsecureRedirectSubtitle": "أنت تحاول إعادة التوجيه من <code>https</code> إلى <code>http</code>، هل أنت متأكد أنك تريد المتابعة؟",
    "continueTitle": "متابعة",
    "continueSubtitle": "انقر الزر للمتابعة إلى التطبيق الخاص بك.",
    "logoutFailTitle": "فشل تسجيل الخروج",
@@ -45,7 +45,7 @@
    "unauthorizedIpSubtitle": "Your IP address <code>{{ip}}</code> is not authorized to access the resource <code>{{resource}}</code>.",
    "unauthorizedButton": "حاول مجددا",
    "untrustedRedirectTitle": "إعادة توجيه غير موثوقة",
-    "untrustedRedirectSubtitle": "You are trying to redirect to a domain that does not match your configured domain (<code>{{domain}}</code>). Are you sure you want to continue?",
+    "untrustedRedirectSubtitle": "أنت تحاول إعادة التوجيه إلى نطاق لا يتطابق مع النطاق المكون الخاص بك (<code>{{domain}}</code>). هل أنت متأكد من أنك تريد المتابعة؟",
    "cancelTitle": "إلغاء",
    "forgotPasswordTitle": "نسيت كلمة المرور؟",
    "failedToFetchProvidersTitle": "Failed to load authentication providers. Please check your configuration.",
--- a/internal/auth/auth.go
+++ b/internal/auth/auth.go
@@ -452,10 +452,7 @@ func (auth *Auth) GetBasicAuth(c *gin.Context) *types.User {
 	}
 }

-func (auth *Auth) CheckIP(c *gin.Context, labels types.Labels) bool {
-	// Get the IP address from the request
-	ip := c.ClientIP()
-
+func (auth *Auth) CheckIP(labels types.Labels, ip string) bool {
 	// Check if the IP is in block list
 	for _, blocked := range labels.IP.Block {
 		res, err := utils.FilterIP(blocked, ip)
@@ -492,3 +489,22 @@ func (auth *Auth) CheckIP(c *gin.Context, labels types.Labels) bool {

 	return true
 }
+
+func (auth *Auth) BypassedIP(labels types.Labels, ip string) bool {
+	// For every IP in the bypass list, check if the IP matches
+	for _, bypassed := range labels.IP.Bypass {
+		res, err := utils.FilterIP(bypassed, ip)
+		if err != nil {
+			log.Warn().Err(err).Str("item", bypassed).Msg("Invalid IP/CIDR in bypass list")
+			continue
+		}
+		if res {
+			log.Debug().Str("ip", ip).Str("item", bypassed).Msg("IP is in bypass list, allowing access")
+			return true
+		}
+	}
+
+	log.Debug().Str("ip", ip).Msg("IP not in bypass list, continuing with authentication")
+
+	return false
+}
--- a/internal/handlers/handlers.go
+++ b/internal/handlers/handlers.go
@@ -96,11 +96,29 @@ func (h *Handlers) AuthHandler(c *gin.Context) {
 		return
 	}

-	// Check if the IP is allowed/blocked
+	// Get client IP
 	ip := c.ClientIP()
-	if !h.Auth.CheckIP(c, labels) {
-		log.Warn().Str("ip", ip).Msg("IP not allowed")

+	// Check if the IP is in bypass list
+	if h.Auth.BypassedIP(labels, ip) {
+		headersParsed := utils.ParseHeaders(labels.Headers)
+		for key, value := range headersParsed {
+			log.Debug().Str("key", key).Msg("Setting header")
+			c.Header(key, value)
+		}
+		if labels.Basic.Username != "" && utils.GetSecret(labels.Basic.Password.Plain, labels.Basic.Password.File) != "" {
+			log.Debug().Str("username", labels.Basic.Username).Msg("Setting basic auth headers")
+			c.Header("Authorization", fmt.Sprintf("Basic %s", utils.GetBasicAuth(labels.Basic.Username, utils.GetSecret(labels.Basic.Password.Plain, labels.Basic.Password.File))))
+		}
+		c.JSON(200, gin.H{
+			"status":  200,
+			"message": "Authenticated",
+		})
+		return
+	}
+
+	// Check if the IP is allowed/blocked
+	if !h.Auth.CheckIP(labels, ip) {
 		if proxy.Proxy == "nginx" || !isBrowser {
 			c.JSON(403, gin.H{
 				"status":  403,
--- a/internal/types/config.go
+++ b/internal/types/config.go
@@ -120,8 +120,9 @@ type PassowrdLabels struct {

 // IP labels for a tinyauth protected container
 type IPLabels struct {
-	Allow []string
-	Block []string
+	Allow  []string
+	Block  []string
+	Bypass []string
 }

 // Labels is a struct that contains the labels for a tinyauth protected container
Author	SHA1	Message	Date
Stavros	fe440a6f2e	New translations en.json (Arabic) (#245 )	2025-07-10 01:00:34 +03:00
Stavros	0ace88a877	feat: add support for bypassing authentication for specific IPs	2025-07-10 00:53:22 +03:00