feat(auth): enable auth by proxy header

sct#1638
acortelyou · Jun 22, 2021 · 64bfcb6 · 64bfcb6
1 parent b71c073
commit 64bfcb6
Show file tree

Hide file tree

Showing 3 changed files with 46 additions and 5 deletions.
diff --git a/server/lib/settings.ts b/server/lib/settings.ts
@@ -88,6 +88,7 @@ export interface MainSettings {
   region: string;
   originalLanguage: string;
   trustProxy: boolean;
+  authProxyHeader: string;
   partialRequestsEnabled: boolean;
   locale: string;
 }
@@ -254,6 +255,7 @@ class Settings {
         region: '',
         originalLanguage: '',
         trustProxy: false,
+        authProxyHeader: '',
         partialRequestsEnabled: true,
         locale: 'en',
       },

diff --git a/server/middleware/auth.ts b/server/middleware/auth.ts
@@ -18,6 +18,15 @@ export const checkUser: Middleware = async (req, _res, next) => {
     }
 
     user = await userRepository.findOne({ where: { id: userId } });
+  } else if (
+    settings.main.trustProxy &&
+    req.header(settings.main.authProxyHeader)
+  ) {
+    const userRepository = getRepository(User);
+
+    user = await userRepository.findOne({
+      where: { username: req.header(settings.main.authProxyHeader) },
+    });
   } else if (req.session?.userId) {
     const userRepository = getRepository(User);
 

diff --git a/src/components/Settings/SettingsMain.tsx b/src/components/Settings/SettingsMain.tsx
@@ -52,6 +52,11 @@ const messages = defineMessages({
   trustProxy: 'Enable Proxy Support',
   trustProxyTip:
     'Allow Overseerr to correctly register client IP addresses behind a proxy (Overseerr must be reloaded for changes to take effect)',
+  authProxyHeader: 'Proxy Auth Header',
+  authProxyHeaderTip:
+    'Allow Overseerr to authenticate clients via the given HTTP header (Overseerr must trust proxy for header to take effect)',
+  authProxyHeaderHoverTip:
+    'Do NOT enable this setting unless you understand what you are doing!',
   validationApplicationTitle: 'You must provide an application title',
   validationApplicationUrl: 'You must provide a valid URL',
   validationApplicationUrlTrailingSlash: 'URL must not end in a trailing slash',
@@ -138,6 +143,7 @@ const SettingsMain: React.FC = () => {
             originalLanguage: data?.originalLanguage,
             partialRequestsEnabled: data?.partialRequestsEnabled,
             trustProxy: data?.trustProxy,
+            authProxyHeader: data?.authProxyHeader,
           }}
           enableReinitialize
           validationSchema={MainSettingsSchema}
@@ -153,6 +159,7 @@ const SettingsMain: React.FC = () => {
                 originalLanguage: values.originalLanguage,
                 partialRequestsEnabled: values.partialRequestsEnabled,
                 trustProxy: values.trustProxy,
+                authProxyHeader: values.authProxyHeader,
               });
               mutate('/api/v1/settings/public');
 
@@ -272,6 +279,31 @@ const SettingsMain: React.FC = () => {
                     />
                   </div>
                 </div>
+                <div className="form-row">
+                  <label htmlFor="authProxyHeader" className="checkbox-label">
+                    <span className="mr-2">
+                      {intl.formatMessage(messages.authProxyHeader)}
+                    </span>
+                    <Badge badgeType="danger">
+                      {intl.formatMessage(globalMessages.advanced)}
+                    </Badge>
+                    <span className="label-tip">
+                      {intl.formatMessage(messages.authProxyHeaderTip)}
+                    </span>
+                  </label>
+                  <div className="form-input">
+                    <div className="form-input-field">
+                      <Field
+                        type="text"
+                        id="authProxyHeader"
+                        name="authProxyHeader"
+                        title={intl.formatMessage(
+                          messages.authProxyHeaderHoverTip
+                        )}
+                      />
+                    </div>
+                  </div>
+                </div>
                 <div className="form-row">
                   <label htmlFor="csrfProtection" className="checkbox-label">
                     <span className="mr-2">
@@ -305,11 +337,9 @@ const SettingsMain: React.FC = () => {
                   <div className="form-input">
                     <div className="form-input-field">
                       <Field as="select" id="locale" name="locale">
-                        {(
-                          Object.keys(
-                            availableLanguages
-                          ) as (keyof typeof availableLanguages)[]
-                        ).map((key) => (
+                        {(Object.keys(
+                          availableLanguages
+                        ) as (keyof typeof availableLanguages)[]).map((key) => (
                           <option
                             key={key}
                             value={availableLanguages[key].code}