Implement support for webserver header based auth

2025-06-13 20:53:59 +00:00 · 2022-03-08 19:24:11 +00:00 · 2022-03-08 19:24:11 +00:00 · 82a7f0a796
commit 82a7f0a796
parent aa3fe975e7
1 changed files with 24 additions and 0 deletions
--- a/app/server/lib/Authorizer.ts
+++ b/app/server/lib/Authorizer.ts
@ -192,6 +192,7 @@ export async function addRequestUser(dbManager: HomeDBManager, permitStore: IPer
    }

    mreq.users = getSessionProfiles(session);
+    log.info(`mreq.users: ${mreq.users}`);

    // If we haven't set a maxAge yet, set it now.
    if (session && session.cookie && !session.cookie.maxAge) {
@ -232,6 +233,7 @@ export async function addRequestUser(dbManager: HomeDBManager, permitStore: IPer
    }

    profile = sessionUser && sessionUser.profile || undefined;
+    log.info(`profile: ${profile}`);

    // If we haven't computed a userId yet, check for one using an email address in the profile.
    // A user record will be created automatically for emails we've never seen before.
@ -245,6 +247,28 @@ export async function addRequestUser(dbManager: HomeDBManager, permitStore: IPer
    }
  }

+  // Try to determine user based on x-remote-user header
+  if (!mreq.userId) {
+    // mreg.headers["x-remote-user"];
+    // log.info(`mreg.headers: ${JSON.stringify(mreq.headers, null, 4)}`);
+    if (mreq.headers && mreq.headers["x-remote-user"]) {
+      const remoteUser = mreq.headers["x-remote-user"].toString();
+      log.info("Authorized user found");
+      profile = {
+	      "email": remoteUser,
+	      "name": remoteUser
+      };
+      const user = await dbManager.getUserByLoginWithRetry(remoteUser, profile);
+      if(user) {
+        mreq.user = user;
+	mreq.users = [profile];
+        mreq.userId = user.id;
+        mreq.userIsAuthorized = true;
+      }
+    }
+  }
+
+
  // If no userId has been found yet, fall back on anonymous.
  if (!mreq.userId) {
    const anon = dbManager.getAnonymousUser();