From 82a7f0a796fdf722a217180e0c81bb8f2ab6f57f Mon Sep 17 00:00:00 2001 From: Thomas Karolski Date: Tue, 8 Mar 2022 19:24:11 +0000 Subject: [PATCH] Implement support for webserver header based auth --- app/server/lib/Authorizer.ts | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/app/server/lib/Authorizer.ts b/app/server/lib/Authorizer.ts index f62eb874..1dbfbeda 100644 --- a/app/server/lib/Authorizer.ts +++ b/app/server/lib/Authorizer.ts @@ -192,6 +192,7 @@ export async function addRequestUser(dbManager: HomeDBManager, permitStore: IPer } mreq.users = getSessionProfiles(session); + log.info(`mreq.users: ${mreq.users}`); // If we haven't set a maxAge yet, set it now. if (session && session.cookie && !session.cookie.maxAge) { @@ -232,6 +233,7 @@ export async function addRequestUser(dbManager: HomeDBManager, permitStore: IPer } profile = sessionUser && sessionUser.profile || undefined; + log.info(`profile: ${profile}`); // If we haven't computed a userId yet, check for one using an email address in the profile. // A user record will be created automatically for emails we've never seen before. @@ -245,6 +247,28 @@ export async function addRequestUser(dbManager: HomeDBManager, permitStore: IPer } } + // Try to determine user based on x-remote-user header + if (!mreq.userId) { + // mreg.headers["x-remote-user"]; + // log.info(`mreg.headers: ${JSON.stringify(mreq.headers, null, 4)}`); + if (mreq.headers && mreq.headers["x-remote-user"]) { + const remoteUser = mreq.headers["x-remote-user"].toString(); + log.info("Authorized user found"); + profile = { + "email": remoteUser, + "name": remoteUser + }; + const user = await dbManager.getUserByLoginWithRetry(remoteUser, profile); + if(user) { + mreq.user = user; + mreq.users = [profile]; + mreq.userId = user.id; + mreq.userIsAuthorized = true; + } + } + } + + // If no userId has been found yet, fall back on anonymous. if (!mreq.userId) { const anon = dbManager.getAnonymousUser();