Implement support for webserver header based auth

This commit is contained in:
Thomas Karolski 2022-03-08 19:24:11 +00:00
parent aa3fe975e7
commit 82a7f0a796

View File

@ -192,6 +192,7 @@ export async function addRequestUser(dbManager: HomeDBManager, permitStore: IPer
}
mreq.users = getSessionProfiles(session);
log.info(`mreq.users: ${mreq.users}`);
// If we haven't set a maxAge yet, set it now.
if (session && session.cookie && !session.cookie.maxAge) {
@ -232,6 +233,7 @@ export async function addRequestUser(dbManager: HomeDBManager, permitStore: IPer
}
profile = sessionUser && sessionUser.profile || undefined;
log.info(`profile: ${profile}`);
// If we haven't computed a userId yet, check for one using an email address in the profile.
// A user record will be created automatically for emails we've never seen before.
@ -245,6 +247,28 @@ export async function addRequestUser(dbManager: HomeDBManager, permitStore: IPer
}
}
// Try to determine user based on x-remote-user header
if (!mreq.userId) {
// mreg.headers["x-remote-user"];
// log.info(`mreg.headers: ${JSON.stringify(mreq.headers, null, 4)}`);
if (mreq.headers && mreq.headers["x-remote-user"]) {
const remoteUser = mreq.headers["x-remote-user"].toString();
log.info("Authorized user found");
profile = {
"email": remoteUser,
"name": remoteUser
};
const user = await dbManager.getUserByLoginWithRetry(remoteUser, profile);
if(user) {
mreq.user = user;
mreq.users = [profile];
mreq.userId = user.id;
mreq.userIsAuthorized = true;
}
}
}
// If no userId has been found yet, fall back on anonymous.
if (!mreq.userId) {
const anon = dbManager.getAnonymousUser();