From 9f3ed989c4c5edc5a999bbd3162079c2cb620c3d Mon Sep 17 00:00:00 2001 From: Thomas Karolski Date: Sat, 12 Mar 2022 20:31:17 +0100 Subject: [PATCH] [authorizer] Determine auth header to use via an environment variable --- app/server/lib/Authorizer.ts | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/app/server/lib/Authorizer.ts b/app/server/lib/Authorizer.ts index e2cf376b..ef8f6312 100644 --- a/app/server/lib/Authorizer.ts +++ b/app/server/lib/Authorizer.ts @@ -92,16 +92,14 @@ export function isSingleUserMode(): boolean { /** * Returns a profile if it can be deduced from the request. This requires a - * header to specify the users' email address. + * header to specify the users' email address. The header to set comes from the + * environment variable GRIST_PROXY_AUTH_HEADER. */ export function getRequestProfile(req: Request): UserProfile|undefined { - // Try to determine user based on 'x-remote-user' header passed via a webserver rewrite rule. - // TODO: The header should probably be set via an environment variable and if it is not set, - // this code path should be disabled altogether. - let header:string = "x-remote-user"; + const header = process.env.GRIST_PROXY_AUTH_HEADER; let profile: UserProfile|undefined; - if (req.headers && req.headers[header]) { + if (header && req.headers && req.headers[header]) { let headerContent = req.headers[header]; if (headerContent) { const userEmail = headerContent.toString();