diff --git a/frigate/api/auth.py b/frigate/api/auth.py index 144c71d03..93d618376 100644 --- a/frigate/api/auth.py +++ b/frigate/api/auth.py @@ -12,12 +12,12 @@ import time from datetime import datetime from pathlib import Path -from flask import Blueprint, current_app, jsonify, make_response, request +from flask import Blueprint, current_app, jsonify, make_response, redirect, request from flask_limiter import Limiter from joserfc import jwt from peewee import DoesNotExist -from frigate.config import AuthModeEnum +from frigate.config import AuthConfig, AuthModeEnum from frigate.const import CONFIG_DIR, JWT_SECRET_ENV_VAR, PASSWORD_HASH_ALGORITHM from frigate.models import User @@ -167,6 +167,7 @@ def set_jwt_cookie(response, cookie_name, encoded_jwt, expiration): ) +# Endpoint for use with nginx auth_request @AuthBp.route("/auth") def auth(): success_response = make_response({}, 202) @@ -271,11 +272,11 @@ def profile(): return jsonify({"username": username}) -@AuthBp.route("/logout", methods=["POST"]) +@AuthBp.route("/logout") def logout(): - JWT_COOKIE_NAME = current_app.frigate_config.auth.cookie_name - response = make_response({}, 200) - response.delete_cookie(JWT_COOKIE_NAME) + auth_config: AuthConfig = current_app.frigate_config.auth + response = make_response(redirect("/login", code=303)) + response.delete_cookie(auth_config.cookie_name) return response diff --git a/frigate/config.py b/frigate/config.py index a6fd0280c..dbeea4b85 100644 --- a/frigate/config.py +++ b/frigate/config.py @@ -143,18 +143,21 @@ class AuthConfig(FrigateBaseModel): title="Refresh the session if it is going to expire in this many seconds", ge=30, ) - header_map: Optional[HeaderMappingConfig] = Field( + header_map: HeaderMappingConfig = Field( default_factory=HeaderMappingConfig, title="Header mapping definitions for proxy auth mode.", ) - failed_login_rate_limit: Optional[str] = Field( + failed_login_rate_limit: str = Field( default="1/second;5/minute;20/hour", title="Rate limits for failed login attempts.", ) - trusted_proxies: Optional[List[str]] = Field( + trusted_proxies: List[str] = Field( default=[], title="Trusted proxies for determining IP address to rate limit", ) + logout_url: Optional[str] = Field( + default=None, title="Redirect url for logging out in proxy mode." + ) # As of Feb 2023, OWASP recommends 600000 iterations for PBKDF2-SHA256 hash_iterations: int = Field(default=600000, title="Password hash iterations") diff --git a/web/src/components/menu/AccountSettings.tsx b/web/src/components/menu/AccountSettings.tsx index 4f0ed90b0..53fcd564d 100644 --- a/web/src/components/menu/AccountSettings.tsx +++ b/web/src/components/menu/AccountSettings.tsx @@ -18,8 +18,6 @@ import { import { Drawer, DrawerContent, DrawerTrigger } from "../ui/drawer"; import { DialogClose } from "../ui/dialog"; import { LuLogOut } from "react-icons/lu"; -import { useCallback } from "react"; -import axios from "axios"; import useSWR from "swr"; type AccountSettingsProps = { @@ -27,14 +25,8 @@ type AccountSettingsProps = { }; export default function AccountSettings({ className }: AccountSettingsProps) { const { data: profile } = useSWR("profile"); - - const handleLogout = useCallback(() => { - axios.post(`logout`).then((response) => { - if (response.status == 200) { - window.location.href = "/"; - } - }); - }, []); + const { data: config } = useSWR("config"); + const logoutUrl = config?.auth.logout_url || "/api/logout"; const Container = isDesktop ? DropdownMenu : Drawer; const Trigger = isDesktop ? DropdownMenuTrigger : DrawerTrigger; @@ -75,17 +67,18 @@ export default function AccountSettings({ className }: AccountSettingsProps) { >
- Current User: {profile?.username} + Current User: {profile?.username || "anonymous"} handleLogout()} > - - Logout + + + Logout +