administrator/frigate
1
0
Fork 0
mirror of https://github.com/blakeblackshear/frigate.git synced 2026-01-26 14:08:30 +03:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

keep 5000 as anonymous user

Browse Source
This commit is contained in:
Josh Hawkins 2025-12-18 09:34:44 -06:00
parent e84ef53536
commit ba4f4304ec
2 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
docs/static/frigate-api.yaml vendored
View File

@ -25,7 +25,7 @@ paths:
description: Authentication Accepted (no response body, different headers depending on auth method) description: Authentication Accepted (no response body, different headers depending on auth method)
headers: headers:
remote-user: remote-user:
description: Authenticated username or "anonymous" in proxy-only mode description: Authenticated username or "viewer" in proxy-only mode
schema: schema:
type: string type: string
remote-role: remote-role:

8
frigate/api/auth.py
View File

@ -167,7 +167,7 @@ def allow_any_authenticated():
Allows: Allows:
- Port 5000 internal requests (remote-user: "anonymous", remote-role: "admin") - Port 5000 internal requests (remote-user: "anonymous", remote-role: "admin")
- Authenticated users with JWT tokens (remote-user: username) - Authenticated users with JWT tokens (remote-user: username)
- Unauthenticated requests when auth is disabled (remote-user: "anonymous") - Unauthenticated requests when auth is disabled (remote-user: "viewer")
Rejects: Rejects:
- Requests with no remote-user header (did not pass through /auth endpoint) - Requests with no remote-user header (did not pass through /auth endpoint)
@ -550,7 +550,7 @@ def resolve_role(
"description": "Authentication Accepted (no response body)", "description": "Authentication Accepted (no response body)",
"headers": { "headers": {
"remote-user": { "remote-user": {
"description": 'Authenticated username or "anonymous" in proxy-only mode', "description": 'Authenticated username or "viewer" in proxy-only mode',
"schema": {"type": "string"}, "schema": {"type": "string"},
}, },
"remote-role": { "remote-role": {
@ -575,7 +575,7 @@ def auth(request: Request):
# dont require auth if the request is on the internal port # dont require auth if the request is on the internal port
# this header is set by Frigate's nginx proxy, so it cant be spoofed # this header is set by Frigate's nginx proxy, so it cant be spoofed
if int(request.headers.get("x-server-port", default=0)) == 5000: if int(request.headers.get("x-server-port", default=0)) == 5000:
success_response.headers["remote-user"] = "admin" success_response.headers["remote-user"] = "anonymous"
success_response.headers["remote-role"] = "admin" success_response.headers["remote-role"] = "admin"
return success_response return success_response
@ -592,7 +592,7 @@ def auth(request: Request):
# if auth is disabled, just apply the proxy header map and return success # if auth is disabled, just apply the proxy header map and return success
if not auth_config.enabled: if not auth_config.enabled:
# pass the user header value from the upstream proxy if a mapping is specified # pass the user header value from the upstream proxy if a mapping is specified
# or use anonymous if none are specified # or use viewer if none are specified
user_header = proxy_config.header_map.user user_header = proxy_config.header_map.user
success_response.headers["remote-user"] = ( success_response.headers["remote-user"] = (
request.headers.get(user_header, default="viewer") request.headers.get(user_header, default="viewer")