administrator/frigate
1
0
Fork 0
mirror of https://github.com/blakeblackshear/frigate.git synced 2026-02-17 16:44:29 +03:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Enable forms based auth and proxy auth

Browse Source
This commit is contained in:
lucas_nz 2024-12-12 11:27:07 +13:00
parent 2461d01329
commit fad2e5c1b5
1 changed files with 22 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
frigate/api/auth.py
View File

@ -180,28 +180,32 @@ def auth():
fail_response = make_response({}, 401) fail_response = make_response({}, 401)
# ensure the proxy secret matches if configured # if the request is coming from a proxy with a auth header attempt header auth
if ( if (
proxy_config.auth_secret is not None auth_config.trusted_proxies is not None
and request.headers.get("x-proxy-secret", "", type=str) and proxy_config.header_map.user is not None
!= proxy_config.auth_secret and proxy_config.header_map.user in request.headers
): ):
logger.debug("X-Proxy-Secret header does not match configured secret value") # ensure the proxy secret matches if configured
return fail_response if (
proxy_config.auth_secret is not None
and request.headers.get("x-proxy-secret", "", type=str)
!= proxy_config.auth_secret
):
logger.debug("X-Proxy-Secret header does not match configured secret value")
return fail_response
# if auth is disabled, just apply the proxy header map and return success upstream_user_header_value = request.headers.get(
proxy_config.header_map.user,
type=str,
default="anonymous",
)
success_response.headers["remote-user"] = upstream_user_header_value
return success_response
# if auth is disabled, return success
if not auth_config.enabled: if not auth_config.enabled:
# pass the user header value from the upstream proxy if a mapping is specified success_response.headers["remote-user"] = "anonymous"
# or use anonymous if none are specified
if proxy_config.header_map.user is not None:
upstream_user_header_value = request.headers.get(
proxy_config.header_map.user,
type=str,
default="anonymous",
)
success_response.headers["remote-user"] = upstream_user_header_value
else:
success_response.headers["remote-user"] = "anonymous"
return success_response return success_response
# now apply authentication # now apply authentication