filebrowser/auth/proxy.go

package auth

import (
	"net/http"
	"os"

	"github.com/filebrowser/filebrowser/v2/errors"
	"github.com/filebrowser/filebrowser/v2/settings"
	"github.com/filebrowser/filebrowser/v2/users"
)

// MethodProxyAuth is used to identify no auth.
const MethodProxyAuth settings.AuthMethod = "proxy"

// ProxyAuth is a proxy implementation of an auther.
type ProxyAuth struct {
	Header string `json:"header"`
}

// Auth authenticates the user via an HTTP header.
func (a ProxyAuth) Auth(r *http.Request, sto users.Store, root string) (*users.User, error) {
	username := r.Header.Get(a.Header)
	user, err := sto.Get(root, username)
	if err == errors.ErrNotExist {
		return nil, os.ErrPermission
	}

	return user, err
}

// LoginPage tells that proxy auth doesn't require a login page.
func (a ProxyAuth) LoginPage() bool {
	return false
}
feat: v2 (#599) Read https://github.com/filebrowser/filebrowser/pull/575. Former-commit-id: 7aedcaaf72b863033e3f089d6df308d41a3fd00c [formerly bdbe4d49161b901c4adf9c245895a1be2d62e4a7] [formerly acfc1ec67c423e0b3e065a8c1f8897c5249af65b [formerly d309066def8319e9da89d00ca6463ec4aea62d34]] Former-commit-id: 0c7d925a38a68ccabdf2c4bbd8c302ee89b93509 [formerly a6173925a1382955d93b334ded93f70d6dddd694] Former-commit-id: e032e0804dd051df86f42962de2b39caec5318b7 2019-01-05 22:44:33 +00:00			`package auth`

			`import (`
			`"net/http"`
			`"os"`

🧹: gofmt Former-commit-id: 9548d370497e13d436abbc670cf40d360badab9f [formerly f29ba9c4dcf9962c3a5045629526296cd2b43ad8] [formerly 3f89c094c1b3330c8d6f1b2379d6309567d12210 [formerly 92fda0070cb61c3739fdfe340b65a39fd73eda8b]] Former-commit-id: 4ad64211019e0236f0eaa6e041a8793e899954fe [formerly 6bf71ffba205b563ff6cd0c7487d9a328c757686] Former-commit-id: 4c7afe072fc3e2a225ca5a7dbf3f3beb66b44058 2019-01-05 23:01:16 +00:00			`"github.com/filebrowser/filebrowser/v2/errors"`
feat: v2 (#599) Read https://github.com/filebrowser/filebrowser/pull/575. Former-commit-id: 7aedcaaf72b863033e3f089d6df308d41a3fd00c [formerly bdbe4d49161b901c4adf9c245895a1be2d62e4a7] [formerly acfc1ec67c423e0b3e065a8c1f8897c5249af65b [formerly d309066def8319e9da89d00ca6463ec4aea62d34]] Former-commit-id: 0c7d925a38a68ccabdf2c4bbd8c302ee89b93509 [formerly a6173925a1382955d93b334ded93f70d6dddd694] Former-commit-id: e032e0804dd051df86f42962de2b39caec5318b7 2019-01-05 22:44:33 +00:00			`"github.com/filebrowser/filebrowser/v2/settings"`
			`"github.com/filebrowser/filebrowser/v2/users"`
			`)`

			`// MethodProxyAuth is used to identify no auth.`
			`const MethodProxyAuth settings.AuthMethod = "proxy"`

			`// ProxyAuth is a proxy implementation of an auther.`
			`type ProxyAuth struct {`
feat: config/users import/export (#613) Supports json and yaml. Former-commit-id: d36b07953ede1842942b7ab477effeb2e5aa7d5b [formerly 51d0d5691d19e0649935816779a34b1b700e088a] [formerly 342f636293be8e38e7907453a67c67e5e9195c78 [formerly 73b8d2ee7ee73c6785b71b2b4caa2362ad84d989]] Former-commit-id: 8ef6a1563ebe425a15a8229165d2ddb043cefb21 [formerly 01c4ac1d89e0d5c6ed16bb7f23c2bbe62085d6e5] Former-commit-id: 6d197ee1931889571c61ad0920e4352d4b02b264 2019-01-08 08:57:24 +00:00			Header string `json:"header"`
feat: v2 (#599) Read https://github.com/filebrowser/filebrowser/pull/575. Former-commit-id: 7aedcaaf72b863033e3f089d6df308d41a3fd00c [formerly bdbe4d49161b901c4adf9c245895a1be2d62e4a7] [formerly acfc1ec67c423e0b3e065a8c1f8897c5249af65b [formerly d309066def8319e9da89d00ca6463ec4aea62d34]] Former-commit-id: 0c7d925a38a68ccabdf2c4bbd8c302ee89b93509 [formerly a6173925a1382955d93b334ded93f70d6dddd694] Former-commit-id: e032e0804dd051df86f42962de2b39caec5318b7 2019-01-05 22:44:33 +00:00			`}`

			`// Auth authenticates the user via an HTTP header.`
feat: allow to password protect shares (#1252) This changes allows to password protect shares. It works by: * Allowing to optionally pass a password when creating a share * If set, the password + salt that is configured via a new flag will be hashed via bcrypt and the hash stored together with the rest of the share * Additionally, a random 96 byte long token gets generated and stored as part of the share * When the backend retrieves an unauthenticated request for a share that has authentication configured, it will return a http 401 * The frontend detects this and will show a login prompt * The actual download links are protected via an url arg that contains the previously generated token. This allows us to avoid buffering the download in the browser and allows pasting the link without breaking it 2021-03-02 11:00:18 +00:00			`func (a ProxyAuth) Auth(r http.Request, sto users.Store, root string) (users.User, error) {`
feat: v2 (#599) Read https://github.com/filebrowser/filebrowser/pull/575. Former-commit-id: 7aedcaaf72b863033e3f089d6df308d41a3fd00c [formerly bdbe4d49161b901c4adf9c245895a1be2d62e4a7] [formerly acfc1ec67c423e0b3e065a8c1f8897c5249af65b [formerly d309066def8319e9da89d00ca6463ec4aea62d34]] Former-commit-id: 0c7d925a38a68ccabdf2c4bbd8c302ee89b93509 [formerly a6173925a1382955d93b334ded93f70d6dddd694] Former-commit-id: e032e0804dd051df86f42962de2b39caec5318b7 2019-01-05 22:44:33 +00:00			`username := r.Header.Get(a.Header)`
fix: rename global scope as root and fix root md License: MIT Signed-off-by: Henrique Dias <hacdias@gmail.com> Former-commit-id: 856c18bc9cf98a27b6cbea923b231e0aaf279190 [formerly 201c1a0294947930a7d0706af72ce719a8cc3b98] [formerly 0253e57e2994023e798f6fb0ae76f9c21d18fd69 [formerly 33a58c999a8e2ae49e52117451e99b57b2cde7b9]] Former-commit-id: e7d88b22207125c29ea85a5a539653a54584999c [formerly 77cb1e0172cdf7195cc25d557e5028a9250d655c] Former-commit-id: 64288f5a475a82d5f88c91347a09aea67ebb169d 2019-01-07 20:34:44 +00:00			`user, err := sto.Get(root, username)`
feat: v2 (#599) Read https://github.com/filebrowser/filebrowser/pull/575. Former-commit-id: 7aedcaaf72b863033e3f089d6df308d41a3fd00c [formerly bdbe4d49161b901c4adf9c245895a1be2d62e4a7] [formerly acfc1ec67c423e0b3e065a8c1f8897c5249af65b [formerly d309066def8319e9da89d00ca6463ec4aea62d34]] Former-commit-id: 0c7d925a38a68ccabdf2c4bbd8c302ee89b93509 [formerly a6173925a1382955d93b334ded93f70d6dddd694] Former-commit-id: e032e0804dd051df86f42962de2b39caec5318b7 2019-01-05 22:44:33 +00:00			`if err == errors.ErrNotExist {`
			`return nil, os.ErrPermission`
			`}`

			`return user, err`
			`}`
fix: possible fix for proxy auth requiring login page License: MIT Signed-off-by: Henrique Dias <hacdias@gmail.com> Former-commit-id: aa32ec7e27f24aee497d3c1a6bb3cda4f3f30265 [formerly 92f1d95d44e0a1c0b8dd6d81b467829c8832acc8] [formerly d8c05dc476ae88b730547cce1e3644c69ee17278 [formerly 84f108f1c56592871af4a97cc5ab2a9986005b62]] Former-commit-id: 9f766a5b8ef847569fb8f4f16540c256fa9ca92f [formerly 0b6b1e48435b3fe5819327e311f08eb179a19b3e] Former-commit-id: 046dfa8350d2f1b4e7fb789fb026069e137437ef 2019-02-15 12:58:45 +00:00
			`// LoginPage tells that proxy auth doesn't require a login page.`
			`func (a ProxyAuth) LoginPage() bool {`
			`return false`
			`}`