search

LinkStackOrg / linkstack-docker

A simple to set up docker variant of LinkStack. LinkStack is a highly customizable link sharing platform with an intuitive, easy to use user interface.
https://linkstack.org/docker
GNU Affero General Public License v3.0
340 stars 41 forks source link

Proxy authentication by http header value #4

Closed max-tet closed 2 years ago

max-tet commented 2 years ago

When self-hosting Littlelink just for yourself, you might want to have a single point for user management and authentication. It is annoying to login to each and every app seperately.

A pretty simple way to centralize authentication is achieved by deploying apps behind a reverse proxy, and use proxy auth. The proxy handles authentication in some way and sets http headers containing the username that was successfully logged-in. The apps read the headers and associate incoming requests to that user.

The perfect proxy auth feature for me would work like this:

  1. Start Littlelink with additional environment variables:
  1. Configure the reverse proxy to authenticate incoming requests in any way you like.
  2. Let the reverse proxy set X-Authenticated-User to the authenticated username on every request.
  3. Littlelink treats the requests as if they belong to the appropriate user session.
  4. Bonus: if Littlelink does not know the username, it creates a new user with that name.

Context: I am using Littlelink for this product. Since this is a single-user platform, users really should see no login screen at all, not even for SSO.

JulianPrieber commented 2 years ago

This would be an interesting addition, however this is probably outside the scope of this project. Implementing such a feature would likely be the enormous effort for me to implement.  I'm not sure if this is something many users would even use. 

As stated in https://github.com/JulianPrieber/llc-docker/issues/4 I can't really afford to have the two LittleLink Custom versions differ from each other. Meaning that this solution had to be implemented in the web version as well.

Despite all this, you or anyone for this matter is welcome to work on this feature, and I'll be happy to implement this in a future update. I'd be happy to assist if there are any question during development.