Feat: Stash - Add SSO and disable login on app.

[JigSawFr]

Requested on discord: https://discord.com/channels/853755447970758686/853755448452841522/1048738418026356827

[owine]

Taking a look, not sure we want to do this

Disabling user auth also disables the API key functionality. Giving a direct stream link to a device would not work without either authing with Authelia (not an option for a streaming device for example) or leave that completely unprotected which is not good

Perhaps separating user auth and api key functionality could be submitted upstream.

[owine]

I have added support for enabling the SSO middleware in https://github.com/saltyorg/Sandbox/commit/75f44ad7fb34742a6009926d4a5689ad2653e7ef, but as mentioned above the design of the app is not conducive to this. There is no support for unauthenticated access to the webui but apikey authenticated access to the graphql/stream endpoints. Disabling the username/password gives fully unauthenticated access to these endpoints.

If the app design changes to accomadate the above, the API endpoints could be enabled as we do others as I have added support in https://github.com/saltyorg/Sandbox/commit/71f32684c1ee5221c83fe707db669ec9c4df3a09

[JigSawFr]

Thanks @owine maybe we can force basic auth for api endpoints ?

[owine]

Thanks @owine maybe we can force basic auth for api endpoints ?

This may work for the graphql endpoint but not for streaming. Unless design of the app changes, I wouldn’t want this to be a default deployment.