lufixSch
commented
2 months ago I added automatic user creation. The current behavior is the following:
If the user already exists either with no UserType (e.g. username + password) or PROXY_USER they are authenticated.
If no user exists with that username and either no UserType or PROXY_USER as type then a new user with UserType PROXY_USER is created.
A user of type PROXY_USER can not log in with username and password.
This PR aims to add forward auth/proxy auth to this project as discussed in #461. In forward auth a proxy routes requests through a third party authentication service and only if this service returns a 200 response, the request is passed to the actual service. The authentication service will add one or many authentication headers to the request depending on the service which can be used to identify the authenticated user.
Changes made
In an ideal implementation the user would be authenticated automatically (e.g. no 'login' button has to be pressed) but with the current implementation I wasn't able to think of a viable solution which doesn't require a DB lookup on every API request. Instead, I added another provider ("proxy") and a corresponding login button in the frontend. When this button is pressed an API request to
/auth/proxyis made which checks for the authentication header and returns an authentication token if the header is valid.The current implementation is a minimal proof of concept in order to see if it could work. It's the first time I worked with GO, and I'm open to feedback.
Missing features
/auth/proxyroute so that it only works if proxy auth is specifically enabled