search

tubearchivist / browser-extension

Tube Archivist Companion for your Browser
GNU General Public License v3.0
150 stars 19 forks source link

How do I use the extension when TubeArchivist is behind Authelia? #46

Closed tehniemer closed 1 month ago

tehniemer commented 2 months ago

I have TubeArchivist behind Authelia and have the forward auth login working, but the extension is not connecting to my server, is there a way to get this working or do I need to disable Authelia to use the extension?

Hanga7yr commented 1 month ago

Hi, On my own experience, it is a bit of a pain using authelia and services that require direct access from outside. There are a few options to allow access, such as VPNs, but in some cases, it is not an option.

The current way I do it, is allowing certain paths to pass directly towards the service adding it to the rules of access_control, for example:

- domain: service.example.net
  policy: bypass
  resources:
    - "^/bypass/.*$"

And then in my reverse proxy (haproxy), point directly towards that service modifying the path so that it points correctly where it should.

...
acl bypass_url path_beg -i /bypass/
use_backend service if bypass_url
...
http-request set-path / if bypass_url

While this certainly affects security, in the case of tubearchivist, you are using an API key so the effect is slightly diminished. I am using examples here, not providing an answer as I don't know your setup, so modify it to your needs.

There are other options to fix this issue but this is the one I am currently using, once I find a better one I will probably change.

Hope this answer suites your needs and is on time.

tehniemer commented 1 month ago

I have something similar that works for all my other services using APIs for app access, but it isn't working for the extension, I'm wondering if the url contains a different identifier instead of api, I just don't know how to figure out what it might be.

    - domain: '*.mydomain.com'
      policy: bypass
      resources:
      - '^/api([/?].*)?$'
Hanga7yr commented 1 month ago

I believe the APIs routes are on the /extension/background.js file. For what I can see scanning quickly they are:

So allowing the /api route and subpaths should be sufficient.

tehniemer commented 1 month ago

Thanks for the help, but it seems that it's not Authelia as the source of my troubles, even with it disabled the extension is unable to access my instance. I'm going to close this and open an issue.