feat: proxy auth support (#485)

* Change the order of commands to be able to cache more layers in case of multiple builds triggered in a row * Fix #471 * Format Code * Revert "Change the order of commands to be able to cache more layers in case of multiple builds triggered in a row" This reverts commit 29217f66ee6aee63d2c03ac86de4ad437876317d [formerly ebff3e9d79ac9eca44d7b3caf7814be62c784d43] [formerly 9b95d9e986254d55405cd0e9484dcbbadc54c87b [formerly d13fd2878c38a46f91da30de150624200f0b32e9]] [formerly 3ec8fb12d8b6e1942ebae6abb00c5f15b03d6412 [formerly 6a70bdaf457f50896dd9826608666a39babae666] [formerly 063a6fe9d4991b7b6c257ae081288ea40efbe8b5 [formerly 01362f34ee45b342f4e9148730ccd30027e5aebf]]]. * Adjustment based on the review * Rename "login-header" to "loginHeader" and prepare auth.method to accept "none" as a value * Fixed line break * Readd "lumberjack.v2" import which was removed by gofmt Sorry - I do my tests and run "gofmt" before comitting the changes - It sadly seems like it is messing up the imports over and over again. Former-commit-id: 252e65171f70ee87238b5542e6af81d90bdaed6b [formerly fa843827feaab389550f32ba3a629e1968bcea3d] [formerly 942986226dbb56ef1cb4dff24445406cfa699d2d [formerly ed62451ea0]] Former-commit-id: e87377dd6f30012b0d602b592100a7deb39a8632 [formerly f8198aa8a51fd5e727c31df0918ab62024520cef] Former-commit-id: 019de07d53c3da16354e228330c14efb0dfb2122
2026-01-23 02:35:10 +00:00 · 2018-08-08 11:06:16 +02:00 · 2018-08-08 11:06:16 +02:00 · 50dcf35eda
commit 50dcf35eda
parent 769e634bdd
4 changed files with 77 additions and 21 deletions
--- a/http/auth.go
+++ b/http/auth.go
@ -51,20 +51,32 @@ func reCaptcha(host, secret, response string) (bool, error) {

 // authHandler processes the authentication for the user.
 func authHandler(c *fb.Context, w http.ResponseWriter, r *http.Request) (int, error) {
-	// NoAuth instances shouldn't call this method.
 	if c.NoAuth {
+		// NoAuth instances shouldn't call this method.
 		return 0, nil
 	}

+	if c.AuthMethod == "proxy" {
+		// Receive the Username from the Header and check if it exists.
+		u, err := c.Store.Users.GetByUsername(r.Header.Get(c.LoginHeader), c.NewFS)
+		if err != nil {
+			return http.StatusForbidden, nil
+		}
+
+		c.User = u
+		return printToken(c, w)
+	}
+
 	// Receive the credentials from the request and unmarshal them.
 	var cred cred
+
 	if r.Body == nil {
 		return http.StatusForbidden, nil
 	}

 	err := json.NewDecoder(r.Body).Decode(&cred)
 	if err != nil {
-		return http.StatusForbidden, nil
+		return http.StatusForbidden, err
 	}

 	// If ReCaptcha is enabled, check the code.
@ -171,6 +183,16 @@ func validateAuth(c *fb.Context, r *http.Request) (bool, *fb.User) {
 		return true, c.User
 	}

+	// If proxy auth is used do not verify the JWT token if the header is provided.
+	if c.AuthMethod == "proxy" {
+		u, err := c.Store.Users.GetByUsername(r.Header.Get(c.LoginHeader), c.NewFS)
+		if err != nil {
+			return false, nil
+		}
+		c.User = u
+		return true, c.User
+	}
+
 	keyFunc := func(token *jwt.Token) (interface{}, error) {
 		return c.Key, nil
 	}