Format Code
This commit is contained in:
Marvin Weck
parent
5e8c4d4d45
commit
3634eb42a5
@ -2,15 +2,7 @@ package main
|
|||||||
|
|
||||||
import (
|
import (
|
||||||
"fmt"
|
"fmt"
|
||||||
"io/ioutil"
|
|
||||||
"log"
|
|
||||||
"net"
|
|
||||||
"net/http"
|
|
||||||
"os"
|
|
||||||
"path/filepath"
|
|
||||||
"strings"
|
|
||||||
"github.com/asdine/storm"
|
"github.com/asdine/storm"
|
||||||
"gopkg.in/natefinch/lumberjack.v2"
|
|
||||||
"github.com/filebrowser/filebrowser"
|
"github.com/filebrowser/filebrowser"
|
||||||
"github.com/filebrowser/filebrowser/bolt"
|
"github.com/filebrowser/filebrowser/bolt"
|
||||||
h "github.com/filebrowser/filebrowser/http"
|
h "github.com/filebrowser/filebrowser/http"
|
||||||
@ -18,6 +10,14 @@ import (
|
|||||||
"github.com/hacdias/fileutils"
|
"github.com/hacdias/fileutils"
|
||||||
flag "github.com/spf13/pflag"
|
flag "github.com/spf13/pflag"
|
||||||
"github.com/spf13/viper"
|
"github.com/spf13/viper"
|
||||||
|
"gopkg.in/natefinch/lumberjack.v2"
|
||||||
|
"io/ioutil"
|
||||||
|
"log"
|
||||||
|
"net"
|
||||||
|
"net/http"
|
||||||
|
"os"
|
||||||
|
"path/filepath"
|
||||||
|
"strings"
|
||||||
)
|
)
|
||||||
|
|
||||||
var (
|
var (
|
||||||
@ -35,17 +35,17 @@ var (
|
|||||||
recaptchakey string
|
recaptchakey string
|
||||||
recaptchasecret string
|
recaptchasecret string
|
||||||
port int
|
port int
|
||||||
auth struct {
|
auth struct {
|
||||||
method string
|
method string
|
||||||
loginHeader string
|
loginHeader string
|
||||||
}
|
}
|
||||||
noAuth bool
|
noAuth bool
|
||||||
allowCommands bool
|
allowCommands bool
|
||||||
allowEdit bool
|
allowEdit bool
|
||||||
allowNew bool
|
allowNew bool
|
||||||
allowPublish bool
|
allowPublish bool
|
||||||
showVer bool
|
showVer bool
|
||||||
alterRecaptcha bool
|
alterRecaptcha bool
|
||||||
)
|
)
|
||||||
|
|
||||||
func init() {
|
func init() {
|
||||||
@ -65,7 +65,7 @@ func init() {
|
|||||||
flag.BoolVar(&allowEdit, "allow-edit", true, "Default allow edit option for new users")
|
flag.BoolVar(&allowEdit, "allow-edit", true, "Default allow edit option for new users")
|
||||||
flag.BoolVar(&allowPublish, "allow-publish", true, "Default allow publish option for new users")
|
flag.BoolVar(&allowPublish, "allow-publish", true, "Default allow publish option for new users")
|
||||||
flag.StringVar(&auth.method, "auth.method", "default", "Switch between 'default' and 'proxy' authentication.")
|
flag.StringVar(&auth.method, "auth.method", "default", "Switch between 'default' and 'proxy' authentication.")
|
||||||
flag.StringVar(&auth.loginHeader, "auth.login-header", "X-Forwarded-User", "The header name used for proxy authentication.")
|
flag.StringVar(&auth.loginHeader, "auth.login-header", "X-Forwarded-User", "The header name used for proxy authentication.")
|
||||||
flag.BoolVar(&allowNew, "allow-new", true, "Default allow new option for new users")
|
flag.BoolVar(&allowNew, "allow-new", true, "Default allow new option for new users")
|
||||||
flag.BoolVar(&noAuth, "no-auth", false, "Disables authentication")
|
flag.BoolVar(&noAuth, "no-auth", false, "Disables authentication")
|
||||||
flag.BoolVar(&alterRecaptcha, "alternative-recaptcha", false, "Use recaptcha.net for serving and handling, useful in China")
|
flag.BoolVar(&alterRecaptcha, "alternative-recaptcha", false, "Use recaptcha.net for serving and handling, useful in China")
|
||||||
@ -87,8 +87,8 @@ func setupViper() {
|
|||||||
viper.SetDefault("AllowPublish", true)
|
viper.SetDefault("AllowPublish", true)
|
||||||
viper.SetDefault("StaticGen", "")
|
viper.SetDefault("StaticGen", "")
|
||||||
viper.SetDefault("Locale", "")
|
viper.SetDefault("Locale", "")
|
||||||
viper.SetDefault("AuthMethod", "default")
|
viper.SetDefault("AuthMethod", "default")
|
||||||
viper.SetDefault("LoginHeader", "X-Fowarded-User");
|
viper.SetDefault("LoginHeader", "X-Fowarded-User")
|
||||||
viper.SetDefault("NoAuth", false)
|
viper.SetDefault("NoAuth", false)
|
||||||
viper.SetDefault("BaseURL", "")
|
viper.SetDefault("BaseURL", "")
|
||||||
viper.SetDefault("PrefixURL", "")
|
viper.SetDefault("PrefixURL", "")
|
||||||
@ -110,7 +110,7 @@ func setupViper() {
|
|||||||
viper.BindPFlag("Locale", flag.Lookup("locale"))
|
viper.BindPFlag("Locale", flag.Lookup("locale"))
|
||||||
viper.BindPFlag("StaticGen", flag.Lookup("staticgen"))
|
viper.BindPFlag("StaticGen", flag.Lookup("staticgen"))
|
||||||
viper.BindPFlag("AuthMethod", flag.Lookup("auth.method"))
|
viper.BindPFlag("AuthMethod", flag.Lookup("auth.method"))
|
||||||
viper.BindPFlag("LoginHeader", flag.Lookup("auth.login-header"))
|
viper.BindPFlag("LoginHeader", flag.Lookup("auth.login-header"))
|
||||||
viper.BindPFlag("NoAuth", flag.Lookup("no-auth"))
|
viper.BindPFlag("NoAuth", flag.Lookup("no-auth"))
|
||||||
viper.BindPFlag("BaseURL", flag.Lookup("baseurl"))
|
viper.BindPFlag("BaseURL", flag.Lookup("baseurl"))
|
||||||
viper.BindPFlag("PrefixURL", flag.Lookup("prefixurl"))
|
viper.BindPFlag("PrefixURL", flag.Lookup("prefixurl"))
|
||||||
@ -176,12 +176,12 @@ func main() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// Validate the provided config before moving forward
|
// Validate the provided config before moving forward
|
||||||
if(viper.GetString("AuthMethod") != "default" && viper.GetString("AuthMethod") != "proxy") {
|
if viper.GetString("AuthMethod") != "default" && viper.GetString("AuthMethod") != "proxy" {
|
||||||
log.Fatal("The property 'auth.method' needs to be set to 'default' or 'proxy'.")
|
log.Fatal("The property 'auth.method' needs to be set to 'default' or 'proxy'.")
|
||||||
}
|
}
|
||||||
|
|
||||||
if (viper.GetString("AuthMethod") == "proxy") {
|
if viper.GetString("AuthMethod") == "proxy" {
|
||||||
if(viper.GetString("LoginHeader") == "") {
|
if viper.GetString("LoginHeader") == "" {
|
||||||
log.Fatal("The 'login-header' needs to be specified when 'proxy' authentication is used.")
|
log.Fatal("The 'login-header' needs to be specified when 'proxy' authentication is used.")
|
||||||
}
|
}
|
||||||
log.Println("[WARN] Filebrowser authentication is configured to 'proxy' authentication. This can cause a huge security issue if the infrastructure is not configured correctly.")
|
log.Println("[WARN] Filebrowser authentication is configured to 'proxy' authentication. This can cause a huge security issue if the infrastructure is not configured correctly.")
|
||||||
|
|||||||
@ -71,7 +71,7 @@ type FileBrowser struct {
|
|||||||
// there will only exist one user, called "admin".
|
// there will only exist one user, called "admin".
|
||||||
NoAuth bool
|
NoAuth bool
|
||||||
|
|
||||||
// Define if either, the common authentication mechansim or 'proxy' authentication should be used.
|
// Define if either, the common authentication mechansim or 'proxy' authentication should be used.
|
||||||
// 'proxy' authentication enables a mechanism that authenticates a user based on forwarded
|
// 'proxy' authentication enables a mechanism that authenticates a user based on forwarded
|
||||||
// headers.
|
// headers.
|
||||||
AuthMethod string
|
AuthMethod string
|
||||||
|
|||||||
@ -177,11 +177,11 @@ func validateAuth(c *fb.Context, r *http.Request) (bool, *fb.User) {
|
|||||||
|
|
||||||
// If proxy auth is used do not verify the JWT token if the header is provided.
|
// If proxy auth is used do not verify the JWT token if the header is provided.
|
||||||
if c.AuthMethod == "proxy" {
|
if c.AuthMethod == "proxy" {
|
||||||
u, err := c.Store.Users.GetByUsername(r.Header.Get(c.LoginHeader), c.NewFS)
|
u, err := c.Store.Users.GetByUsername(r.Header.Get(c.LoginHeader), c.NewFS)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return false, nil
|
return false, nil
|
||||||
}
|
}
|
||||||
c.User = u;
|
c.User = u
|
||||||
return true, c.User
|
return true, c.User
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -208,4 +208,3 @@ func validateAuth(c *fb.Context, r *http.Request) (bool, *fb.User) {
|
|||||||
c.User = u
|
c.User = u
|
||||||
return true, u
|
return true, u
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user