diff --git a/cmd/filebrowser/main.go b/cmd/filebrowser/main.go index 2bdd4031..2d959f28 100644 --- a/cmd/filebrowser/main.go +++ b/cmd/filebrowser/main.go @@ -10,15 +10,13 @@ import ( "github.com/hacdias/fileutils" flag "github.com/spf13/pflag" "github.com/spf13/viper" - "gopkg.in/natefinch/lumberjack.v2" "io/ioutil" "log" "net" "net/http" "os" "path/filepath" - "strings" -) + "strings") var ( addr string @@ -64,8 +62,8 @@ func init() { flag.BoolVar(&allowCommands, "allow-commands", true, "Default allow commands option for new users") flag.BoolVar(&allowEdit, "allow-edit", true, "Default allow edit option for new users") flag.BoolVar(&allowPublish, "allow-publish", true, "Default allow publish option for new users") - flag.StringVar(&auth.method, "auth.method", "default", "Switch between 'default' and 'proxy' authentication.") - flag.StringVar(&auth.loginHeader, "auth.login-header", "X-Forwarded-User", "The header name used for proxy authentication.") + flag.StringVar(&auth.method, "auth.method", "default", "Switch between 'none', 'default' and 'proxy' authentication.") + flag.StringVar(&auth.loginHeader, "auth.loginHeader", "X-Forwarded-User", "The header name used for proxy authentication.") flag.BoolVar(&allowNew, "allow-new", true, "Default allow new option for new users") flag.BoolVar(&noAuth, "no-auth", false, "Disables authentication") flag.BoolVar(&alterRecaptcha, "alternative-recaptcha", false, "Use recaptcha.net for serving and handling, useful in China") @@ -110,7 +108,7 @@ func setupViper() { viper.BindPFlag("Locale", flag.Lookup("locale")) viper.BindPFlag("StaticGen", flag.Lookup("staticgen")) viper.BindPFlag("AuthMethod", flag.Lookup("auth.method")) - viper.BindPFlag("LoginHeader", flag.Lookup("auth.login-header")) + viper.BindPFlag("LoginHeader", flag.Lookup("auth.loginHeader")) viper.BindPFlag("NoAuth", flag.Lookup("no-auth")) viper.BindPFlag("BaseURL", flag.Lookup("baseurl")) viper.BindPFlag("PrefixURL", flag.Lookup("prefixurl")) @@ -176,13 +174,13 @@ func main() { } // Validate the provided config before moving forward - if viper.GetString("AuthMethod") != "default" && viper.GetString("AuthMethod") != "proxy" { + if viper.GetString("AuthMethod") != "none" && viper.GetString("AuthMethod") != "default" && viper.GetString("AuthMethod") != "proxy" { log.Fatal("The property 'auth.method' needs to be set to 'default' or 'proxy'.") } if viper.GetString("AuthMethod") == "proxy" { if viper.GetString("LoginHeader") == "" { - log.Fatal("The 'login-header' needs to be specified when 'proxy' authentication is used.") + log.Fatal("The 'loginHeader' needs to be specified when 'proxy' authentication is used.") } log.Println("[WARN] Filebrowser authentication is configured to 'proxy' authentication. This can cause a huge security issue if the infrastructure is not configured correctly.") } diff --git a/doc.go b/doc.go index 82fe9895..23fabeec 100644 --- a/doc.go +++ b/doc.go @@ -17,7 +17,7 @@ to import "github.com/filebrowser/filebrowser/bolt". m := &fm.FileBrowser{ NoAuth: false, Auth: { - Type: "default", + Method: "default", LoginHeader: "X-Fowarded-User" }, DefaultUser: &fm.User{ diff --git a/filebrowser.go b/filebrowser.go index 4d607131..5bf60aa6 100644 --- a/filebrowser.go +++ b/filebrowser.go @@ -15,8 +15,7 @@ import ( "golang.org/x/crypto/bcrypt" - "github.com/GeertJohan/go.rice" - "github.com/hacdias/fileutils" + "github.com/GeertJohan/go.rice" "github.com/hacdias/fileutils" "github.com/mholt/caddy" "github.com/robfig/cron" ) @@ -71,9 +70,11 @@ type FileBrowser struct { // there will only exist one user, called "admin". NoAuth bool - // Define if either, the common authentication mechansim or 'proxy' authentication should be used. - // 'proxy' authentication enables a mechanism that authenticates a user based on forwarded - // headers. + // Define if which of the following authentication mechansims should be used: + // - 'default', which requires a user and a password. + // - 'proxy', which requires a valid user and the user name has to be provided through an + // http header. + // - 'none', which allows anyone to access the filebrowser instance. AuthMethod string // When 'AuthMethod' is set to 'proxy' the header configured below is used to identify the user.