nicoeri/filebrowser
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Rename "login-header" to "loginHeader" and prepare auth.method to accept "none" as a value

Browse Source
This commit is contained in:
Marvin Weck 2018-08-07 16:29:43 +02:00
parent 94fc3f03d5
commit 66238a4c04
3 changed files with 13 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
cmd/filebrowser/main.go
View File

@ -10,15 +10,13 @@ import (
"github.com/hacdias/fileutils" "github.com/hacdias/fileutils"
flag "github.com/spf13/pflag" flag "github.com/spf13/pflag"
"github.com/spf13/viper" "github.com/spf13/viper"
"gopkg.in/natefinch/lumberjack.v2"
"io/ioutil" "io/ioutil"
"log" "log"
"net" "net"
"net/http" "net/http"
"os" "os"
"path/filepath" "path/filepath"
"strings" "strings")
)
var ( var (
addr string addr string
@ -64,8 +62,8 @@ func init() {
flag.BoolVar(&allowCommands, "allow-commands", true, "Default allow commands option for new users") flag.BoolVar(&allowCommands, "allow-commands", true, "Default allow commands option for new users")
flag.BoolVar(&allowEdit, "allow-edit", true, "Default allow edit option for new users") flag.BoolVar(&allowEdit, "allow-edit", true, "Default allow edit option for new users")
flag.BoolVar(&allowPublish, "allow-publish", true, "Default allow publish option for new users") flag.BoolVar(&allowPublish, "allow-publish", true, "Default allow publish option for new users")
flag.StringVar(&auth.method, "auth.method", "default", "Switch between 'default' and 'proxy' authentication.") flag.StringVar(&auth.method, "auth.method", "default", "Switch between 'none', 'default' and 'proxy' authentication.")
flag.StringVar(&auth.loginHeader, "auth.login-header", "X-Forwarded-User", "The header name used for proxy authentication.") flag.StringVar(&auth.loginHeader, "auth.loginHeader", "X-Forwarded-User", "The header name used for proxy authentication.")
flag.BoolVar(&allowNew, "allow-new", true, "Default allow new option for new users") flag.BoolVar(&allowNew, "allow-new", true, "Default allow new option for new users")
flag.BoolVar(&noAuth, "no-auth", false, "Disables authentication") flag.BoolVar(&noAuth, "no-auth", false, "Disables authentication")
flag.BoolVar(&alterRecaptcha, "alternative-recaptcha", false, "Use recaptcha.net for serving and handling, useful in China") flag.BoolVar(&alterRecaptcha, "alternative-recaptcha", false, "Use recaptcha.net for serving and handling, useful in China")
@ -110,7 +108,7 @@ func setupViper() {
viper.BindPFlag("Locale", flag.Lookup("locale")) viper.BindPFlag("Locale", flag.Lookup("locale"))
viper.BindPFlag("StaticGen", flag.Lookup("staticgen")) viper.BindPFlag("StaticGen", flag.Lookup("staticgen"))
viper.BindPFlag("AuthMethod", flag.Lookup("auth.method")) viper.BindPFlag("AuthMethod", flag.Lookup("auth.method"))
viper.BindPFlag("LoginHeader", flag.Lookup("auth.login-header")) viper.BindPFlag("LoginHeader", flag.Lookup("auth.loginHeader"))
viper.BindPFlag("NoAuth", flag.Lookup("no-auth")) viper.BindPFlag("NoAuth", flag.Lookup("no-auth"))
viper.BindPFlag("BaseURL", flag.Lookup("baseurl")) viper.BindPFlag("BaseURL", flag.Lookup("baseurl"))
viper.BindPFlag("PrefixURL", flag.Lookup("prefixurl")) viper.BindPFlag("PrefixURL", flag.Lookup("prefixurl"))
@ -176,13 +174,13 @@ func main() {
} }
// Validate the provided config before moving forward // Validate the provided config before moving forward
if viper.GetString("AuthMethod") != "default" && viper.GetString("AuthMethod") != "proxy" { if viper.GetString("AuthMethod") != "none" && viper.GetString("AuthMethod") != "default" && viper.GetString("AuthMethod") != "proxy" {
log.Fatal("The property 'auth.method' needs to be set to 'default' or 'proxy'.") log.Fatal("The property 'auth.method' needs to be set to 'default' or 'proxy'.")
} }
if viper.GetString("AuthMethod") == "proxy" { if viper.GetString("AuthMethod") == "proxy" {
if viper.GetString("LoginHeader") == "" { if viper.GetString("LoginHeader") == "" {
log.Fatal("The 'login-header' needs to be specified when 'proxy' authentication is used.") log.Fatal("The 'loginHeader' needs to be specified when 'proxy' authentication is used.")
} }
log.Println("[WARN] Filebrowser authentication is configured to 'proxy' authentication. This can cause a huge security issue if the infrastructure is not configured correctly.") log.Println("[WARN] Filebrowser authentication is configured to 'proxy' authentication. This can cause a huge security issue if the infrastructure is not configured correctly.")
} }

2
doc.go
View File

@ -17,7 +17,7 @@ to import "github.com/filebrowser/filebrowser/bolt".
m := &fm.FileBrowser{ m := &fm.FileBrowser{
NoAuth: false, NoAuth: false,
Auth: { Auth: {
Type: "default", Method: "default",
LoginHeader: "X-Fowarded-User" LoginHeader: "X-Fowarded-User"
}, },
DefaultUser: &fm.User{ DefaultUser: &fm.User{

11
filebrowser.go
View File

@ -15,8 +15,7 @@ import (
"golang.org/x/crypto/bcrypt" "golang.org/x/crypto/bcrypt"
"github.com/GeertJohan/go.rice" "github.com/GeertJohan/go.rice" "github.com/hacdias/fileutils"
"github.com/hacdias/fileutils"
"github.com/mholt/caddy" "github.com/mholt/caddy"
"github.com/robfig/cron" "github.com/robfig/cron"
) )
@ -71,9 +70,11 @@ type FileBrowser struct {
// there will only exist one user, called "admin". // there will only exist one user, called "admin".
NoAuth bool NoAuth bool
// Define if either, the common authentication mechansim or 'proxy' authentication should be used. // Define if which of the following authentication mechansims should be used:
// 'proxy' authentication enables a mechanism that authenticates a user based on forwarded // - 'default', which requires a user and a password.
// headers. // - 'proxy', which requires a valid user and the user name has to be provided through an
// http header.
// - 'none', which allows anyone to access the filebrowser instance.
AuthMethod string AuthMethod string
// When 'AuthMethod' is set to 'proxy' the header configured below is used to identify the user. // When 'AuthMethod' is set to 'proxy' the header configured below is used to identify the user.