feat(admin): add proxy-only auth bypass and configurable auth header (closes #28)

2025-05-08 04:43:33 -04:00
parent d48b15a5f4
commit b4d6f01432
7 changed files with 278 additions and 75 deletions
--- a/src/models/AdminModel.php
+++ b/src/models/AdminModel.php
@@ -16,10 +16,14 @@ class AdminModel
        $unit = strtolower(substr($val, -1));
        $num  = (int) rtrim($val, 'bkmgtpezyBKMGTPESY');
        switch ($unit) {
-            case 'g': return $num * 1024 ** 3;
-            case 'm': return $num * 1024 ** 2;
-            case 'k': return $num * 1024;
-            default:  return $num;
+            case 'g':
+                return $num * 1024 ** 3;
+            case 'm':
+                return $num * 1024 ** 2;
+            case 'k':
+                return $num * 1024;
+            default:
+                return $num;
        }
    }

@@ -63,6 +67,24 @@ class AdminModel
            $configUpdate['sharedMaxUploadSize'] = $sms;
        }

+        // ── NEW: normalize authBypass & authHeaderName ─────────────────────────
+        if (!isset($configUpdate['loginOptions']['authBypass'])) {
+            $configUpdate['loginOptions']['authBypass'] = false;
+        }
+        $configUpdate['loginOptions']['authBypass'] = (bool)$configUpdate['loginOptions']['authBypass'];
+
+        if (
+            !isset($configUpdate['loginOptions']['authHeaderName'])
+            || !is_string($configUpdate['loginOptions']['authHeaderName'])
+            || trim($configUpdate['loginOptions']['authHeaderName']) === ''
+        ) {
+            $configUpdate['loginOptions']['authHeaderName'] = 'X-Remote-User';
+        } else {
+            $configUpdate['loginOptions']['authHeaderName'] =
+                trim($configUpdate['loginOptions']['authHeaderName']);
+        }
+        // ───────────────────────────────────────────────────────────────────────────
+
        // Convert configuration to JSON.
        $plainTextConfig = json_encode($configUpdate, JSON_PRETTY_PRINT);
        if ($plainTextConfig === false) {
@@ -128,6 +150,19 @@ class AdminModel
                $config['loginOptions']['disableOIDCLogin'] = (bool)$config['loginOptions']['disableOIDCLogin'];
            }

+            if (!array_key_exists('authBypass', $config['loginOptions'])) {
+                $config['loginOptions']['authBypass'] = false;
+            } else {
+                $config['loginOptions']['authBypass'] = (bool)$config['loginOptions']['authBypass'];
+            }
+            if (
+                !array_key_exists('authHeaderName', $config['loginOptions'])
+                || !is_string($config['loginOptions']['authHeaderName'])
+                || trim($config['loginOptions']['authHeaderName']) === ''
+            ) {
+                $config['loginOptions']['authHeaderName'] = 'X-Remote-User';
+            }
+
            // Default values for other keys
            if (!isset($config['globalOtpauthUrl'])) {
                $config['globalOtpauthUrl'] = "";
@@ -166,4 +201,4 @@ class AdminModel
            ];
        }
    }
-}
+}