Git-Mirrors/invidious
1
0
Fork 0
mirror of https://github.com/iv-org/invidious.git synced 2025-04-19 23:25:52 -04:00
Code Issues Packages Projects Releases Wiki Activity

Allow user creation based off username, with a config supplied domain

Browse Source
This commit is contained in:
Corey 2024-01-21 03:04:52 -05:00
parent ee6a86959e
commit 3702a58777
No known key found for this signature in database
GPG Key ID: 277D538AD469F307
2 changed files with 34 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
src/invidious/config.cr
View File

@ -118,7 +118,20 @@ class Config
# Enable auto-registration when logging in with reverse proxy auth
property reverse_proxy_registration_enabled : Bool = false
# Header that will contain the username, email address,
property reverse_proxy_auth_header : String = "Remote-User"
property reverse_proxy_auth_user_header : String = "Remote-User"
property reverse_proxy_auth_email_header : String = "Remote-Email"
# If set to false, ignore the User header and only use the Email header.
# If set to a string, then this behavior will be used:
# if the email is blank, the email will instead be set to ${User}@${Domain}, where
# ${User} is the value in the Remote-User header and ${Domain} is the value of this property.
property reverse_proxy_auth_domain : Bool | String = false
# Does nothing if the reverse_proxy_auth_domain property is false.
# Does nothing if the reverse_proxy_auth_require_user property is true.
# If set to true, then the User header is preferred over the Email header.
property reverse_proxy_auth_prefer_user : Bool = false
# Does nothing if the reverse_proxy_auth_domain property is false.
# If set to true, then the Email header is ignored.
property reverse_proxy_auth_require_user : Bool = false
# URL to the modified source code to be easily AGPL compliant
# Will display in the footer, next to the main source code link

22
src/invidious/routes/login.cr
View File

@ -44,8 +44,26 @@ module Invidious::Routes::Login
captcha = nil
if CONFIG.reverse_proxy_auth_enabled
user ||= env.request.headers[CONFIG.reverse_proxy_auth_user_header]
email ||= env.request.headers[CONFIG.reverse_proxy_auth_email_header]
user = env.request.headers[CONFIG.reverse_proxy_auth_user_header]
email = env.request.headers[CONFIG.reverse_proxy_auth_email_header]
domain = CONFIG.reverse_proxy_auth_domain
email_regex = /^[a-zA-Z0-9.!#$%&'*+\/=?^_`{|}~-]+@[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?(?:\.[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)*$/
has_valid_email = email && email_regex.match(email)
if !domain
# Do nothing; here to enable flattening the conditional structure
elsif CONFIG.reverse_proxy_auth_require_user
email = "#{user}@#{domain}"
has_valid_email = email && email_regex.match(email)
elsif CONFIG.reverse_proxy_auth_prefer_user
if user
email = "#{user}@#{domain}"
has_valid_email = email && email_regex.match(email)
end
elsif !has_valid_email && user
email = "#{user}@#{domain}"
has_valid_email = email && email_regex.match(email)
end
user = Invidious::Database::Users.select(email: email)
if user