third-party-mirrors/navidrome
1
0
Fork 0
mirror of https://github.com/navidrome/navidrome.git synced 2025-04-14 11:17:19 +03:00
Code Issues Packages Projects Releases Wiki Activity

Allow reverse proxy auth for unix socket (#2701)

Browse Source
This commit is contained in:
Kendall Garner 2023-12-12 11:06:27 +00:00 committed by GitHub
parent ab53313273
commit 54597bd575
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
server/auth.go
View File

@ -193,7 +193,7 @@ func UsernameFromToken(r *http.Request) string {
} }
func UsernameFromReverseProxyHeader(r *http.Request) string { func UsernameFromReverseProxyHeader(r *http.Request) string {
if conf.Server.ReverseProxyWhitelist == "" { if conf.Server.ReverseProxyWhitelist == "" && !strings.HasPrefix(conf.Server.Address, "unix:") {
return "" return ""
} }
if !validateIPAgainstList(r.RemoteAddr, conf.Server.ReverseProxyWhitelist) { if !validateIPAgainstList(r.RemoteAddr, conf.Server.ReverseProxyWhitelist) {
@ -316,6 +316,12 @@ func handleLoginFromHeaders(ds model.DataStore, r *http.Request) map[string]inte
} }
func validateIPAgainstList(ip string, comaSeparatedList string) bool { func validateIPAgainstList(ip string, comaSeparatedList string) bool {
// Per https://github.com/golang/go/issues/49825, the remote address
// on a unix socket is '@'
if ip == "@" && strings.HasPrefix(conf.Server.Address, "unix:") {
return true
}
if comaSeparatedList == "" || ip == "" { if comaSeparatedList == "" || ip == "" {
return false return false
} }