feat: integrate Authelia SSO and update LLDAP routing
Deploy Dashboard / deploy (push) Successful in 16m20s
Deploy Dashboard / deploy (push) Successful in 16m20s
This commit is contained in:
@@ -11,3 +11,4 @@ asyncssh==2.17.0
|
||||
slowapi==0.1.9
|
||||
webauthn==2.7.1
|
||||
cryptography>=44.0.2
|
||||
aiosqlite
|
||||
|
||||
@@ -109,6 +109,30 @@ async def login(creds: LoginRequest, request: Request):
|
||||
"has_2fa": bool(totp_secret)
|
||||
}
|
||||
|
||||
@router.get("/proxy")
|
||||
async def proxy_auth(request: Request):
|
||||
"""Auto-login when Authelia has already authenticated the user via forward-auth.
|
||||
Caddy sets Remote-User header after successful Authelia 2FA verification."""
|
||||
remote_user = request.headers.get("Remote-User")
|
||||
if not remote_user:
|
||||
raise HTTPException(status_code=401, detail="No proxy auth header")
|
||||
# Map the LDAP user to the dashboard admin user
|
||||
# Only allow known users (the admin)
|
||||
if remote_user != config.ADMIN_USER:
|
||||
raise HTTPException(status_code=403, detail="User not authorized for dashboard")
|
||||
access_token = auth.create_access_token(
|
||||
data={"sub": remote_user},
|
||||
expires_delta=timedelta(minutes=config.ACCESS_TOKEN_EXPIRE_MINUTES),
|
||||
)
|
||||
refresh_token = auth.create_refresh_token(data={"sub": remote_user})
|
||||
return {
|
||||
"access_token": access_token,
|
||||
"refresh_token": refresh_token,
|
||||
"token_type": "bearer",
|
||||
"user": remote_user,
|
||||
"has_2fa": True,
|
||||
}
|
||||
|
||||
@router.get("/me")
|
||||
async def read_users_me(current_user: str = Depends(auth.get_current_user)):
|
||||
totp_secret = auth.load_totp_secret()
|
||||
|
||||
Reference in New Issue
Block a user