feat: integrate Authelia SSO and update LLDAP routing
Deploy Dashboard / deploy (push) Successful in 16m20s

This commit is contained in:
Gan, Jimmy
2026-02-27 23:04:57 +08:00
parent c676c84bc1
commit 29a9e9d881
8 changed files with 146 additions and 17 deletions
+24
View File
@@ -109,6 +109,30 @@ async def login(creds: LoginRequest, request: Request):
"has_2fa": bool(totp_secret)
}
@router.get("/proxy")
async def proxy_auth(request: Request):
"""Auto-login when Authelia has already authenticated the user via forward-auth.
Caddy sets Remote-User header after successful Authelia 2FA verification."""
remote_user = request.headers.get("Remote-User")
if not remote_user:
raise HTTPException(status_code=401, detail="No proxy auth header")
# Map the LDAP user to the dashboard admin user
# Only allow known users (the admin)
if remote_user != config.ADMIN_USER:
raise HTTPException(status_code=403, detail="User not authorized for dashboard")
access_token = auth.create_access_token(
data={"sub": remote_user},
expires_delta=timedelta(minutes=config.ACCESS_TOKEN_EXPIRE_MINUTES),
)
refresh_token = auth.create_refresh_token(data={"sub": remote_user})
return {
"access_token": access_token,
"refresh_token": refresh_token,
"token_type": "bearer",
"user": remote_user,
"has_2fa": True,
}
@router.get("/me")
async def read_users_me(current_user: str = Depends(auth.get_current_user)):
totp_secret = auth.load_totp_secret()