From d67a24809b98ccf7a19602e72e19f3e773285f87 Mon Sep 17 00:00:00 2001
From: Alex Ling <hkalexling@gmail.com>
Date: Sat, 30 Jan 2021 07:39:10 +0000
Subject: [PATCH] Allow proxy authentication (#141)

---
 src/config.cr                |  1 +
 src/handlers/auth_handler.cr | 12 +++++++++++-
 src/util/web.cr              | 13 +++++++------
 3 files changed, 19 insertions(+), 7 deletions(-)

diff --git a/src/config.cr b/src/config.cr
index 3ac5af2..684dfb7 100644
--- a/src/config.cr
+++ b/src/config.cr
@@ -22,6 +22,7 @@ class Config
   property page_margin : Int32 = 30
   property disable_login = false
   property default_username = ""
+  property auth_proxy_header_name = ""
   property mangadex = Hash(String, String | Int32).new
 
   @[YAML::Field(ignore: true)]
diff --git a/src/handlers/auth_handler.cr b/src/handlers/auth_handler.cr
index b6891d5..a8f0087 100644
--- a/src/handlers/auth_handler.cr
+++ b/src/handlers/auth_handler.cr
@@ -93,8 +93,18 @@ class AuthHandler < Kemal::Handler
     call_next env
   end
 
+  def handle_auth_proxy(env)
+    username = env.request.headers[Config.current.auth_proxy_header_name]?
+    unless username && Storage.default.username_exists username
+      return redirect env, "/login"
+    end
+    call_next env
+  end
+
   def call(env)
-    if request_path_startswith env, ["/opds"]
+    if !Config.current.auth_proxy_header_name.empty?
+      handle_auth_proxy env
+    elsif request_path_startswith env, ["/opds"]
       handle_opds_auth env
     else
       handle_auth env
diff --git a/src/util/web.cr b/src/util/web.cr
index 03c114d..1f886a1 100644
--- a/src/util/web.cr
+++ b/src/util/web.cr
@@ -3,13 +3,12 @@
 # This macro defines `is_admin` when used
 macro check_admin_access
   is_admin = false
-  # The token (if exists) takes precedence over the default user option.
-  #   this is why we check the default username first before checking the
-  #   token.
-  if Config.current.disable_login
-    is_admin = Storage.default.
-      username_is_admin Config.current.default_username
+  if !Config.current.auth_proxy_header_name.empty? ||
+      Config.current.disable_login
+    is_admin = Storage.default.username_is_admin get_username env
   end
+
+  # The token (if exists) takes precedence over other authentication methods.
   if token = env.session.string? "token"
     is_admin = Storage.default.verify_admin token
   end
@@ -49,6 +48,8 @@ macro get_username(env)
   rescue e
     if Config.current.disable_login
       Config.current.default_username
+    elsif (header = Config.current.auth_proxy_header_name) && !header.empty?
+      env.request.headers[header]
     else
       raise e
     end