Rethought login

This commit is contained in:
Roberto Alsina 2024-07-08 13:34:54 -03:00
parent fe52566872
commit a896f2e032
3 changed files with 26 additions and 8 deletions

View File

@ -18,12 +18,12 @@
* Sanitize all inputs * Sanitize all inputs
* ✅ Streaming responses in slow operations like scaling down * ✅ Streaming responses in slow operations like scaling down
or building or building
* Make more things configurable / remove hardcoded stuff * Make more things configurable / remove hardcoded stuff
* ✅ Make server take options from file * ✅ Make server take options from file
* ✅ Make server take options from environment * ✅ Make server take options from environment
* ✅ Make server password configurable * ✅ Make server password configurable
* admin/admin auth client side [WIP, broke everything] * admin/admin auth client side
* `faaso login` is not working properly yet with proxy * `faaso login` is not working properly yet with proxy
* CD for binaries and images for at least arm64/x86 * CD for binaries and images for at least arm64/x86
* Multi-container docker logs [faaso logs -f FUNKO] * Multi-container docker logs [faaso logs -f FUNKO]
* ✅ Direct error and above to stderr, others to stdout, * ✅ Direct error and above to stderr, others to stdout,

View File

@ -9,10 +9,28 @@ module Faaso
else else
password = STDIN.gets.to_s password = STDIN.gets.to_s
end end
# Testing with auth/ which is guaranteed locked # This is tricky. If the service is running behind a reverse proxy
Crest.get( # then /version is locked, but if it's not, only /auth is locked.
"#{server}auth/", \ # So we try /version first without a password, and if it succeeds
user: "admin", password: password).body # we try /auth with the password. If /version fails, we try /version
# with the password
#
begin
# Version without password.
Crest.get("#{server}version/")
# Auth with password
begin
Crest.get("#{server}auth/", user: "admin", password: password)
rescue ex : Crest::Unauthorized
# Failed with auth/
Log.error { "Wrong password" }
return 1
end
rescue ex : Crest::Unauthorized
# Version with password
Crest.get("#{server}version/", user: "admin", password: password)
end
# If we got here the password is ok # If we got here the password is ok
CONFIG.hosts[server] = {"admin", password} CONFIG.hosts[server] = {"admin", password}
Config.save Config.save

View File

@ -20,7 +20,7 @@ class Config
end end
class ConfigAuthHandler < Kemal::BasicAuth::Handler class ConfigAuthHandler < Kemal::BasicAuth::Handler
only ["/auth"] only ["/auth", "/auth/*"]
def call(context) def call(context)
return call_next(context) unless only_match?(context) return call_next(context) unless only_match?(context)