From ff454de0fdb50a7b3837ecf233b313aa48b9fd2e Mon Sep 17 00:00:00 2001
From: Roberto Alsina <roberto.alsina@gmail.com>
Date: Thu, 4 Jul 2024 22:04:02 -0300
Subject: [PATCH] Move basic auth from faaso-daemon to caddy

---
 Caddyfile           | 25 +++++++++++++++----------
 Makefile            |  2 +-
 proxy.env           |  1 +
 shard.yml           |  2 --
 src/daemon/main.cr  |  4 ----
 src/daemon/proxy.cr |  6 +++++-
 6 files changed, 22 insertions(+), 18 deletions(-)
 create mode 100644 proxy.env

diff --git a/Caddyfile b/Caddyfile
index 1f4520a..aa42be0 100644
--- a/Caddyfile
+++ b/Caddyfile
@@ -1,14 +1,19 @@
 {
-  http_port 8888
-  https_port 8887
-  local_certs
+	http_port 8888
+	https_port 8887
+	local_certs
 }
 
-http://mindy:8888 {
-  handle_path /admin/terminal/* {
-    reverse_proxy /* http://127.0.0.1:7681
-  }
-  handle_path /admin/* {
-    reverse_proxy /* http://127.0.0.1:3000
-  }
+http://*:8888 {
+	basicauth /admin/* {
+		# admin $2a$14$C35905PxPzICAZKc/O9jYOS7ipZNPBtrndja8Yu3bvs/UujckryHS
+		admin {$HTTP_BASIC_AUTH_PASSWORD}
+	}
+
+	handle_path /admin/terminal/* {
+		reverse_proxy /* http://127.0.0.1:7681
+	}
+	handle_path /admin/* {
+		reverse_proxy /* http://127.0.0.1:3000
+	}
 }
diff --git a/Makefile b/Makefile
index 3057233..1baa5b0 100644
--- a/Makefile
+++ b/Makefile
@@ -3,7 +3,7 @@ build: shard.yml $(wildcard src/**/*cr)
 proxy: build
 	docker build . -t faaso-proxy
 start-proxy:
-	docker run --name faaso-proxy-one --rm --network=faaso-net -v /var/run/docker.sock:/var/run/docker.sock -v secrets:/home/app/secrets -p 8888:8888 faaso-proxy
+	docker run --name faaso-proxy-one --rm --network=faaso-net --env-file=proxy.env -v /var/run/docker.sock:/var/run/docker.sock -v secrets:/home/app/secrets -p 8888:8888 faaso-proxy
 
 
 .PHONY: build proxy-image start-proxy
diff --git a/proxy.env b/proxy.env
new file mode 100644
index 0000000..255caca
--- /dev/null
+++ b/proxy.env
@@ -0,0 +1 @@
+HTTP_BASIC_AUTH_PASSWORD=$2a$14$C35905PxPzICAZKc/O9jYOS7ipZNPBtrndja8Yu3bvs/UujckryHS
diff --git a/shard.yml b/shard.yml
index da486cc..59656b7 100644
--- a/shard.yml
+++ b/shard.yml
@@ -28,5 +28,3 @@ dependencies:
     branch: add_exposed_ports
   kemal:
     github: kemalcr/kemal
-  kemal-basic-auth:
-    github: kemalcr/kemal-basic-auth
diff --git a/src/daemon/main.cr b/src/daemon/main.cr
index 00fe620..667a76a 100644
--- a/src/daemon/main.cr
+++ b/src/daemon/main.cr
@@ -5,13 +5,9 @@ require "./terminal.cr"
 require "compress/gzip"
 require "crystar"
 require "docr"
-require "kemal-basic-auth"
 require "kemal"
 require "uuid"
 
-# FIXME: make configurable
-basic_auth "admin", "admin"
-
 get "/" do |env|
   env.redirect "/index.html"
 end
diff --git a/src/daemon/proxy.cr b/src/daemon/proxy.cr
index fc7ce45..94bfd2d 100644
--- a/src/daemon/proxy.cr
+++ b/src/daemon/proxy.cr
@@ -28,7 +28,11 @@ module Proxy
   local_certs
 }
 
-http://mindy:8888 {
+http://*:8888 {
+	basicauth /admin/* {
+		admin {$HTTP_BASIC_AUTH_PASSWORD}
+	}
+
   handle_path /admin/terminal/* {
     reverse_proxy /* http://127.0.0.1:7681
   }