Allows auth information from AccessList not to be passed to proxied hosts. Resolves issue NginxProxyManager#153.

James Morgan · James Morgan · commit 0df054577746 · 2020-10-15T10:23:09.000+11:00
Signed-off-by: James Morgan &lt;jmorgan.au+github@gmail.com&gt;
diff --git a/backend/internal/access-list.js b/backend/internal/access-list.js
@@ -31,6 +31,7 @@ const internalAccessList = {
 					.insertAndFetch({
 						name:          data.name,
 						satisfy_any:   data.satisfy_any,
+						pass_auth:     data.pass_auth,
 						owner_user_id: access.token.getUserId(1)
 					});
 			})
@@ -128,6 +129,7 @@ const internalAccessList = {
 						.patch({
 							name:        data.name,
 							satisfy_any: data.satisfy_any,
+							pass_auth:   data.pass_auth,
 						});
 				}
 			})
diff --git a/backend/migrations/20201014143841_pass_auth.js b/backend/migrations/20201014143841_pass_auth.js
@@ -0,0 +1,41 @@
+const migrate_name = 'pass_auth';
+const logger       = require('../logger').migrate;
+
+/**
+ * Migrate
+ *
+ * @see http://knexjs.org/#Schema
+ *
+ * @param   {Object}  knex
+ * @param   {Promise} Promise
+ * @returns {Promise}
+ */
+exports.up = function (knex/*, Promise*/) {
+
+	logger.info('[' + migrate_name + '] Migrating Up...');
+
+	return knex.schema.table('access_list', function (access_list) {
+		access_list.integer('pass_auth').notNull().defaultTo(1);
+	})
+		.then(() => {
+			logger.info('[' + migrate_name + '] access_list Table altered');
+		});
+};
+
+/**
+ * Undo Migrate
+ *
+ * @param {Object} knex
+ * @param {Promise} Promise
+ * @returns {Promise}
+ */
+exports.down = function (knex/*, Promise*/) {
+	logger.info('[' + migrate_name + '] Migrating Down...');
+
+	return knex.schema.table('access_list', function (access_list) {
+		access_list.dropColumn('pass_auth');
+	})
+		.then(() => {
+			logger.info('[' + migrate_name + '] access_list pass_auth Column dropped');
+		});
+};
diff --git a/backend/models/access_list.js b/backend/models/access_list.js
@@ -93,6 +93,10 @@ class AccessList extends Model {
 	get satisfy() {
 		return this.satisfy_any ? 'satisfy any' : 'satisfy all';
 	}
+
+	get passauth() {
+		return this.pass_auth ? '' : 'proxy_set_header Authorization "";';
+	}
 }
 
 module.exports = AccessList;
diff --git a/backend/schema/endpoints/access-lists.json b/backend/schema/endpoints/access-lists.json
@@ -42,6 +42,9 @@
 		"satisfy_any": {
 			"type": "boolean"
 		},
+		"pass_auth": {
+			"type": "boolean"
+		},
 		"meta": {
 			"type": "object"
 		}
@@ -102,6 +105,9 @@
 					"satisfy_any": {
 						"$ref": "#/definitions/satisfy_any"
 					},
+					"pass_auth": {
+						"$ref": "#/definitions/pass_auth"
+					},
 					"items": {
 						"type": "array",
 						"minItems": 0,
@@ -167,6 +173,9 @@
 					"satisfy_any": {
 						"$ref": "#/definitions/satisfy_any"
 					},
+					"pass_auth": {
+						"$ref": "#/definitions/pass_auth"
+					},
 					"items": {
 						"type": "array",
 						"minItems": 0,
diff --git a/backend/templates/proxy_host.conf b/backend/templates/proxy_host.conf
@@ -27,6 +27,8 @@ server {
     # Authorization
     auth_basic            "Authorization required";
     auth_basic_user_file  /data/access/{{ access_list_id }};
+
+    {{ access_list.passauth }}
     {% endif %}
 
     # Access Rules
diff --git a/frontend/js/app/nginx/access/form.ejs b/frontend/js/app/nginx/access/form.ejs
@@ -31,6 +31,16 @@
                                 </label>
                             </div>
                         </div>
+
+                        <div class="col-sm-6 col-md-6">
+                            <div class="form-group">
+                                <label class="custom-switch">
+                                    <input type="checkbox" class="custom-switch-input" name="pass_auth" value="1"<%- typeof pass_auth !== 'undefined' && pass_auth ? ' checked' : '' %>>
+                                    <span class="custom-switch-indicator"></span>
+                                    <span class="custom-switch-description"><%- i18n('access-lists', 'pass-auth') %></span>
+                                </label>
+                            </div>
+                        </div>
                     </div>
                 </div>
 
diff --git a/frontend/js/app/nginx/access/form.js b/frontend/js/app/nginx/access/form.js
@@ -73,6 +73,7 @@ module.exports = Mn.View.extend({
             let data = {
                 name:       form_data.name,
                 satisfy_any: !!form_data.satisfy_any,
+                pass_auth: !!form_data.pass_auth,
                 items:      items_data,
                 clients:    clients_data
             };
diff --git a/frontend/js/i18n/messages.json b/frontend/js/i18n/messages.json
@@ -206,7 +206,8 @@
       "authorization": "Authorization",
       "access": "Access",
       "satisfy": "Satisfy",
-      "satisfy-any": "Satisfy Any"
+      "satisfy-any": "Satisfy Any",
+      "pass-auth": "Pass Auth to Host"
     },
     "users": {
       "title": "Users",

Original file line number	Diff line number	Diff line change
`@@ -93,6 +93,10 @@ class AccessList extends Model {`
`93`	`93`	`get satisfy() {`
`94`	`94`	`return this.satisfy_any ? 'satisfy any' : 'satisfy all';`
`95`	`95`	`}`
	`96`	`+`
	`97`	`+ get passauth() {`
	`98`	`+ return this.pass_auth ? '' : 'proxy_set_header Authorization "";';`
	`99`	`+ }`
`96`	`100`	`}`
`97`	`101`
`98`	`102`	`module.exports = AccessList;`