arian/navidrome
1
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

feat(server): require explicitly enabling reverse proxy auth for unix sockets (#3062)

Browse Source
This commit is contained in:
crazygolem
2024-09-29 19:28:44 +02:00
committed by GitHub
parent ed3ab5385d
commit 06c9c1e64a
2 changed files with 43 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files
server/auth_test.go
+34
View File
@@ -154,6 +154,40 @@ var _ = Describe("Auth", func() {
// Request Header authentication should not generate a JWT token
Expect(parsed).ToNot(HaveKey("token"))
})
It("does not set auth data when listening on unix socket without whitelist", func() {
conf.Server.Address = "unix:/tmp/navidrome-test"
conf.Server.ReverseProxyWhitelist = ""
// No ReverseProxyIp in request context
serveIndex(ds, fs, nil)(resp, req)
config := extractAppConfig(resp.Body.String())
Expect(config["auth"]).To(BeNil())
})
It("does not set auth data when listening on unix socket with incorrect whitelist", func() {
conf.Server.Address = "unix:/tmp/navidrome-test"
req = req.WithContext(request.WithReverseProxyIp(req.Context(), "@"))
serveIndex(ds, fs, nil)(resp, req)
config := extractAppConfig(resp.Body.String())
Expect(config["auth"]).To(BeNil())
})
It("sets auth data when listening on unix socket with correct whitelist", func() {
conf.Server.Address = "unix:/tmp/navidrome-test"
conf.Server.ReverseProxyWhitelist = conf.Server.ReverseProxyWhitelist + ",@"
req = req.WithContext(request.WithReverseProxyIp(req.Context(), "@"))
serveIndex(ds, fs, nil)(resp, req)
config := extractAppConfig(resp.Body.String())
parsed := config["auth"].(map[string]interface{})
Expect(parsed["id"]).To(Equal("111"))
})
})
Describe("login", func() {