auth-proxy: proxies only authenticated requests to upstream, redirects to login page otherwise (#103)
* auth-proxy: inspects authenticated user
* ingress: chart and use in rpuppy
* auth-proxy: make it optional in rpuppy
* kratos: whitelist env pub/priv domains for auth return_to addr
* url-shortener: put behind auth-proxy
* pihole: replace oauth2-client with auth-proxy
* auth-proxy: fix upstream uri generation
* pihole: remove old chart using oauth2
* auth-proxy: remove temporary values file
* url-shortener: check x-user header for authentication
* auth: fix allowed_return_urls list
* auth-proxy: fix current address generation logic
---------
Co-authored-by: Giorgi Lekveishvili <lekva@gl-mbp-m1-max.local>
diff --git a/apps/url-shortener/main.go b/apps/url-shortener/main.go
index b1db1f9..bb805e4 100644
--- a/apps/url-shortener/main.go
+++ b/apps/url-shortener/main.go
@@ -157,8 +157,11 @@
}
func getLoggedInUser(r *http.Request) (string, error) {
- // TODO(dato): should make a request to get loggedin user
- return "tabo", nil
+ if user := r.Header.Get("X-User"); user != "" {
+ return user, nil
+ } else {
+ return "", fmt.Errorf("unauthenticated")
+ }
}
type Server struct {