mirror of
https://github.com/grocy/grocy.git
synced 2026-03-29 17:19:25 +02:00
1734484ba7
Consider the case where a Grocy user wants to use reverse proxy authentication OR authentication with an API key. By default, authenticating reverse proxy will unconditionally perform user authentication, before allowing a request to be passed to Grocy which will verify an API key, rendering them virtually useless. So the proxy needs to be configured not to perform authentication in certain cases, for example the presence of the `Grocy-Api-Key` HTTP header, or the path being a subdirectory of `/api/`. It can however be tricky to configure this though. For example, nginx does not allow conditional authentication, or conditional header setting. In those cases, when the condition is met, the username header would still be returned, albeit empty. Grocy will then create an user with empty username (not normally possible). It default to having all permissions, and while most are removable, reading chores/stock/etc. do not seem to be, and would thus be public. This returns an error when the username is empty, to accomodate for those cases. |
||
|---|---|---|
| .. | ||
| ApiKeyAuthMiddleware.php | ||
| AuthMiddleware.php | ||
| BaseMiddleware.php | ||
| CorsMiddleware.php | ||
| DefaultAuthMiddleware.php | ||
| JsonMiddleware.php | ||
| LdapAuthMiddleware.php | ||
| LocaleMiddleware.php | ||
| ReverseProxyAuthMiddleware.php | ||
| SessionAuthMiddleware.php | ||