Merge pull request #866 from ajgon/feat/reverse-proxy-auth

2025-05-14 15:14:31 -04:00 · 2023-01-09 18:22:46 -08:00 · 2023-01-09 18:22:46 -08:00 · 0487cb9733
commit 0487cb9733
parent 0cbeeb4346 dca69933eb
3 changed files with 61 additions and 30 deletions
--- a/archivebox/config.py
+++ b/archivebox/config.py
@ -99,8 +99,13 @@ CONFIG_SCHEMA: Dict[str, ConfigDefaultDict] = {
        'FOOTER_INFO':               {'type': str,   'default': 'Content is hosted for personal archiving purposes only.  Contact server owner for any takedown requests.'},
        'SNAPSHOTS_PER_PAGE':        {'type': int,   'default': 40},
        'CUSTOM_TEMPLATES_DIR':      {'type': str,   'default': None},
        'TIME_ZONE':                 {'type': str,   'default': 'UTC'},
        'TIMEZONE':                 {'type': str,   'default': 'UTC'},
        'REVERSE_PROXY_USER_HEADER': {'type': str,   'default': 'Remote-User'},
        'REVERSE_PROXY_WHITELIST':   {'type': str,   'default': ''},
        'LOGOUT_REDIRECT_URL':       {'type': str,   'default': '/'},
        'PREVIEW_ORIGINALS':        {'type': bool,  'default': True},
        'LOGOUT_REDIRECT_URL':   {'type': str,   'default': '/'},
    },
    'ARCHIVE_METHOD_TOGGLES': {
--- a/archivebox/core/middleware.py
+++ b/archivebox/core/middleware.py
@ -1,8 +1,11 @@
 __package__ = 'archivebox.core'
 import ipaddress
 from django.utils import timezone
 from django.contrib.auth.middleware import RemoteUserMiddleware
 from django.core.exceptions import ImproperlyConfigured
-from ..config import PUBLIC_SNAPSHOTS
+from ..config import PUBLIC_SNAPSHOTS, REVERSE_PROXY_USER_HEADER, REVERSE_PROXY_WHITELIST
 def detect_timezone(request, activate: bool=True):
@ -35,3 +38,23 @@ def CacheControlMiddleware(get_response):
        return response
    return middleware
 class ReverseProxyAuthMiddleware(RemoteUserMiddleware):
    header = 'HTTP_{normalized}'.format(normalized=REVERSE_PROXY_USER_HEADER.replace('-', '_').upper())
    def process_request(self, request):
        if REVERSE_PROXY_WHITELIST == '':
            return
        ip = request.META.get('REMOTE_ADDR')
        for cidr in REVERSE_PROXY_WHITELIST.split(','):
            try:
                network = ipaddress.ip_network(cidr)
            except ValueError:
                raise ImproperlyConfigured(
                    "The REVERSE_PROXY_WHITELIST config paramater is in invalid format, or "
                    "contains invalid CIDR. Correct format is a coma-separated list of IPv4/IPv6 CIDRs.")
            if ipaddress.ip_address(ip) in network:
                return super().process_request(request)
--- a/archivebox/core/settings.py
+++ b/archivebox/core/settings.py
@ -34,7 +34,8 @@ WSGI_APPLICATION = 'core.wsgi.application'
 ROOT_URLCONF = 'core.urls'
 LOGIN_URL = '/accounts/login/'
-LOGOUT_REDIRECT_URL = '/'
+LOGOUT_REDIRECT_URL = os.environ.get('LOGOUT_REDIRECT_URL', '/')
 PASSWORD_RESET_URL = '/accounts/password_reset/'
 APPEND_SLASH = True
@ -61,11 +62,13 @@ MIDDLEWARE = [
    'django.middleware.common.CommonMiddleware',
    'django.middleware.csrf.CsrfViewMiddleware',
    'django.contrib.auth.middleware.AuthenticationMiddleware',
    'core.middleware.ReverseProxyAuthMiddleware',
    'django.contrib.messages.middleware.MessageMiddleware',
    'core.middleware.CacheControlMiddleware',
 ]
 AUTHENTICATION_BACKENDS = [
    'django.contrib.auth.backends.RemoteUserBackend',
    'django.contrib.auth.backends.ModelBackend',
 ]