djpbessems/lucidAuth
1
0
Fork 0
Code Issues Pull Requests Releases 2 Wiki Activity

Compare commits

base: djpbessems:0.5
Branches Tags
djpbessems:master djpbessems:development
djpbessems:0.6 djpbessems:0.5
..
compare: djpbessems:5c2ae98afbb0f088ca86ae01d493f1abd90939f1
Branches Tags
djpbessems:development djpbessems:master
djpbessems:0.6 djpbessems:0.5

4 Commits
0.5 ... 5c2ae98afb

Author SHA1 Message Date
Danny Bessems
5c2ae98afb Update 'README.md' 2019-12-09 09:27:59 +00:00
Danny Bessems
018b74e140 Update 'README.md' 2019-12-06 14:08:19 +00:00
Danny Bessems
55413d20c5 Merge branch 'development' of djpbessems/lucidAuth into master 2019-06-20 07:50:15 +00:00
Danny Bessems
ba6b6f277a Added external library NProgress and ajax-timeouts 2019-06-19 13:27:00 +00:00
4 changed files with 73 additions and 64 deletions
Expand all files Collapse all files

50
README.md
View File

@ -1,5 +1,5 @@
# lucidAuth # lucidAuth [![](https://img.shields.io/badge/status-in%20production-%23003399.svg)](#) [![](https://img.shields.io/badge/contributors-1-green.svg) ](#)
[![](https://img.shields.io/badge/status-in%20production-%23003399.svg)](#) [![](https://img.shields.io/badge/contributors-1-green.svg) ](#) > *Respect* the unexpected, mitigate your risks
Forward Authentication for use with proxies (caddy, nginx, traefik, etc) Forward Authentication for use with proxies (caddy, nginx, traefik, etc)
@ -14,15 +14,47 @@ Forward Authentication for use with proxies (caddy, nginx, traefik, etc)
- #### in Traefik - #### in Traefik
Add the following lines (change to reflect your existing configuration): Add the following lines (change to reflect your existing configuration):
##### 1.7
``` ```
[frontends.server1] [frontends.server1]
entrypoints = ["https"] entrypoints = ["https"]
backend = "server1" backend = "server1"
[frontends.server1.auth.forward] [frontends.server1.auth.forward]
address = "https://<fqdn>/lucidAuth.validateRequest.php" address = "https://<fqdn>/lucidAuth.validateRequest.php"
[frontends.server1.routes] [frontends.server1.routes]
[frontends.server1.routes.ext] [frontends.server1.routes.ext]
rule = "Host:<fqdn>" rule = "Host:<fqdn>"
```
##### 2.0
Either whitelist IP's which should be trusted to send `HTTP_X-Forwarded-*` headers, ór enable insecure-mode in your static configuration:
```
entryPoints:
https:
address: :443
forwardedHeaders:
trustedIPs:
- "127.0.0.1/32"
- "192.168.1.0/24"
# insecure: true
```
Define a middleware that tells Traefik to forward requests for authentication in your dynamic file provider:
```
https:
middlewares:
ldap-authentication:
forwardAuth:
address: "https://<fqdn>/lucidAuth.validateRequest.php"
trustForwardHeader: true
```
And finally add the new middleware to your service (different methods; this depends on your configuration):
```
# as a label (when using Docker provider)
traefik.http.routers.router1.middlewares: "ldap-authentication@file"
# as yaml (when using file provider)
routers:
router1:
middlewares:
- "ldap-authentication"
``` ```
- #### Important! - #### Important!

2
include/lucidAuth.template.php
View File

@ -15,6 +15,8 @@ $pageLayout['full'] = <<<'FULL'
<link href="misc/style.button.css" rel="stylesheet" /> <link href="misc/style.button.css" rel="stylesheet" />
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.js"></script> <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.js"></script>
<script src="misc/script.translation.js"></script> <script src="misc/script.translation.js"></script>
<script src="https://unpkg.com/nprogress@0.2.0/nprogress.js"></script>
<link href="https://unpkg.com/nprogress@0.2.0/nprogress.css" rel="stylesheet" />
</head> </head>
<body> <body>
<div id="horizon"> <div id="horizon">

27
public/example.php
View File

@ -1,27 +0,0 @@
<?php
// Basic example of PHP script to handle with jQuery-Tabledit plug-in.
// Note that is just an example. Should take precautions such as filtering the input data.
header('Content-Type: application/json');
$input = filter_input_array(INPUT_POST);
$mysqli = new mysqli('localhost', 'user', 'password', 'database');
if (mysqli_connect_errno()) {
echo json_encode(array('mysqli' => 'Failed to connect to MySQL: ' . mysqli_connect_error()));
exit;
}
if ($input['action'] === 'edit') {
$mysqli->query("UPDATE users SET username='" . $input['username'] . "', email='" . $input['email'] . "', avatar='" . $input['avatar'] . "' WHERE id='" . $input['id'] . "'");
} else if ($input['action'] === 'delete') {
$mysqli->query("UPDATE users SET deleted=1 WHERE id='" . $input['id'] . "'");
} else if ($input['action'] === 'restore') {
$mysqli->query("UPDATE users SET deleted=0 WHERE id='" . $input['id'] . "'");
}
mysqli_close($mysqli);
echo json_encode($input);

14
public/misc/script.index.js
View File

@ -40,25 +40,27 @@ $(document).ready(function(){
xhrFields: { xhrFields: {
withCredentials: true, withCredentials: true,
}, },
timeout: 750,
// origin domain should be exempted from timeout
// (because origin domain can/will be different from current domain --due to traefik design).
data: { data: {
ref: btoa(JSON.stringify({ ref: btoa(JSON.stringify({
action: 'login', action: 'login',
token: data.SecureToken token: data.SecureToken
})) }))
} }
}).done(function() {
NProgress.inc(1 / XHR.length);
})); }));
}); });
$.when.apply($, XHR).then(function(){ $.when.apply($, XHR).then(function(){
$.each(arguments, function(_index, _arg) { $.each(arguments, function(_index, _arg) {
// Show progress somehow (maybe something like https://minicss.org/v2/progress) // Finished cross-domain logins (either succesfully or through timeout)
NProgress.done();
window.location.replace(data.Location);
}); });
}); });
} }
// Finished (either succesfully or through timeout) cross-domain logins
// redirect once all finished loading or timeout after $X ms
// origin domain should be exempted from timeout
// (because origin domain can/will be different from current domain --due to traefik design).
//window.location.replace(data.Location);
}, 2250); }, 2250);
} else { } else {
$('#btnlogin').css({ $('#btnlogin').css({