Auth! (#11347)

* reload the window on 401 * backend apis for auth * add login page * re-enable web linter * fix login page routing * bypass csrf for internal auth endpoint * disable healthcheck in devcontainer target * include login page in vite build * redirect to login page on 401 * implement config for users and settings * implement JWT actual secret * add brute force protection on login * add support for redirecting from auth failures on api calls * return location for redirect * default cookie name should pass regex test * set hash iterations to current OWASP recommendation * move users to database instead of config * config option to reset admin password on startup * user management UI * check for deleted user on refresh * validate username and fixes * remove password constraint * cleanup * fix user check on refresh * web fixes * implement auth via new external port * use x-forwarded-for to rate limit login attempts by ip * implement logout and profile * fixes * lint fixes * add support for user passthru from upstream proxies * add support for specifying a logout url * add documentation * Update docs/docs/configuration/authentication.md Co-authored-by: Nicolas Mowen <nickmowen213@gmail.com> * Update docs/docs/configuration/authentication.md Co-authored-by: Nicolas Mowen <nickmowen213@gmail.com> --------- Co-authored-by: Nicolas Mowen <nickmowen213@gmail.com>
2025-09-27 03:46:15 +08:00 · 2024-05-18 11:36:13 -05:00
parent a70dd02788
commit 1133202cbd
48 changed files with 2541 additions and 833 deletions
--- a/docker/main/build_nginx.sh
+++ b/docker/main/build_nginx.sh
@@ -5,6 +5,8 @@ set -euxo pipefail
 NGINX_VERSION="1.25.3"
 VOD_MODULE_VERSION="1.31"
 SECURE_TOKEN_MODULE_VERSION="1.5"
+SET_MISC_MODULE_VERSION="v0.33"
+NGX_DEVEL_KIT_VERSION="v0.3.3"

 cp /etc/apt/sources.list /etc/apt/sources.list.d/sources-src.list
 sed -i 's|deb http|deb-src http|g' /etc/apt/sources.list.d/sources-src.list
@@ -49,13 +51,27 @@ wget https://github.com/kaltura/nginx-secure-token-module/archive/refs/tags/${SE
 tar -zxf ${SECURE_TOKEN_MODULE_VERSION}.tar.gz -C /tmp/nginx-secure-token-module --strip-components=1
 rm ${SECURE_TOKEN_MODULE_VERSION}.tar.gz

+mkdir /tmp/ngx_devel_kit
+wget https://github.com/vision5/ngx_devel_kit/archive/refs/tags/${NGX_DEVEL_KIT_VERSION}.tar.gz
+tar -zxf ${NGX_DEVEL_KIT_VERSION}.tar.gz -C /tmp/ngx_devel_kit --strip-components=1
+rm ${NGX_DEVEL_KIT_VERSION}.tar.gz
+
+mkdir /tmp/nginx-set-misc-module
+wget https://github.com/openresty/set-misc-nginx-module/archive/refs/tags/${SET_MISC_MODULE_VERSION}.tar.gz
+tar -zxf ${SET_MISC_MODULE_VERSION}.tar.gz -C /tmp/nginx-set-misc-module --strip-components=1
+rm ${SET_MISC_MODULE_VERSION}.tar.gz
+
 cd /tmp/nginx

 ./configure --prefix=/usr/local/nginx \
    --with-file-aio \
    --with-http_sub_module \
    --with-http_ssl_module \
+    --with-http_auth_request_module \
+    --with-http_realip_module \
    --with-threads \
+    --add-module=../ngx_devel_kit \
+    --add-module=../nginx-set-misc-module \
    --add-module=../nginx-vod-module \
    --add-module=../nginx-secure-token-module \
    --with-cc-opt="-O3 -Wno-error=implicit-fallthrough"