mirror of
https://github.com/blakeblackshear/frigate.git
synced 2025-09-26 11:31:28 +08:00
74ca009b0b
* db migration * db model * assign admin role on password reset * add role to jwt and api responses * don't restrict api access for admins yet * use json response * frontend auth context * update auth form for profile endpoint * add access denied page * add protected routes * auth hook * dialogs * user settings view * restrict viewer access to settings * restrict camera functions for viewer role * add password dialog to account menu * spacing tweak * migrator default to admin * escape quotes in migrator * ui tweaks * tweaks * colors * colors * fix merge conflict * fix icons * add api layer enforcement * ui tweaks * fix error message * debug * clean up * remove print * guard apis for admin only * fix tests * fix review tests * use correct error responses from api in toasts * add role to account menu
25 lines
1.0 KiB
Plaintext
25 lines
1.0 KiB
Plaintext
## Send a subrequest to verify if the user is authenticated and has permission to access the resource.
|
|
auth_request /auth;
|
|
|
|
## Save the upstream metadata response headers from the auth request to variables
|
|
auth_request_set $user $upstream_http_remote_user;
|
|
auth_request_set $role $upstream_http_remote_role;
|
|
auth_request_set $groups $upstream_http_remote_groups;
|
|
auth_request_set $name $upstream_http_remote_name;
|
|
auth_request_set $email $upstream_http_remote_email;
|
|
|
|
## Inject the metadata response headers from the variables into the request made to the backend.
|
|
proxy_set_header Remote-User $user;
|
|
proxy_set_header Remote-Role $role;
|
|
proxy_set_header Remote-Groups $groups;
|
|
proxy_set_header Remote-Email $email;
|
|
proxy_set_header Remote-Name $name;
|
|
|
|
## Refresh the cookie as needed
|
|
auth_request_set $auth_cookie $upstream_http_set_cookie;
|
|
add_header Set-Cookie $auth_cookie;
|
|
|
|
## Pass the location header back up if it exists
|
|
auth_request_set $redirection_url $upstream_http_location;
|
|
add_header Location $redirection_url;
|