[PR #594] [CLOSED] User auth via proxy request header #683

New issue

Closed

opened 2026-02-25 23:35:07 +03:00 by kerem · 0 comments

kerem commented

2026-02-25 23:35:07 +03:00

Owner

📋 Pull Request Information

Original PR: https://github.com/go-shiori/shiori/pull/594
Author: @chain710
Created: 3/20/2023
Status: ❌ Closed

Base: master ← Head: feat/authproxy

📝 Commits (2)

ac4f6c4 User auth via proxy request header
e5e5502 Merge branch 'master' into feat/authproxy

📊 Changes

6 files changed (+228 additions, -64 deletions)

View changed files

📝 internal/cmd/serve.go (+12 -6)
📝 internal/view/index.html (+20 -4)
➕ internal/webserver/cidrs.go (+51 -0)
📝 internal/webserver/handler-api.go (+16 -15)
📝 internal/webserver/handler.go (+40 -4)
📝 internal/webserver/server.go (+89 -35)

📄 Description

The Auth Proxy enables user authentication using an HTTP header from an external authentication service. I propose adding two arguments in serve command:

reverse-proxy-auth-user: This argument specifies the name of the proxy authentication HTTP header, such as X-Auth-User.
trusted-proxies: This argument ensures that the auth-proxy is only used when requests come from trusted IP addresses.

Use case:

Authentication is provided by either Authelia or Keycloak.
Nginx passes the X-Auth-User header to Shiori, which comes from the authentication provider.
Shiori looks up the user in the database and returns a session.

Let me know if you have any further questions or if you'd like me to make any additional revisions.

Reference:

https://grafana.com/docs/grafana/latest/setup-grafana/configure-security/configure-authentication/auth-proxy/
https://github.com/gogs/gogs/issues/165
https://github.com/miniflux/v2/pull/570

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/go-shiori/shiori/pull/594 **Author:** [@chain710](https://github.com/chain710) **Created:** 3/20/2023 **Status:** ❌ Closed **Base:** `master` ← **Head:** `feat/authproxy` --- ### 📝 Commits (2) - [`ac4f6c4`](https://github.com/go-shiori/shiori/commit/ac4f6c4e4a6548fdc0d360b53d6ec5b3a6f6272e) User auth via proxy request header - [`e5e5502`](https://github.com/go-shiori/shiori/commit/e5e5502050c6fa2e5d1fb99f4b4d6b4bb175af39) Merge branch 'master' into feat/authproxy ### 📊 Changes **6 files changed** (+228 additions, -64 deletions) <details> <summary>View changed files</summary> 📝 `internal/cmd/serve.go` (+12 -6) 📝 `internal/view/index.html` (+20 -4) ➕ `internal/webserver/cidrs.go` (+51 -0) 📝 `internal/webserver/handler-api.go` (+16 -15) 📝 `internal/webserver/handler.go` (+40 -4) 📝 `internal/webserver/server.go` (+89 -35) </details> ### 📄 Description The Auth Proxy enables user authentication using an HTTP header from an external authentication service. I propose adding two arguments in serve command: 1. reverse-proxy-auth-user: This argument specifies the name of the proxy authentication HTTP header, such as X-Auth-User. 2. trusted-proxies: This argument ensures that the `auth-proxy` is only used when requests come from trusted IP addresses. Use case: 1. Authentication is provided by either Authelia or Keycloak. 2. Nginx passes the X-Auth-User header to Shiori, which comes from the authentication provider. 3. Shiori looks up the user in the database and returns a session. Let me know if you have any further questions or if you'd like me to make any additional revisions. Reference: https://grafana.com/docs/grafana/latest/setup-grafana/configure-security/configure-authentication/auth-proxy/ https://github.com/gogs/gogs/issues/165 https://github.com/miniflux/v2/pull/570 --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>