mirror/booklore
1
0
Fork 0
mirror of https://github.com/booklore-app/booklore.git synced 2025-12-23 14:20:48 -05:00
Code Issues Packages Projects Releases Wiki Activity

Configureable delimiter for remote auth groups (#1782)

Browse Source 
* add groups-delimiter (REMOTE_AUTH_GROUPS_DELIMITER) for parsing groups from a remote auth source

* added doc
This commit is contained in:
Andrew Roberts
2025-12-06 22:20:52 -05:00
committed by GitHub
parent 21e53e1609
commit 6eae9b88dc
4 changed files with 11 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
booklore-api/src/main/java/com/adityachandel/booklore/config/AppProperties.java
View File

@@ -27,6 +27,7 @@ public class AppProperties {
private String headerEmail; private String headerEmail;
private String headerGroups; private String headerGroups;
private String adminGroup; private String adminGroup;
private String groupsDelimiter = "\\s+"; // Default to whitespace for backward compatibility
} }
@Getter @Getter

5
booklore-api/src/main/java/com/adityachandel/booklore/service/user/UserProvisioningService.java
View File

@@ -25,7 +25,6 @@ import java.util.regex.Pattern;
@AllArgsConstructor @AllArgsConstructor
public class UserProvisioningService { public class UserProvisioningService {
private static final Pattern WHITESPACE_PATTERN = Pattern.compile("\\s+");
private final AppProperties appProperties; private final AppProperties appProperties;
private final UserRepository userRepository; private final UserRepository userRepository;
private final LibraryRepository libraryRepository; private final LibraryRepository libraryRepository;
@@ -146,7 +145,9 @@ public class UserProvisioningService {
if (groupsContent.length() >= 2 && groupsContent.charAt(0) == '[' && groupsContent.charAt(groupsContent.length() - 1) == ']') { if (groupsContent.length() >= 2 && groupsContent.charAt(0) == '[' && groupsContent.charAt(groupsContent.length() - 1) == ']') {
groupsContent = groupsContent.substring(1, groupsContent.length() - 1); groupsContent = groupsContent.substring(1, groupsContent.length() - 1);
} }
List<String> groupsList = Arrays.asList(WHITESPACE_PATTERN.split(groupsContent)); String delimiter = appProperties.getRemoteAuth().getGroupsDelimiter();
Pattern groupsPattern = Pattern.compile(delimiter);
List<String> groupsList = Arrays.asList(groupsPattern.split(groupsContent));
isAdmin = groupsList.contains(appProperties.getRemoteAuth().getAdminGroup()); isAdmin = groupsList.contains(appProperties.getRemoteAuth().getAdminGroup());
log.debug("Remote-Auth: user {} will be admin: {}", username, isAdmin); log.debug("Remote-Auth: user {} will be admin: {}", username, isAdmin);
} }

1
booklore-api/src/main/resources/application.yaml
View File

@@ -12,6 +12,7 @@ app:
header-email: ${REMOTE_AUTH_HEADER_EMAIL:Remote-Email} header-email: ${REMOTE_AUTH_HEADER_EMAIL:Remote-Email}
header-groups: ${REMOTE_AUTH_HEADER_GROUPS:Remote-Groups} header-groups: ${REMOTE_AUTH_HEADER_GROUPS:Remote-Groups}
admin-group: ${REMOTE_AUTH_ADMIN_GROUP} admin-group: ${REMOTE_AUTH_ADMIN_GROUP}
groups-delimiter: ${REMOTE_AUTH_GROUPS_DELIMITER:\\s+}
force-disable-oidc: ${FORCE_DISABLE_OIDC:false} force-disable-oidc: ${FORCE_DISABLE_OIDC:false}
server: server:

6
docs/forward-auth-with-proxy.md
View File

@@ -25,6 +25,11 @@ # Header names (your proxy will specify what header names to use)
# Admin group name (optional) # Admin group name (optional)
REMOTE_AUTH_ADMIN_GROUP=admin # Specify this if you want a group to automatically get admin rights REMOTE_AUTH_ADMIN_GROUP=admin # Specify this if you want a group to automatically get admin rights
# Groups delimiter pattern (optional)
REMOTE_AUTH_GROUPS_DELIMITER=\\s+ # Regex pattern for splitting groups. Default: "\\s+" (whitespace)
# Use "\\s*,\\s*" for comma-separated groups
# Use "\\s*;\\s*" for semicolon-separated groups
``` ```
### Docker Compose Example ### Docker Compose Example
@@ -42,6 +47,7 @@ ### Docker Compose Example
- REMOTE_AUTH_HEADER_EMAIL=Remote-Email - REMOTE_AUTH_HEADER_EMAIL=Remote-Email
- REMOTE_AUTH_HEADER_GROUPS=Remote-Groups - REMOTE_AUTH_HEADER_GROUPS=Remote-Groups
- REMOTE_AUTH_ADMIN_GROUP=admin - REMOTE_AUTH_ADMIN_GROUP=admin
# - REMOTE_AUTH_GROUPS_DELIMITER=\\s*,\\s* # Uncomment if your proxy sends comma-separated groups
# ... rest of configuration ... # ... rest of configuration ...
``` ```