From d75ebc5efd3e4c2a661fabe073e4aa960e9b9052 Mon Sep 17 00:00:00 2001
From: Kendall Garner <17521368+kgarner7@users.noreply.github.com>
Date: Mon, 28 Jul 2025 14:18:49 +0000
Subject: [PATCH] fix(plugins): don't log "no proxy IP found" when using
 Subsonic API in plugins with reverse proxy auth (#4388)

* fix(auth): Do not try reverse proxy auth if internal auth succeeds

* cmp.Or will still require function results to be evaluated...

* move to a function
---
 server/subsonic/middlewares.go | 21 ++++++++++++++++-----
 1 file changed, 16 insertions(+), 5 deletions(-)

diff --git a/server/subsonic/middlewares.go b/server/subsonic/middlewares.go
index b8f01c83e..af1ba448f 100644
--- a/server/subsonic/middlewares.go
+++ b/server/subsonic/middlewares.go
@@ -47,11 +47,23 @@ func postFormToQueryParams(next http.Handler) http.Handler {
 	})
 }
 
+func fromInternalOrProxyAuth(r *http.Request) (string, bool) {
+	username := server.InternalAuth(r)
+
+	// If the username comes from internal auth, do not also do reverse proxy auth, as
+	// the request will have no reverse proxy IP
+	if username != "" {
+		return username, true
+	}
+
+	return server.UsernameFromReverseProxyHeader(r), false
+}
+
 func checkRequiredParameters(next http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		var requiredParameters []string
 
-		username := cmp.Or(server.InternalAuth(r), server.UsernameFromReverseProxyHeader(r))
+		username, _ := fromInternalOrProxyAuth(r)
 		if username != "" {
 			requiredParameters = []string{"v", "c"}
 		} else {
@@ -91,10 +103,9 @@ func authenticate(ds model.DataStore) func(next http.Handler) http.Handler {
 			var usr *model.User
 			var err error
 
-			internalAuth := server.InternalAuth(r)
-			proxyAuth := server.UsernameFromReverseProxyHeader(r)
-			if username := cmp.Or(internalAuth, proxyAuth); username != "" {
-				authType := If(internalAuth != "", "internal", "reverse-proxy")
+			username, isInternalAuth := fromInternalOrProxyAuth(r)
+			if username != "" {
+				authType := If(isInternalAuth, "internal", "reverse-proxy")
 				usr, err = ds.User(ctx).FindByUsername(username)
 				if errors.Is(err, context.Canceled) {
 					log.Debug(ctx, "API: Request canceled when authenticating", "auth", authType, "username", username, "remoteAddr", r.RemoteAddr, err)