mirror of
https://github.com/VictoriaMetrics/VictoriaMetrics.git
synced 2025-03-11 15:34:56 +00:00
vmauth: support other auth header names besides Authorization (#6009)
This commit is contained in:
parent
914b23f1e8
commit
9c92cc2759
3 changed files with 15 additions and 8 deletions
|
@ -911,15 +911,18 @@ func getHTTPAuthBasicToken(username, password string) string {
|
|||
func getAuthTokensFromRequest(r *http.Request) []string {
|
||||
var ats []string
|
||||
|
||||
// Obtain possible auth tokens from Authorization header
|
||||
if ah := r.Header.Get("Authorization"); ah != "" {
|
||||
if strings.HasPrefix(ah, "Token ") {
|
||||
// Handle InfluxDB's proprietary token authentication scheme as a bearer token authentication
|
||||
// See https://docs.influxdata.com/influxdb/v2.0/api/
|
||||
ah = strings.Replace(ah, "Token", "Bearer", 1)
|
||||
// Obtain possible auth tokens from one of allowed auth headers
|
||||
for _, headerName := range authHeaders {
|
||||
if ah := r.Header.Get(headerName); ah != "" {
|
||||
if strings.HasPrefix(ah, "Token ") {
|
||||
// Handle InfluxDB's proprietary token authentication scheme as a bearer token authentication
|
||||
// See https://docs.influxdata.com/influxdb/v2.0/api/
|
||||
ah = strings.Replace(ah, "Token", "Bearer", 1)
|
||||
}
|
||||
at := "http_auth:" + ah
|
||||
ats = append(ats, at)
|
||||
break
|
||||
}
|
||||
at := "http_auth:" + ah
|
||||
ats = append(ats, at)
|
||||
}
|
||||
|
||||
return ats
|
||||
|
|
|
@ -56,6 +56,8 @@ var (
|
|||
"See https://docs.victoriametrics.com/vmauth.html#backend-tls-setup")
|
||||
backendTLSCAFile = flag.String("backend.TLSCAFile", "", "Optional path to TLS root CA file, which is used for TLS verification when connecting to backends over HTTPS. "+
|
||||
"See https://docs.victoriametrics.com/vmauth.html#backend-tls-setup")
|
||||
extraAuthHeaders = flagutil.NewArrayString("extraAuthHeader", "extra to Authorization auth header names")
|
||||
authHeaders = []string{"Authorization"}
|
||||
)
|
||||
|
||||
func main() {
|
||||
|
@ -70,6 +72,7 @@ func main() {
|
|||
if len(listenAddrs) == 0 {
|
||||
listenAddrs = []string{":8427"}
|
||||
}
|
||||
authHeaders = append(authHeaders, (*extraAuthHeaders)...)
|
||||
logger.Infof("starting vmauth at %q...", listenAddrs)
|
||||
startTime := time.Now()
|
||||
initAuthConfig()
|
||||
|
|
|
@ -245,6 +245,7 @@ See [load-balancing docs](#load-balancing) for more details.
|
|||
* `-tls` enables accepting TLS connections at `-httpListenAddr`
|
||||
* `-tlsKeyFile` sets the path to TLS certificate key file
|
||||
* `-tlsCertFile` sets the path to TLS certificate file
|
||||
* `-extraAuthHeader` sets alternative headers for auth
|
||||
|
||||
### Basic Auth proxy
|
||||
|
||||
|
|
Loading…
Reference in a new issue