allow to disable the authentication

Signed-off-by: Thomas Labarussias <issif+github@gadz.org>
falcosecurity · Mar 25, 2023 · 695b502 · 695b502
1 parent f9ebe01
commit 695b502
Show file tree

Hide file tree

Showing 6 changed files with 45 additions and 8 deletions.
diff --git a/README.md b/README.md
@@ -19,6 +19,8 @@ Events are stored in a `Redis` server with [`Redisearch`](https://github.com/Red
 Usage of Falcosidekick-UI:  
 -a string
       Listen Address (default "0.0.0.0", environment "FALCOSIDEKICK_UI_ADDR")
+-d boolean
+      Disable authentication (environment "FALCOSIDEKICK_UI_DISABLEAUTH")
 -l string   
           Log level: "debug", "info", "warning", "error" (default "info",  environment "FALCOSIDEKICK_UI_LOGLEVEL")
 -p int
@@ -33,7 +35,7 @@ Usage of Falcosidekick-UI:
       Allow CORS for development (environment "FALCOSIDEKICK_UI_DEV")
 ```
 
-> If not user is set, the default one created is `admin:admin`
+> If not user is set and the authentication is not disabled, the default user is `admin:admin`
 
 ### Run with docker
 

diff --git a/configuration/configuration.go b/configuration/configuration.go
@@ -6,6 +6,7 @@ type Configuration struct {
 	ListenPort    int    `json:"listen-port"`
 	RedisServer   string `json:"redis-server"`
 	DevMode       bool   `json:"dev-mode"`
+	DisableAuth   bool   `json:"disable-auth"`
 	LogLevel      string `json:"log-level"`
 	TTL           int    `json:"ttl"`
 	Credentials   string `json:"credentials"`

diff --git a/frontend/src/router/index.js b/frontend/src/router/index.js
@@ -50,14 +50,10 @@ const router = new VueRouter({
 });
 
 router.beforeEach((to, from, next) => {
-  // const publicPages = ['/login', '/test'];
-  if (to.name !== 'login') {
-  // if (!publicPages.includes(to.path)) {
-    if (store.state.username === '' || store.state.password === '') {
+  if (store.state.username === '' || store.state.password === '') {
+    if (to.name !== 'login') {
       router.push('/login');
     }
-  } else {
-    next();
   }
   next();
 });

diff --git a/frontend/src/views/LoginPage.vue b/frontend/src/views/LoginPage.vue
@@ -81,6 +81,25 @@ export default {
           }
         });
     },
+    testlogin() {
+      requests.authenticate(
+        'anonymous',
+        'anonymous',
+      )
+        .then((response) => {
+          if (response.status === 200) {
+            const payload = {
+              username: 'anonymous',
+              password: 'anonymous',
+            };
+            this.setCredentials(payload);
+            router.push('/dashboard');
+          }
+        });
+    },
+  },
+  mounted() {
+    this.testlogin();
   },
 };
 </script>

diff --git a/internal/api/api.go b/internal/api/api.go
@@ -183,6 +183,9 @@ func GetVersionInfo(c echo.Context) error {
 func Authenticate(c echo.Context) error {
 	authHeader := c.Request().Header["Authorization"]
 	config := configuration.GetConfiguration()
+	if config.DisableAuth {
+		return c.JSON(http.StatusOK, "authorized")
+	}
 	if len(authHeader) == 0 {
 		utils.WriteLog("warning", "user '<n/a>' unknown or wrong password")
 		return c.JSON(http.StatusUnauthorized, "unauthorized")
@@ -205,6 +208,8 @@ func Authenticate(c echo.Context) error {
 		utils.WriteLog("info", fmt.Sprintf("user '%v' authenticated", v))
 		return c.JSON(http.StatusOK, "authorized")
 	}
-	utils.WriteLog("warning", fmt.Sprintf("user '%v' unknown or wrong password", v))
+	if v != "anonymous" {
+		utils.WriteLog("warning", fmt.Sprintf("user '%v' unknown or wrong password", v))
+	}
 	return c.JSON(http.StatusUnauthorized, "unauthorized")
 }
diff --git a/main.go b/main.go
@@ -35,11 +35,14 @@ func init() {
 	dev := utils.GetBoolFlagOrEnvParam("x", "FALCOSIDEKICK_UI_DEV", false, "Allow CORS for development")
 	loglevel := utils.GetStringFlagOrEnvParam("l", "FALCOSIDEKICK_UI_LOGLEVEL", "info", "Log Level")
 	user := utils.GetStringFlagOrEnvParam("u", "FALCOSIDEKICK_UI_USER", "admin:admin", "User in format <login>:<password>")
+	disableauth := utils.GetBoolFlagOrEnvParam("d", "FALCOSIDEKICK_UI_DISABLEAUTH", false, "Disable authentication")
 
 	flag.Usage = func() {
 		help := `Usage of Falcosidekick-UI:  
 -a string
       Listen Address (default "0.0.0.0", environment "FALCOSIDEKICK_UI_ADDR")
+-d boolean
+      Disable authentication (environment "FALCOSIDEKICK_UI_DISABLEAUTH")
 -l string   
 	  Log level: "debug", "info", "warning", "error" (default "info",  environment "FALCOSIDEKICK_UI_LOGLEVEL")
 -p int
@@ -80,6 +83,7 @@ func init() {
 	config.TTL = *ttl
 	config.LogLevel = *loglevel
 	config.Credentials = *user
+	config.DisableAuth = *disableauth
 
 	if utils.GetPriortiyInt(config.LogLevel) < 0 {
 		config.LogLevel = "info"
@@ -116,6 +120,10 @@ func main() {
 		utils.WriteLog("warning", "DEV mode enabled")
 		e.Use(middleware.CORS())
 	}
+	if c.DisableAuth {
+		utils.WriteLog("warning", "Auhentication disabled")
+		e.Use(middleware.CORS())
+	}
 	utils.WriteLog("info", fmt.Sprintf("Falcosidekick UI is listening on %v:%v", c.ListenAddress, c.ListenPort))
 	utils.WriteLog("info", fmt.Sprintf("log level is %v", c.LogLevel))
 
@@ -139,6 +147,9 @@ func main() {
 	apiRoute := e.Group("/api/v1")
 	apiRoute.Use(middleware.BasicAuthWithConfig(middleware.BasicAuthConfig{
 		Skipper: func(c echo.Context) bool {
+			if configuration.GetConfiguration().DisableAuth {
+				return true
+			}
 			if c.Request().Method == "POST" {
 				return true
 			}
@@ -149,6 +160,9 @@ func main() {
 		},
 		Validator: func(username, password string, c echo.Context) (bool, error) {
 			config := configuration.GetConfiguration()
+			if username == "" || password == "" {
+				return true, nil
+			}
 			if subtle.ConstantTimeCompare([]byte(username+":"+password), []byte(config.Credentials)) == 1 {
 				return true, nil
 			}