Allow proxy authentication (#141)

src/config.cr

@@ -22,6 +22,7 @@ class Config
   property page_margin : Int32 = 30
   property disable_login = false
   property default_username = ""
+  property auth_proxy_header_name = ""
   property mangadex = Hash(String, String | Int32).new
 
   @[YAML::Field(ignore: true)]

src/handlers/auth_handler.cr

@@ -93,8 +93,18 @@ class AuthHandler < Kemal::Handler
     call_next env
   end
 
+  def handle_auth_proxy(env)
+    username = env.request.headers[Config.current.auth_proxy_header_name]?
+    unless username && Storage.default.username_exists username
+      return redirect env, "/login"
+    end
+    call_next env
+  end
+
   def call(env)
-    if request_path_startswith env, ["/opds"]
+    if !Config.current.auth_proxy_header_name.empty?
+      handle_auth_proxy env
+    elsif request_path_startswith env, ["/opds"]
       handle_opds_auth env
     else
       handle_auth env

src/util/web.cr

@@ -3,13 +3,12 @@
 # This macro defines `is_admin` when used
 macro check_admin_access
   is_admin = false
-  # The token (if exists) takes precedence over the default user option.
-  #   this is why we check the default username first before checking the
-  #   token.
-  if Config.current.disable_login
-    is_admin = Storage.default.
-      username_is_admin Config.current.default_username
+  if !Config.current.auth_proxy_header_name.empty? ||
+      Config.current.disable_login
+    is_admin = Storage.default.username_is_admin get_username env
   end
+
+  # The token (if exists) takes precedence over other authentication methods.
   if token = env.session.string? "token"
     is_admin = Storage.default.verify_admin token
   end
@@ -49,6 +48,8 @@ macro get_username(env)
   rescue e
     if Config.current.disable_login
       Config.current.default_username
+    elsif (header = Config.current.auth_proxy_header_name) && !header.empty?
+      env.request.headers[header]
     else
       raise e
     end