Allow reverse proxy auth for unix socket (#2701)

navidrome · Dec 12, 2023 · 54597bd · 54597bd
1 parent ab53313
commit 54597bd
Showing 1 changed file with 7 additions and 1 deletion.
diff --git a/server/auth.go b/server/auth.go
@@ -193,7 +193,7 @@ func UsernameFromToken(r *http.Request) string {
 }
 
 func UsernameFromReverseProxyHeader(r *http.Request) string {
-	if conf.Server.ReverseProxyWhitelist == "" {
+	if conf.Server.ReverseProxyWhitelist == "" && !strings.HasPrefix(conf.Server.Address, "unix:") {
 		return ""
 	}
 	if !validateIPAgainstList(r.RemoteAddr, conf.Server.ReverseProxyWhitelist) {
@@ -316,6 +316,12 @@ func handleLoginFromHeaders(ds model.DataStore, r *http.Request) map[string]inte
 }
 
 func validateIPAgainstList(ip string, comaSeparatedList string) bool {
+	// Per https://github.com/golang/go/issues/49825, the remote address
+	// on a unix socket is '@'
+	if ip == "@" && strings.HasPrefix(conf.Server.Address, "unix:") {
+		return true
+	}
+
 	if comaSeparatedList == "" || ip == "" {
 		return false
 	}