Added optional basic auth (#31)

This commit is contained in:
Kieran 2024-02-21 17:37:25 -08:00 committed by GitHub
parent e3f1b409b9
commit 3efc533fb7
3 changed files with 65 additions and 1 deletions

View file

@ -14,7 +14,11 @@ config :pinchflat,
yt_dlp_executable: System.find_executable("yt-dlp"),
yt_dlp_runner: Pinchflat.MediaClient.Backends.YtDlp.CommandRunner,
media_directory: "/downloads",
metadata_directory: Path.join([System.tmp_dir!(), "pinchflat", "metadata"])
metadata_directory: Path.join([System.tmp_dir!(), "pinchflat", "metadata"]),
# Setting AUTH_USERNAME and AUTH_PASSWORD implies you want to use basic auth.
# If either is unset, basic auth will not be used.
basic_auth_username: System.get_env("AUTH_USERNAME"),
basic_auth_password: System.get_env("AUTH_PASSWORD")
# Configures the endpoint
config :pinchflat, PinchflatWeb.Endpoint,

View file

@ -2,6 +2,7 @@ defmodule PinchflatWeb.Router do
use PinchflatWeb, :router
pipeline :browser do
plug :basic_auth
plug :accepts, ["html"]
plug :fetch_session
plug :fetch_live_flash
@ -48,4 +49,15 @@ defmodule PinchflatWeb.Router do
forward "/mailbox", Plug.Swoosh.MailboxPreview
end
end
defp basic_auth(conn, _opts) do
username = Application.get_env(:pinchflat, :basic_auth_username)
password = Application.get_env(:pinchflat, :basic_auth_password)
if username && password do
Plug.BasicAuth.basic_auth(conn, username: username, password: password, realm: "Pinchflat")
else
conn
end
end
end

View file

@ -0,0 +1,48 @@
defmodule PinchflatWeb.RoutingTest do
use PinchflatWeb.ConnCase
describe "basic_auth plug" do
setup do
old_username = Application.get_env(:pinchflat, :basic_auth_username)
old_password = Application.get_env(:pinchflat, :basic_auth_password)
on_exit(fn ->
Application.put_env(:pinchflat, :basic_auth_username, old_username)
Application.put_env(:pinchflat, :basic_auth_password, old_password)
end)
:ok
end
test "it uses basic auth when both username and password are set", %{conn: conn} do
Application.put_env(:pinchflat, :basic_auth_username, "user")
Application.put_env(:pinchflat, :basic_auth_password, "pass")
conn = get(conn, "/")
assert conn.status == 401
assert {"www-authenticate", "Basic realm=\"Pinchflat\""} in conn.resp_headers
end
test "providing the username and password allows access", %{conn: conn} do
Application.put_env(:pinchflat, :basic_auth_username, "user")
Application.put_env(:pinchflat, :basic_auth_password, "pass")
conn =
conn
|> put_req_header("authorization", Plug.BasicAuth.encode_basic_auth("user", "pass"))
|> get("/")
assert conn.status == 200
end
test "it does not use basic auth when either username or password is not set", %{conn: conn} do
Application.put_env(:pinchflat, :basic_auth_username, nil)
Application.put_env(:pinchflat, :basic_auth_password, "pass")
conn = get(conn, "/")
assert conn.status == 200
end
end
end