zeripath
5 年之前
+ 2
- 0
custom/conf/app.ini.sample
查看文件
| @@ -261,6 +261,7 @@ COOKIE_USERNAME = gitea_awesome | |||
| COOKIE_REMEMBER_NAME = gitea_incredible | |||
| ; Reverse proxy authentication header name of user name | |||
| REVERSE_PROXY_AUTHENTICATION_USER = X-WEBAUTH-USER | |||
| REVERSE_PROXY_AUTHENTICATION_EMAIL = X-WEBAUTH-EMAIL | |||
| ; The minimum password length for new Users | |||
| MIN_PASSWORD_LENGTH = 6 | |||
| ; Set to true to allow users to import local server paths | |||
| @@ -323,6 +324,7 @@ ENABLE_NOTIFY_MAIL = false | |||
| ; More detail: https://github.com/gogits/gogs/issues/165 | |||
| ENABLE_REVERSE_PROXY_AUTHENTICATION = false | |||
| ENABLE_REVERSE_PROXY_AUTO_REGISTRATION = false | |||
| ENABLE_REVERSE_PROXY_EMAIL = false | |||
| ; Enable captcha validation for registration | |||
| ENABLE_CAPTCHA = false | |||
| ; Type of captcha you want to use. Options: image, recaptcha | |||
+ 4
- 0
docs/content/doc/advanced/config-cheat-sheet.en-us.md
查看文件
| @@ -160,6 +160,8 @@ Values containing `#` or `;` must be quoted using `` ` `` or `"""`. | |||
| information. | |||
| - `REVERSE_PROXY_AUTHENTICATION_USER`: **X-WEBAUTH-USER**: Header name for reverse proxy | |||
| authentication. | |||
| - `REVERSE_PROXY_AUTHENTICATION_EMAIL`: **X-WEBAUTH-EMAIL**: Header name for reverse proxy | |||
| authentication provided email. | |||
| - `DISABLE_GIT_HOOKS`: **false**: Set to `true` to prevent all users (including admin) from creating custom | |||
| git hooks. | |||
| - `IMPORT_LOCAL_PATHS`: **false**: Set to `false` to prevent all users (including admin) from importing local path on server. | |||
| @@ -188,6 +190,8 @@ Values containing `#` or `;` must be quoted using `` ` `` or `"""`. | |||
| - `ENABLE_REVERSE_PROXY_AUTHENTICATION`: **false**: Enable this to allow reverse proxy authentication. | |||
| - `ENABLE_REVERSE_PROXY_AUTO_REGISTRATION`: **false**: Enable this to allow auto-registration | |||
| for reverse authentication. | |||
| - `ENABLE_REVERSE_PROXY_EMAIL`: **false**: Enable this to allow to auto-registration with a | |||
| provided email rather than a generated email. | |||
| - `ENABLE_CAPTCHA`: **false**: Enable this to use captcha validation for registration. | |||
| - `CAPTCHA_TYPE`: **image**: \[image, recaptcha\] | |||
| - `RECAPTCHA_SECRET`: **""**: Go to https://www.google.com/recaptcha/admin to get a secret for recaptcha. | |||
+ 8
- 1
modules/auth/auth.go
查看文件
| @@ -105,9 +105,16 @@ func SignedInUser(ctx *macaron.Context, sess session.Store) (*models.User, bool) | |||
| // Check if enabled auto-registration. | |||
| if setting.Service.EnableReverseProxyAutoRegister { | |||
| email := gouuid.NewV4().String() + "@localhost" | |||
| if setting.Service.EnableReverseProxyEmail { | |||
| webAuthEmail := ctx.Req.Header.Get(setting.ReverseProxyAuthEmail) | |||
| if len(webAuthEmail) > 0 { | |||
| email = webAuthEmail | |||
| } | |||
| } | |||
| u := &models.User{ | |||
| Name: webAuthUser, | |||
| Email: gouuid.NewV4().String() + "@localhost", | |||
| Email: email, | |||
| Passwd: webAuthUser, | |||
| IsActive: true, | |||
| } | |||
+ 13
- 9
modules/setting/setting.go
查看文件
| @@ -157,15 +157,16 @@ var ( | |||
| } | |||
| // Security settings | |||
| InstallLock bool | |||
| SecretKey string | |||
| LogInRememberDays int | |||
| CookieUserName string | |||
| CookieRememberName string | |||
| ReverseProxyAuthUser string | |||
| MinPasswordLength int | |||
| ImportLocalPaths bool | |||
| DisableGitHooks bool | |||
| InstallLock bool | |||
| SecretKey string | |||
| LogInRememberDays int | |||
| CookieUserName string | |||
| CookieRememberName string | |||
| ReverseProxyAuthUser string | |||
| ReverseProxyAuthEmail string | |||
| MinPasswordLength int | |||
| ImportLocalPaths bool | |||
| DisableGitHooks bool | |||
| // Database settings | |||
| UseSQLite3 bool | |||
| @@ -950,6 +951,7 @@ func NewContext() { | |||
| CookieUserName = sec.Key("COOKIE_USERNAME").MustString("gitea_awesome") | |||
| CookieRememberName = sec.Key("COOKIE_REMEMBER_NAME").MustString("gitea_incredible") | |||
| ReverseProxyAuthUser = sec.Key("REVERSE_PROXY_AUTHENTICATION_USER").MustString("X-WEBAUTH-USER") | |||
| ReverseProxyAuthEmail = sec.Key("REVERSE_PROXY_AUTHENTICATION_EMAIL").MustString("X-WEBAUTH-EMAIL") | |||
| MinPasswordLength = sec.Key("MIN_PASSWORD_LENGTH").MustInt(6) | |||
| ImportLocalPaths = sec.Key("IMPORT_LOCAL_PATHS").MustBool(false) | |||
| DisableGitHooks = sec.Key("DISABLE_GIT_HOOKS").MustBool(false) | |||
| @@ -1216,6 +1218,7 @@ var Service struct { | |||
| EnableNotifyMail bool | |||
| EnableReverseProxyAuth bool | |||
| EnableReverseProxyAutoRegister bool | |||
| EnableReverseProxyEmail bool | |||
| EnableCaptcha bool | |||
| CaptchaType string | |||
| RecaptchaSecret string | |||
| @@ -1247,6 +1250,7 @@ func newService() { | |||
| Service.RequireSignInView = sec.Key("REQUIRE_SIGNIN_VIEW").MustBool() | |||
| Service.EnableReverseProxyAuth = sec.Key("ENABLE_REVERSE_PROXY_AUTHENTICATION").MustBool() | |||
| Service.EnableReverseProxyAutoRegister = sec.Key("ENABLE_REVERSE_PROXY_AUTO_REGISTRATION").MustBool() | |||
| Service.EnableReverseProxyEmail = sec.Key("ENABLE_REVERSE_PROXY_EMAIL").MustBool() | |||
| Service.EnableCaptcha = sec.Key("ENABLE_CAPTCHA").MustBool(false) | |||
| Service.CaptchaType = sec.Key("CAPTCHA_TYPE").MustString(ImageCaptcha) | |||
| Service.RecaptchaSecret = sec.Key("RECAPTCHA_SECRET").MustString("") | |||
+ 1
- 0
routers/admin/admin.go
查看文件
| @@ -215,6 +215,7 @@ func Config(ctx *context.Context) { | |||
| ctx.Data["LogRootPath"] = setting.LogRootPath | |||
| ctx.Data["ScriptType"] = setting.ScriptType | |||
| ctx.Data["ReverseProxyAuthUser"] = setting.ReverseProxyAuthUser | |||
| ctx.Data["ReverseProxyAuthEmail"] = setting.ReverseProxyAuthEmail | |||
| ctx.Data["SSH"] = setting.SSH | |||
Loading…