rune/malias-web
1
0
Fork 0
Code Issues Pull Requests Actions Packages Activity

Changed app for proxy and https++

Browse Source
This commit is contained in:
Rune Olsen
2026-01-23 10:39:52 +01:00
parent afab617c5c
commit 6e110289cd
1 changed files with 49 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

58
app.py
View File

@@ -188,7 +188,7 @@ def login():
# Set cookie parameters to work with Zoraxy/Authelia # Set cookie parameters to work with Zoraxy/Authelia
response.set_cookie( response.set_cookie(
key=app.config['SESSION_COOKIE_NAME'], key=app.config['SESSION_COOKIE_NAME'],
value=request.cookies.get(app.config['SESSION_COOKIE_NAME']), value=secrets.token_urlsafe(32), # Generate a new token instead of using session.sid
max_age=int(app.config['PERMANENT_SESSION_LIFETIME'].total_seconds()), max_age=int(app.config['PERMANENT_SESSION_LIFETIME'].total_seconds()),
path=app.config['SESSION_COOKIE_PATH'], path=app.config['SESSION_COOKIE_PATH'],
secure=app.config['SESSION_COOKIE_SECURE'], secure=app.config['SESSION_COOKIE_SECURE'],
@@ -216,12 +216,11 @@ def login():
# Manually set cookie with correct parameters for Zoraxy # Manually set cookie with correct parameters for Zoraxy
if ZORAXY_COOKIE_FIX: if ZORAXY_COOKIE_FIX:
max_age = int(app.config['PERMANENT_SESSION_LIFETIME'].total_seconds()) session_token = secrets.token_urlsafe(32) # Generate a new token
cookie_value = request.cookies.get(app.config['SESSION_COOKIE_NAME']) or session.sid
response.set_cookie( response.set_cookie(
app.config['SESSION_COOKIE_NAME'], app.config['SESSION_COOKIE_NAME'],
cookie_value, session_token,
max_age=max_age, max_age=int(app.config['PERMANENT_SESSION_LIFETIME'].total_seconds()),
secure=app.config['SESSION_COOKIE_SECURE'], secure=app.config['SESSION_COOKIE_SECURE'],
httponly=app.config['SESSION_COOKIE_HTTPONLY'], httponly=app.config['SESSION_COOKIE_HTTPONLY'],
samesite='None', samesite='None',
@@ -243,6 +242,8 @@ def login():
logger.info(f"Cookies: {request.cookies}") logger.info(f"Cookies: {request.cookies}")
logger.info(f"Client IP: {request.remote_addr}") logger.info(f"Client IP: {request.remote_addr}")
logger.info(f"X-Forwarded-For: {request.headers.get('X-Forwarded-For')}") logger.info(f"X-Forwarded-For: {request.headers.get('X-Forwarded-For')}")
# Log all headers to see what's coming from Authelia
logger.info(f"All headers: {dict(request.headers)}")
# Show login form # Show login form
return render_template('login.html') return render_template('login.html')
@@ -311,12 +312,11 @@ def index():
response = make_response(render_template('index.html')) response = make_response(render_template('index.html'))
if ZORAXY_COOKIE_FIX: if ZORAXY_COOKIE_FIX:
max_age = int(app.config['PERMANENT_SESSION_LIFETIME'].total_seconds()) session_token = secrets.token_urlsafe(32) # Generate a new token
cookie_value = request.cookies.get(app.config['SESSION_COOKIE_NAME']) or session.sid
response.set_cookie( response.set_cookie(
app.config['SESSION_COOKIE_NAME'], app.config['SESSION_COOKIE_NAME'],
cookie_value, session_token,
max_age=max_age, max_age=int(app.config['PERMANENT_SESSION_LIFETIME'].total_seconds()),
secure=app.config['SESSION_COOKIE_SECURE'], secure=app.config['SESSION_COOKIE_SECURE'],
httponly=app.config['SESSION_COOKIE_HTTPONLY'], httponly=app.config['SESSION_COOKIE_HTTPONLY'],
samesite='None', samesite='None',
@@ -622,6 +622,8 @@ def debug_info():
@app.route('/headers') @app.route('/headers')
def show_headers(): def show_headers():
"""Show all request headers - useful for debugging proxies""" """Show all request headers - useful for debugging proxies"""
# Log headers to help diagnose issues with Zoraxy/Authelia
logger.info(f"Headers endpoint: All headers received: {dict(request.headers)}")
return jsonify({ return jsonify({
'headers': dict(request.headers), 'headers': dict(request.headers),
'remote_addr': request.remote_addr, 'remote_addr': request.remote_addr,
@@ -659,6 +661,44 @@ def cookie_check():
'all_cookies': {k: '***' for k in request.cookies.keys()} 'all_cookies': {k: '***' for k in request.cookies.keys()}
}) })
# New endpoint to test Zoraxy auth configuration
@app.route('/authelia-test')
def authelia_test():
"""Test if Authelia headers are correctly passed through Zoraxy"""
all_headers = dict(request.headers)
authelia_headers = {}
# Check for common Authelia-related headers
auth_related_headers = [
'Remote-User', 'X-Remote-User', 'Remote-Groups', 'X-Remote-Groups',
'Remote-Name', 'X-Remote-Name', 'Remote-Email', 'X-Remote-Email',
'X-Authelia-URL', 'X-Original-URL', 'X-Forwarded-Proto'
]
for header in auth_related_headers:
if header.lower() in [h.lower() for h in all_headers.keys()]:
for actual_header in all_headers.keys():
if header.lower() == actual_header.lower():
authelia_headers[actual_header] = all_headers[actual_header]
# Check for auth cookies
auth_cookies = {}
for cookie_name in request.cookies:
if 'auth' in cookie_name.lower():
auth_cookies[cookie_name] = '***' # Hide actual value
return jsonify({
'request_host': request.host,
'authelia_user_detected': get_authelia_user() is not None,
'authelia_user': get_authelia_user(),
'authelia_headers': authelia_headers,
'auth_cookies': auth_cookies,
'all_headers_count': len(all_headers),
'zoraxy_detected': any('zoraxy' in h.lower() for h in all_headers.keys()) or 'X-Forwarded-Server' in all_headers,
'host_header': request.headers.get('Host'),
'referer': request.headers.get('Referer'),
})
if __name__ == '__main__': if __name__ == '__main__':
# Parse command-line arguments # Parse command-line arguments
parser = argparse.ArgumentParser( parser = argparse.ArgumentParser(