Changed app for proxy and https++

2026-01-23 10:39:52 +01:00
parent afab617c5c
commit 6e110289cd
1 changed files with 49 additions and 9 deletions
--- a/app.py
+++ b/app.py
@@ -188,7 +188,7 @@ def login():
        # Set cookie parameters to work with Zoraxy/Authelia
        response.set_cookie(
            key=app.config['SESSION_COOKIE_NAME'],
-            value=request.cookies.get(app.config['SESSION_COOKIE_NAME']),
+            value=secrets.token_urlsafe(32),  # Generate a new token instead of using session.sid
            max_age=int(app.config['PERMANENT_SESSION_LIFETIME'].total_seconds()),
            path=app.config['SESSION_COOKIE_PATH'],
            secure=app.config['SESSION_COOKIE_SECURE'],
@@ -216,12 +216,11 @@ def login():
            
            # Manually set cookie with correct parameters for Zoraxy
            if ZORAXY_COOKIE_FIX:
-                max_age = int(app.config['PERMANENT_SESSION_LIFETIME'].total_seconds())
-                cookie_value = request.cookies.get(app.config['SESSION_COOKIE_NAME']) or session.sid
+                session_token = secrets.token_urlsafe(32)  # Generate a new token
                response.set_cookie(
                    app.config['SESSION_COOKIE_NAME'],
-                    cookie_value,
-                    max_age=max_age,
+                    session_token,
+                    max_age=int(app.config['PERMANENT_SESSION_LIFETIME'].total_seconds()),
                    secure=app.config['SESSION_COOKIE_SECURE'],
                    httponly=app.config['SESSION_COOKIE_HTTPONLY'],
                    samesite='None',
@@ -243,6 +242,8 @@ def login():
        logger.info(f"Cookies: {request.cookies}")
        logger.info(f"Client IP: {request.remote_addr}")
        logger.info(f"X-Forwarded-For: {request.headers.get('X-Forwarded-For')}")
+        # Log all headers to see what's coming from Authelia
+        logger.info(f"All headers: {dict(request.headers)}")
    
    # Show login form
    return render_template('login.html')
@@ -311,12 +312,11 @@ def index():
        response = make_response(render_template('index.html'))
        
        if ZORAXY_COOKIE_FIX:
-            max_age = int(app.config['PERMANENT_SESSION_LIFETIME'].total_seconds())
-            cookie_value = request.cookies.get(app.config['SESSION_COOKIE_NAME']) or session.sid
+            session_token = secrets.token_urlsafe(32)  # Generate a new token
            response.set_cookie(
                app.config['SESSION_COOKIE_NAME'],
-                cookie_value,
-                max_age=max_age,
+                session_token,
+                max_age=int(app.config['PERMANENT_SESSION_LIFETIME'].total_seconds()),
                secure=app.config['SESSION_COOKIE_SECURE'],
                httponly=app.config['SESSION_COOKIE_HTTPONLY'],
                samesite='None',
@@ -622,6 +622,8 @@ def debug_info():
@app.route('/headers')
 def show_headers():
    """Show all request headers - useful for debugging proxies"""
+    # Log headers to help diagnose issues with Zoraxy/Authelia
+    logger.info(f"Headers endpoint: All headers received: {dict(request.headers)}")
    return jsonify({
        'headers': dict(request.headers),
        'remote_addr': request.remote_addr,
@@ -659,6 +661,44 @@ def cookie_check():
        'all_cookies': {k: '***' for k in request.cookies.keys()}
    })

+# New endpoint to test Zoraxy auth configuration
+@app.route('/authelia-test')
+def authelia_test():
+    """Test if Authelia headers are correctly passed through Zoraxy"""
+    all_headers = dict(request.headers)
+    authelia_headers = {}
+    
+    # Check for common Authelia-related headers
+    auth_related_headers = [
+        'Remote-User', 'X-Remote-User', 'Remote-Groups', 'X-Remote-Groups',
+        'Remote-Name', 'X-Remote-Name', 'Remote-Email', 'X-Remote-Email',
+        'X-Authelia-URL', 'X-Original-URL', 'X-Forwarded-Proto'
+    ]
+    
+    for header in auth_related_headers:
+        if header.lower() in [h.lower() for h in all_headers.keys()]:
+            for actual_header in all_headers.keys():
+                if header.lower() == actual_header.lower():
+                    authelia_headers[actual_header] = all_headers[actual_header]
+    
+    # Check for auth cookies
+    auth_cookies = {}
+    for cookie_name in request.cookies:
+        if 'auth' in cookie_name.lower():
+            auth_cookies[cookie_name] = '***'  # Hide actual value
+    
+    return jsonify({
+        'request_host': request.host,
+        'authelia_user_detected': get_authelia_user() is not None,
+        'authelia_user': get_authelia_user(),
+        'authelia_headers': authelia_headers,
+        'auth_cookies': auth_cookies,
+        'all_headers_count': len(all_headers),
+        'zoraxy_detected': any('zoraxy' in h.lower() for h in all_headers.keys()) or 'X-Forwarded-Server' in all_headers,
+        'host_header': request.headers.get('Host'),
+        'referer': request.headers.get('Referer'),
+    })
+
 if __name__ == '__main__':
    # Parse command-line arguments
    parser = argparse.ArgumentParser(