Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: Ability to disable auth #59

Closed
cptechie opened this issue Feb 14, 2022 · 4 comments · Fixed by #79
Closed

feat: Ability to disable auth #59

cptechie opened this issue Feb 14, 2022 · 4 comments · Fixed by #79
Labels
beginner-friendly Good first issue for people wanting to contribute to this project. new-feature New features or options. priority-low Nice addition, maybe... someday...

Comments

@cptechie
Copy link

Feature Request

Can we have an option to disable auth? Would be helpful in scenarios where the site will already be secured behind AD/OAuth.
@cptechie cptechie added the new-feature New features or options. label Feb 14, 2022
@dec0dOS dec0dOS added the priority-low Nice addition, maybe... someday... label Feb 15, 2022
@maltegrosse
Copy link

maltegrosse commented Mar 21, 2022
edited
Loading

would appreciate this feature and set the UI behind an auth proxy e.g. https://github.com/8gears/keycloak-auth-proxy or https://github.com/oauth2-proxy/oauth2-proxy

perhaps add some variable like process.env.ZU_DISABLE_AUTH

@maltegrosse
Copy link

as the priority is low, I decided to create a quick no-auth proxy.
@cptechie see https://github.com/maltegrosse/zero-ui-noauth
lets see how many proxies we can pipe (no-auth, https, auth :)

@maltegrosse
Copy link

maltegrosse commented Apr 21, 2022
edited
Loading

okay, finally got it working: zeroui->no-auth->oauth2 proxy (via keycloak and traefik)

comparable to my post at benjaminbear/docker-ddns-server#16 (comment)
where I used a similar scenario, traefik, oauth service nearly stay the same, the docker-compose for no-auth is like following:

version: "3.7"

services:
  zt-ui-noauth:
    image: maltegrosse/zero-ui-noauth:1.0.0
    container_name: zu-ui-noauth-proxy
    restart: unless-stopped
    expose:
      - "9999"
    ports:
      - "9999"
    environment:
      - PROTOCOL=http
      - AUTH_PATH=/auth/login
      - EXPOSE_PORT=9999
      - CONNECT_HOST=zero-ui
      - CONNECT_PORT=4000
      - USER=admin
      - PASSWORD=zero-ui
    labels:
      - "traefik.enable=true"
      - "traefik.docker.network=traefik_default"
      - "traefik.http.routers.zt.rule=Host(`zt.example.com`)"
      - "traefik.http.routers.zt.entrypoints=https"
      - "traefik.http.routers.zt.tls.certresolver=tx"
      - "traefik.http.routers.zt.middlewares=oauth-errors@file,oauth-auth@file"
      # exclude the api endpoint as I run into some issues...
      - "traefik.http.routers.zt-noauth.rule=Host(`zt.example.com`) && PathPrefix(`/api/`)"
      - "traefik.http.routers.zt-noauth.entrypoints=https"
      - "traefik.http.routers.zt-noauth.tls.certresolver=tx"
      # but overwrite the login api endpoint ..
      - "traefik.http.routers.zt-nologin.entrypoints=https"
      - "traefik.http.routers.zt-nologin.tls.certresolver=tx"
      - "traefik.http.routers.zt-nologin.rule=Host(`zt.example.com`) && PathPrefix(`/api/login`)"
      - "traefik.http.routers.zt-nologin.middlewares=redirect-zt-nologin"
      - "traefik.http.middlewares.redirect-zt-nologin.redirectregex.regex=(.)*"
      - "traefik.http.middlewares.redirect-zt-nologin.redirectregex.replacement=https://zt.example.com"
      - "traefik.http.middlewares.redirect-zt-nologin.redirectregex.permanent=false"

    networks:
      - web
  oauth:
    image: quay.io/oauth2-proxy/oauth2-proxy:v7.2.1
# see other post linked in this comment
....
# dont forget to stay in the same traefik network
networks:
  web:
    external:
      name: traefik_default

@dec0dOS in order to provide a oidc sign-out link, could you introduce a new route, e.g. /signout , where u forward here:
https://github.com/dec0dOS/zero-ui/blob/main/frontend/src/components/Bar/Bar.jsx#L39
so i could overwrite /signout with my router and redirect to the openid signout url.

I am not really into react, otherwise I would help :)

@maltegrosse maltegrosse mentioned this issue Apr 21, 2022
Open
@dec0dOS dec0dOS added the beginner-friendly Good first issue for people wanting to contribute to this project. label May 6, 2022
@9p4 9p4 mentioned this issue May 24, 2022
Merged
9 tasks
dec0dOS added a commit that referenced this issue May 24, 2022
@dec0dOS
Merge pull request #79 from 9p4/disable-auth
9b51907 
feat: disable auth (#59)
@dec0dOS
Copy link
Owner

dec0dOS commented May 24, 2022

Added in the ZeroUI v1.3.0. Many thanks to https://github.com/9p4 for the PR.

@github-actions github-actions bot locked and limited conversation to collaborators Jun 24, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
beginner-friendly Good first issue for people wanting to contribute to this project. new-feature New features or options. priority-low Nice addition, maybe... someday...
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat: disable auth (#59)
3 participants
@cptechie @dec0dOS @maltegrosse