From eb098c94d8fb13bef06a541741302961302cd755 Mon Sep 17 00:00:00 2001
From: Oliver F <oli-f@users.noreply.github.com>
Date: Tue, 22 Mar 2022 16:52:31 +0100
Subject: [PATCH] =?UTF-8?q?=E2=9C=A8=20Add=20ingress=20user=20support=20(#?=
 =?UTF-8?q?286)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Co-authored-by: Oliver Felkel <oliver.felkel@uni-ulm.de>
---
 grocy/DOCS.md                                 | 6 ++++++
 grocy/config.yaml                             | 2 ++
 grocy/rootfs/etc/cont-init.d/nginx.sh         | 1 +
 grocy/rootfs/etc/nginx/templates/ingress.gtpl | 7 +++++++
 4 files changed, 16 insertions(+)

diff --git a/grocy/DOCS.md b/grocy/DOCS.md
index 08c7432..2eb054d 100644
--- a/grocy/DOCS.md
+++ b/grocy/DOCS.md
@@ -202,6 +202,12 @@ equal Sunday:
 - `calendar_first_day_of_week`
 - `meal_plan_first_day_of_week`
 
+### Option: `grocy_ingress_user`
+
+Allows you to specify a default ingress user if desired (e.g. `admin`).
+
+If no ingress user is set, the default login authentication is used.
+
 ## Known issues and limitations
 
 - Grocy support to provide custom lookup resources to lookup information
diff --git a/grocy/config.yaml b/grocy/config.yaml
index e2ff107..b8ded43 100644
--- a/grocy/config.yaml
+++ b/grocy/config.yaml
@@ -46,6 +46,7 @@ options:
   ssl: true
   certfile: fullchain.pem
   keyfile: privkey.pem
+  grocy_ingress_user: ""
 schema:
   log_level: list(trace|debug|info|notice|warning|error|fatal)?
   culture: list(ca|cs|da|de|el_GR|en|en_GB|es|fi|fr|he_IL|hu|it|ja|ko_KR|nl|no|pl|pt_BR|pt_PT|ru|sk_SK|sv_SE|ta|tr|zh_CN|zh_TW)
@@ -74,3 +75,4 @@ schema:
   ssl: bool
   certfile: str
   keyfile: str
+  grocy_ingress_user: str
diff --git a/grocy/rootfs/etc/cont-init.d/nginx.sh b/grocy/rootfs/etc/cont-init.d/nginx.sh
index d52b1f4..39a4875 100755
--- a/grocy/rootfs/etc/cont-init.d/nginx.sh
+++ b/grocy/rootfs/etc/cont-init.d/nginx.sh
@@ -7,6 +7,7 @@
 # Generate Ingress PHP-FPM configuration
 bashio::var.json \
     interface "$(bashio::addon.ip_address)" \
+    grocy_user "$(bashio::config 'grocy_ingress_user')" \
     | tempio \
         -template /etc/nginx/templates/ingress.gtpl \
         -out /etc/nginx/servers/ingress.conf
diff --git a/grocy/rootfs/etc/nginx/templates/ingress.gtpl b/grocy/rootfs/etc/nginx/templates/ingress.gtpl
index eccf9f2..9a3627d 100644
--- a/grocy/rootfs/etc/nginx/templates/ingress.gtpl
+++ b/grocy/rootfs/etc/nginx/templates/ingress.gtpl
@@ -11,6 +11,13 @@ server {
         fastcgi_read_timeout 900;
         fastcgi_split_path_info ^(.+\.php)(/.+)$;
         fastcgi_index index.php;
+
+        {{ if .grocy_user }}
+        fastcgi_param GROCY_AUTH_CLASS "Grocy\Middleware\ReverseProxyAuthMiddleware";
+        fastcgi_param GROCY_REVERSE_PROXY_AUTH_HEADER REMOTE_USER;
+        fastcgi_param HTTP_REMOTE_USER {{ .grocy_user }};
+        {{ end }}
+
         fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
         include /etc/nginx/includes/fastcgi_params.conf;
     }