diff --git a/server/lib/blueprints/proxyResources.ts b/server/lib/blueprints/proxyResources.ts index adeb320f..7cdb2ca4 100644 --- a/server/lib/blueprints/proxyResources.ts +++ b/server/lib/blueprints/proxyResources.ts @@ -2,6 +2,7 @@ import { domains, orgDomains, Resource, + resourceHeaderAuth, resourcePincode, resourceRules, resourceWhitelist, @@ -122,7 +123,9 @@ export async function updateProxyResources( const healthcheckData = targetData.healthcheck; - const hcHeaders = healthcheckData?.headers ? JSON.stringify(healthcheckData.headers) : null; + const hcHeaders = healthcheckData?.headers + ? JSON.stringify(healthcheckData.headers) + : null; const [newHealthcheck] = await trx .insert(targetHealthCheck) @@ -263,6 +266,32 @@ export async function updateProxyResources( }); } + await trx + .delete(resourceHeaderAuth) + .where( + eq( + resourceHeaderAuth.resourceId, + existingResource.resourceId + ) + ); + if (resourceData.auth?.["basic-auth"]) { + const headerAuthUser = + resourceData.auth?.["basic-auth"]?.user; + const headerAuthPassword = + resourceData.auth?.["basic-auth"]?.password; + if (headerAuthUser && headerAuthPassword) { + const headerAuthHash = await hashPassword( + Buffer.from( + `${headerAuthUser}:${headerAuthPassword}` + ).toString("base64") + ); + await trx.insert(resourceHeaderAuth).values({ + resourceId: existingResource.resourceId, + headerAuthHash + }); + } + } + if (resourceData.auth?.["sso-roles"]) { const ssoRoles = resourceData.auth?.["sso-roles"]; await syncRoleResources( @@ -406,7 +435,9 @@ export async function updateProxyResources( ) .limit(1); - const hcHeaders = healthcheckData?.headers ? JSON.stringify(healthcheckData.headers) : null; + const hcHeaders = healthcheckData?.headers + ? JSON.stringify(healthcheckData.headers) + : null; const [newHealthcheck] = await trx .update(targetHealthCheck) @@ -591,6 +622,25 @@ export async function updateProxyResources( }); } + if (resourceData.auth?.["basic-auth"]) { + const headerAuthUser = resourceData.auth?.["basic-auth"]?.user; + const headerAuthPassword = + resourceData.auth?.["basic-auth"]?.password; + + if (headerAuthUser && headerAuthPassword) { + const headerAuthHash = await hashPassword( + Buffer.from( + `${headerAuthUser}:${headerAuthPassword}` + ).toString("base64") + ); + + await trx.insert(resourceHeaderAuth).values({ + resourceId: newResource.resourceId, + headerAuthHash + }); + } + } + resource = newResource; const [adminRole] = await trx diff --git a/server/lib/blueprints/types.ts b/server/lib/blueprints/types.ts index 54105dde..557714fd 100644 --- a/server/lib/blueprints/types.ts +++ b/server/lib/blueprints/types.ts @@ -41,6 +41,10 @@ export const AuthSchema = z.object({ // pincode has to have 6 digits pincode: z.number().min(100000).max(999999).optional(), password: z.string().min(1).optional(), + "basic-auth": z.object({ + user: z.string().min(1), + password: z.string().min(1) + }).optional(), "sso-enabled": z.boolean().optional().default(false), "sso-roles": z .array(z.string())