From 695b502829e52d325184f3a395723afa2bf25066 Mon Sep 17 00:00:00 2001 From: Thomas Labarussias Date: Fri, 24 Mar 2023 15:52:08 +0100 Subject: [PATCH] allow to disable the authentication Signed-off-by: Thomas Labarussias --- README.md | 4 +++- configuration/configuration.go | 1 + frontend/src/router/index.js | 8 ++------ frontend/src/views/LoginPage.vue | 19 +++++++++++++++++++ internal/api/api.go | 7 ++++++- main.go | 14 ++++++++++++++ 6 files changed, 45 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index 99f70d7..8a41637 100644 --- a/README.md +++ b/README.md @@ -19,6 +19,8 @@ Events are stored in a `Redis` server with [`Redisearch`](https://github.com/Red Usage of Falcosidekick-UI: -a string Listen Address (default "0.0.0.0", environment "FALCOSIDEKICK_UI_ADDR") +-d boolean + Disable authentication (environment "FALCOSIDEKICK_UI_DISABLEAUTH") -l string Log level: "debug", "info", "warning", "error" (default "info", environment "FALCOSIDEKICK_UI_LOGLEVEL") -p int @@ -33,7 +35,7 @@ Usage of Falcosidekick-UI: Allow CORS for development (environment "FALCOSIDEKICK_UI_DEV") ``` -> If not user is set, the default one created is `admin:admin` +> If not user is set and the authentication is not disabled, the default user is `admin:admin` ### Run with docker diff --git a/configuration/configuration.go b/configuration/configuration.go index 407bd74..87e1ed3 100644 --- a/configuration/configuration.go +++ b/configuration/configuration.go @@ -6,6 +6,7 @@ type Configuration struct { ListenPort int `json:"listen-port"` RedisServer string `json:"redis-server"` DevMode bool `json:"dev-mode"` + DisableAuth bool `json:"disable-auth"` LogLevel string `json:"log-level"` TTL int `json:"ttl"` Credentials string `json:"credentials"` diff --git a/frontend/src/router/index.js b/frontend/src/router/index.js index 9815acc..65b6f7d 100644 --- a/frontend/src/router/index.js +++ b/frontend/src/router/index.js @@ -50,14 +50,10 @@ const router = new VueRouter({ }); router.beforeEach((to, from, next) => { - // const publicPages = ['/login', '/test']; - if (to.name !== 'login') { - // if (!publicPages.includes(to.path)) { - if (store.state.username === '' || store.state.password === '') { + if (store.state.username === '' || store.state.password === '') { + if (to.name !== 'login') { router.push('/login'); } - } else { - next(); } next(); }); diff --git a/frontend/src/views/LoginPage.vue b/frontend/src/views/LoginPage.vue index c157003..8dc8479 100644 --- a/frontend/src/views/LoginPage.vue +++ b/frontend/src/views/LoginPage.vue @@ -81,6 +81,25 @@ export default { } }); }, + testlogin() { + requests.authenticate( + 'anonymous', + 'anonymous', + ) + .then((response) => { + if (response.status === 200) { + const payload = { + username: 'anonymous', + password: 'anonymous', + }; + this.setCredentials(payload); + router.push('/dashboard'); + } + }); + }, + }, + mounted() { + this.testlogin(); }, }; diff --git a/internal/api/api.go b/internal/api/api.go index 9f9a4f4..b7f2d00 100644 --- a/internal/api/api.go +++ b/internal/api/api.go @@ -183,6 +183,9 @@ func GetVersionInfo(c echo.Context) error { func Authenticate(c echo.Context) error { authHeader := c.Request().Header["Authorization"] config := configuration.GetConfiguration() + if config.DisableAuth { + return c.JSON(http.StatusOK, "authorized") + } if len(authHeader) == 0 { utils.WriteLog("warning", "user '' unknown or wrong password") return c.JSON(http.StatusUnauthorized, "unauthorized") @@ -205,6 +208,8 @@ func Authenticate(c echo.Context) error { utils.WriteLog("info", fmt.Sprintf("user '%v' authenticated", v)) return c.JSON(http.StatusOK, "authorized") } - utils.WriteLog("warning", fmt.Sprintf("user '%v' unknown or wrong password", v)) + if v != "anonymous" { + utils.WriteLog("warning", fmt.Sprintf("user '%v' unknown or wrong password", v)) + } return c.JSON(http.StatusUnauthorized, "unauthorized") } diff --git a/main.go b/main.go index c5e7985..1b84ab5 100644 --- a/main.go +++ b/main.go @@ -35,11 +35,14 @@ func init() { dev := utils.GetBoolFlagOrEnvParam("x", "FALCOSIDEKICK_UI_DEV", false, "Allow CORS for development") loglevel := utils.GetStringFlagOrEnvParam("l", "FALCOSIDEKICK_UI_LOGLEVEL", "info", "Log Level") user := utils.GetStringFlagOrEnvParam("u", "FALCOSIDEKICK_UI_USER", "admin:admin", "User in format :") + disableauth := utils.GetBoolFlagOrEnvParam("d", "FALCOSIDEKICK_UI_DISABLEAUTH", false, "Disable authentication") flag.Usage = func() { help := `Usage of Falcosidekick-UI: -a string Listen Address (default "0.0.0.0", environment "FALCOSIDEKICK_UI_ADDR") +-d boolean + Disable authentication (environment "FALCOSIDEKICK_UI_DISABLEAUTH") -l string Log level: "debug", "info", "warning", "error" (default "info", environment "FALCOSIDEKICK_UI_LOGLEVEL") -p int @@ -80,6 +83,7 @@ func init() { config.TTL = *ttl config.LogLevel = *loglevel config.Credentials = *user + config.DisableAuth = *disableauth if utils.GetPriortiyInt(config.LogLevel) < 0 { config.LogLevel = "info" @@ -116,6 +120,10 @@ func main() { utils.WriteLog("warning", "DEV mode enabled") e.Use(middleware.CORS()) } + if c.DisableAuth { + utils.WriteLog("warning", "Auhentication disabled") + e.Use(middleware.CORS()) + } utils.WriteLog("info", fmt.Sprintf("Falcosidekick UI is listening on %v:%v", c.ListenAddress, c.ListenPort)) utils.WriteLog("info", fmt.Sprintf("log level is %v", c.LogLevel)) @@ -139,6 +147,9 @@ func main() { apiRoute := e.Group("/api/v1") apiRoute.Use(middleware.BasicAuthWithConfig(middleware.BasicAuthConfig{ Skipper: func(c echo.Context) bool { + if configuration.GetConfiguration().DisableAuth { + return true + } if c.Request().Method == "POST" { return true } @@ -149,6 +160,9 @@ func main() { }, Validator: func(username, password string, c echo.Context) (bool, error) { config := configuration.GetConfiguration() + if username == "" || password == "" { + return true, nil + } if subtle.ConstantTimeCompare([]byte(username+":"+password), []byte(config.Credentials)) == 1 { return true, nil }