From 0dbfb54ce159af0a596d9fff59e0790008a51a61 Mon Sep 17 00:00:00 2001
From: Ben Kristinsson <ben@sudo.is>
Date: Fri, 7 Oct 2022 18:42:05 +0200
Subject: [PATCH 1/2] script to use authelias basic auth

---
 roles/common/tasks/common.yml              |  1 +
 roles/common/templates/authelia-auth.py.j2 | 55 ++++++++++++++++++++++
 2 files changed, 56 insertions(+)
 create mode 100755 roles/common/templates/authelia-auth.py.j2

diff --git a/roles/common/tasks/common.yml b/roles/common/tasks/common.yml
index 581d784..5a1cf6e 100644
--- a/roles/common/tasks/common.yml
+++ b/roles/common/tasks/common.yml
@@ -508,6 +508,7 @@
     - reboot_required.py
     - update_omzsh.sh
     - matrixmsg.py
+    - authelia-auth.py
   tags:
     - common-scripts
     - update_omzsh
diff --git a/roles/common/templates/authelia-auth.py.j2 b/roles/common/templates/authelia-auth.py.j2
new file mode 100755
index 0000000..6363faa
--- /dev/null
+++ b/roles/common/templates/authelia-auth.py.j2
@@ -0,0 +1,55 @@
+#!/usr/bin/env python3
+#
+
+import requests
+import json
+import argparse
+import os
+import sys
+
+authelia_url = "https://{{ authelia_api_url }}/api/verify"
+
+def make_headers(domain):
+    return {
+        #"X-Real-IP": ip,
+        #"X-Forwarded-For": ip,
+        "X-Original-URL": f"https://{domain}/",
+        "X-Forwarded-Method": "GET",
+        "X-Forwarded-Proto": "https",
+        "X-Forwarded-Host": domain,
+        "X-Forwarded-Uri": "/",
+        "X-Forwarded-Ssl": "on",
+    }
+
+def auth(domain, username, password):
+    r = requests.get(
+        authelia_url,
+        params={'auth': 'basic'},
+        headers=make_headers(domain),
+        auth=(username, password)
+    )
+    return r.status_code == 200
+
+def main():
+    parser = argparse.ArgumentParser()
+    parser.add_argument("domain", help="which rule in authelia to auth against")
+    parser.add_argument("--username", help="overrides env var with the same name")
+    args = parser.parse_args()
+
+    try:
+        if not args.username:
+            username = os.environ['username']
+        else:
+            username = args.username
+        password = os.environ['password']
+    except KeyError:
+        print("missing env var(s)")
+        sys.exit(2)
+
+    if auth(args.domain, username, password):
+        sys.exit(0)
+    else:
+        sys.exit(1)
+
+if __name__ == "__main__":
+    main()
-- 
2.40.1


From 2183bdefd006de3547d4ea949f3543b3642118b8 Mon Sep 17 00:00:00 2001
From: Ben Kristinsson <ben@sudo.is>
Date: Fri, 7 Oct 2022 18:45:26 +0200
Subject: [PATCH 2/2] remove unused import

---
 roles/common/templates/authelia-auth.py.j2 | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/roles/common/templates/authelia-auth.py.j2 b/roles/common/templates/authelia-auth.py.j2
index 6363faa..dc0ab55 100755
--- a/roles/common/templates/authelia-auth.py.j2
+++ b/roles/common/templates/authelia-auth.py.j2
@@ -1,8 +1,6 @@
 #!/usr/bin/env python3
-#
 
 import requests
-import json
 import argparse
 import os
 import sys
@@ -21,6 +19,7 @@ def make_headers(domain):
         "X-Forwarded-Ssl": "on",
     }
 
+
 def auth(domain, username, password):
     r = requests.get(
         authelia_url,
@@ -30,6 +29,7 @@ def auth(domain, username, password):
     )
     return r.status_code == 200
 
+
 def main():
     parser = argparse.ArgumentParser()
     parser.add_argument("domain", help="which rule in authelia to auth against")
@@ -51,5 +51,6 @@ def main():
     else:
         sys.exit(1)
 
+
 if __name__ == "__main__":
     main()
-- 
2.40.1