From 856ef369696331743b26d8e1057b81cc049b2903 Mon Sep 17 00:00:00 2001
From: decentral1se <cellarspoon@riseup.net>
Date: Thu, 14 Mar 2024 17:25:51 +0100
Subject: [PATCH] feat: http basic auth

Closes https://git.coopcloud.tech/coop-cloud/sextant/issues/1
---
 .env.sample           |  6 ++++++
 compose.basicauth.yml | 15 +++++++++++++++
 sextant.conf.tmpl     |  4 ++++
 3 files changed, 25 insertions(+)
 create mode 100644 compose.basicauth.yml

diff --git a/.env.sample b/.env.sample
index edc66b5..a419616 100644
--- a/.env.sample
+++ b/.env.sample
@@ -1,3 +1,9 @@
 TYPE=sextant
 DOMAIN=sextant.example.com
 LETS_ENCRYPT_ENV=production
+
+# HTTP basic auth
+#COMPOSE_FILE="compose.yml:compose.basicauth.yml"
+#HTTP_BASIC_AUTH_ENABLED=1
+#HTTP_BASIC_AUTH_USERNAME=foo
+#SECRET_AUTH_PASSWORD_VERSION=v1
diff --git a/compose.basicauth.yml b/compose.basicauth.yml
new file mode 100644
index 0000000..e49f4cf
--- /dev/null
+++ b/compose.basicauth.yml
@@ -0,0 +1,15 @@
+---
+version: "3.8"
+
+services:
+  app:
+    environment:
+      - HTTP_BASIC_AUTH_ENABLED
+      - HTTP_BASIC_AUTH_USERNAME
+    secrets:
+      - auth_password
+
+secrets:
+  auth_password:
+    name: ${STACK_NAME}_auth_password_${SECRET_AUTH_PASSWORD_VERSION}
+    external: true
diff --git a/sextant.conf.tmpl b/sextant.conf.tmpl
index e9a635e..75c4833 100644
--- a/sextant.conf.tmpl
+++ b/sextant.conf.tmpl
@@ -4,3 +4,7 @@ nominatim_url    = "https://nominatim.openstreetmap.org/search.php"
 vroom_url        = "https://routing.eotl.supply/osmr"
 dsn              = "~/.sextant.db"
 ssrauth_filepath = "/var/www/htdocs/default/.ssr/auth"
+{{ if eq (env "HTTP_BASIC_AUTH_ENABLED") "1" }}
+http_basic_auth_username = "{{ env "HTTP_BASIC_AUTH_USERNAME" }}"
+http_basic_auth_password = "{{ secret "auth_password" }}"
+{{ end }}