optional basic HTTP authentication, resolves #62

tubesync/common/middleware.py

@@ -1,4 +1,6 @@
+from django.conf import settings
 from django.forms import BaseForm
+from basicauth.middleware import BasicAuthMiddleware as BaseBasicAuthMiddleware
 
 
 class MaterializeDefaultFieldsMiddleware:
@@ -19,3 +21,12 @@ class MaterializeDefaultFieldsMiddleware:
                 for _, field in v.fields.items():
                     field.widget.attrs.update({'class':'browser-default'})
         return response
+
+
+class BasicAuthMiddleware(BaseBasicAuthMiddleware):
+
+    def process_request(self, request):
+        bypass_uris = getattr(settings, 'BASICAUTH_ALWAYS_ALLOW_URIS', [])
+        if request.path in bypass_uris:
+            return None
+        return super().process_request(request)

tubesync/tubesync/local_settings.py.container

@@ -38,3 +38,15 @@ if BACKGROUND_TASK_ASYNC_THREADS > MAX_BACKGROUND_TASK_ASYNC_THREADS:
 MEDIA_ROOT = CONFIG_BASE_DIR / 'media'
 DOWNLOAD_ROOT = DOWNLOADS_BASE_DIR
 YOUTUBE_DL_CACHEDIR = CONFIG_BASE_DIR / 'cache'
+
+
+BASICAUTH_USERNAME = os.getenv('HTTP_USER', '').strip()
+BASICAUTH_PASSWORD = os.getenv('HTTP_PASS', '').strip()
+if BASICAUTH_USERNAME and BASICAUTH_PASSWORD:
+    BASICAUTH_DISABLE = False
+    BASICAUTH_USERS = {
+        BASICAUTH_USERNAME: BASICAUTH_PASSWORD,
+    }
+else:
+    BASICAUTH_DISABLE = True
+    BASICAUTH_USERS = {}

tubesync/tubesync/settings.py

@@ -37,6 +37,7 @@ MIDDLEWARE = [
     'django.middleware.clickjacking.XFrameOptionsMiddleware',
     'whitenoise.middleware.WhiteNoiseMiddleware',
     'common.middleware.MaterializeDefaultFieldsMiddleware',
+    'common.middleware.BasicAuthMiddleware',
 ]
 
 
@@ -117,6 +118,12 @@ Disallow: /
 X_FRAME_OPTIONS = 'SAMEORIGIN'
 
 
+BASICAUTH_DISABLE = True
+BASICAUTH_REALM = 'Authenticate to TubeSync'
+BASICAUTH_ALWAYS_ALLOW_URIS = ('/healthcheck',)
+BASICAUTH_USERS = {}
+
+
 HEALTHCHECK_FIREWALL = True
 HEALTHCHECK_ALLOWED_IPS = ('127.0.0.1',)