8x48/homepage
1
0
Fork 0
mirror of https://github.com/gethomepage/homepage.git synced 2026-02-07 16:30:52 +08:00
Code Issues Actions 6 Packages Projects Releases Wiki Activity

docs, allowed hosts stuff

Browse Source 
[ci skip]
This commit is contained in:
shamoon
2026-01-20 22:54:59 -08:00
parent 0660b91d94
commit f0e65a6ac8
6 changed files with 14 additions and 42 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
src/middleware.js
View File

@@ -1,23 +1,17 @@
import { getToken } from "next-auth/jwt";
import { NextResponse } from "next/server";
const authEnabled = process.env.HOMEPAGE_AUTH_ENABLED === "true";
const authEnabled = Boolean(process.env.HOMEPAGE_AUTH_ENABLED);
const authSecret = process.env.NEXTAUTH_SECRET || process.env.HOMEPAGE_AUTH_SECRET;
let warnedAllowedHosts = false;
export async function middleware(req) {
// Host validation (status quo)
const host = req.headers.get("host");
const port = process.env.PORT || 3000;
let allowedHosts = [`localhost:${port}`, `127.0.0.1:${port}`, `[::1]:${port}`];
const allowAll = process.env.HOMEPAGE_ALLOWED_HOSTS === "*";
if (process.env.HOMEPAGE_ALLOWED_HOSTS) {
allowedHosts = allowedHosts.concat(process.env.HOMEPAGE_ALLOWED_HOSTS.split(","));
}
if (!allowAll && (!host || !allowedHosts.includes(host))) {
console.error(
`Host validation failed for: ${host}. Hint: Set the HOMEPAGE_ALLOWED_HOSTS environment variable to allow requests from this host / port.`,
if (!warnedAllowedHosts && process.env.HOMEPAGE_ALLOWED_HOSTS) {
warnedAllowedHosts = true;
// eslint-disable-next-line no-console
console.warn(
"HOMEPAGE_ALLOWED_HOSTS is deprecated. To secure a publicly accessible homepage, configure authentication instead.",
);
return NextResponse.json({ error: "Host validation failed. See logs for more details." }, { status: 400 });
}
if (authEnabled) {

8
src/pages/api/auth/[...nextauth].js
View File

@@ -1,13 +1,13 @@
import NextAuth from "next-auth";
const authEnabled = process.env.HOMEPAGE_AUTH_ENABLED === "true";
const authEnabled = Boolean(process.env.HOMEPAGE_AUTH_ENABLED);
const issuer = process.env.HOMEPAGE_OIDC_ISSUER;
const clientId = process.env.HOMEPAGE_OIDC_CLIENT_ID;
const clientSecret = process.env.HOMEPAGE_OIDC_CLIENT_SECRET;
const homepageAuthSecret = process.env.HOMEPAGE_AUTH_SECRET;
const homepageExternalUrl = process.env.HOMEPAGE_EXTERNAL_URL;
// Map HOMEPAGE_* envs to what NextAuth expects so users dont need NEXTAUTH_* explicitly.
// Map HOMEPAGE_* envs to what NextAuth expects
if (!process.env.NEXTAUTH_SECRET && homepageAuthSecret) {
process.env.NEXTAUTH_SECRET = homepageAuthSecret;
}
@@ -22,9 +22,7 @@ if (
authEnabled &&
(!issuer || !clientId || !clientSecret || !process.env.NEXTAUTH_SECRET || !process.env.NEXTAUTH_URL)
) {
throw new Error(
"OIDC auth is enabled but required settings are missing. Please set HOMEPAGE_OIDC_ISSUER, HOMEPAGE_OIDC_CLIENT_ID, HOMEPAGE_OIDC_CLIENT_SECRET, HOMEPAGE_AUTH_SECRET, and HOMEPAGE_EXTERNAL_URL.",
);
throw new Error("OIDC auth is enabled but required settings are missing.");
}
let providers = [];