From 9a8fe0e854be106973e652dca4a75993042f6de4 Mon Sep 17 00:00:00 2001
From: Angel Nunez Mencias <git@angelnu.com>
Date: Mon, 28 Mar 2022 09:31:43 +0200
Subject: [PATCH] [recipes] reverse proxy auth support (#1467)

Co-authored-by: angelnu <git@angelnucom>
---
 charts/stable/recipes/Chart.yaml               |  6 +++---
 charts/stable/recipes/README.md                | 11 ++++++-----
 charts/stable/recipes/templates/configmap.yaml |  1 +
 charts/stable/recipes/values.yaml              |  5 ++++-
 4 files changed, 14 insertions(+), 9 deletions(-)

diff --git a/charts/stable/recipes/Chart.yaml b/charts/stable/recipes/Chart.yaml
index 352eaaeb..1ccbdccf 100644
--- a/charts/stable/recipes/Chart.yaml
+++ b/charts/stable/recipes/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: 1.0.5.2
 description: Recipes is a Django application to manage, tag and search recipes using either built in models or external storage providers hosting PDF's, Images or other files.
 name: recipes
-version: 6.3.0
+version: 6.4.0
 kubeVersion: ">=1.16.0-0"
 keywords:
   - recipes
@@ -21,5 +21,5 @@ dependencies:
     version: 4.3.0
 annotations:
   artifacthub.io/changes: |
-    - kind: changed
-      description: Upgraded `tandoor` to version `1.0.5.2` and `nginx` sidecar `1.21.6`.
+    - kind: added
+      description: Support for reverse proxy authentication.
diff --git a/charts/stable/recipes/README.md b/charts/stable/recipes/README.md
index fc7ebc75..16198e9a 100644
--- a/charts/stable/recipes/README.md
+++ b/charts/stable/recipes/README.md
@@ -1,6 +1,6 @@
 # recipes
 
-![Version: 6.3.0](https://img.shields.io/badge/Version-6.3.0-informational?style=flat-square) ![AppVersion: 1.0.5.2](https://img.shields.io/badge/AppVersion-1.0.5.2-informational?style=flat-square)
+![Version: 6.4.0](https://img.shields.io/badge/Version-6.4.0-informational?style=flat-square) ![AppVersion: 1.0.5.2](https://img.shields.io/badge/AppVersion-1.0.5.2-informational?style=flat-square)
 
 Recipes is a Django application to manage, tag and search recipes using either built in models or external storage providers hosting PDF's, Images or other files.
 
@@ -83,22 +83,23 @@ N/A
 | ingress.main | object | See values.yaml | Enable and configure ingress settings for the chart under this key. |
 | persistence | object | See values.yaml | Configure persistence settings for the chart under this key. |
 | service | object | See values.yaml | Configures service settings for the chart. |
-| sidecar.config | object | `{"client_max_body_size":"128M"}` | specify nginx related configs |
+| sidecar.config.client_max_body_size | string | `"128M"` | define the max body size to allow larger files to be uploaded |
+| sidecar.config.reverse_proxy_header_username | string | `"x_authentik_username"` | define the name of the variable in the header containing the authenticated user. It is used together with enabling `REVERSE_PROXY_AUTH` |
 | sidecar.image.pullPolicy | string | `"IfNotPresent"` | nginx sidecar image pull policy |
 | sidecar.image.repository | string | `"nginx"` | nginx sidecar image repository |
 | sidecar.image.tag | string | `"1.21.6"` | nginx sidecar image tag |
 
 ## Changelog
 
-### Version 6.3.0
+### Version 6.4.0
 
 #### Added
 
-N/A
+* Support for reverse proxy authentication.
 
 #### Changed
 
-* Upgraded `tandoor` to version `1.0.5.2` and `nginx` sidecar `1.21.6`.
+N/A
 
 #### Fixed
 
diff --git a/charts/stable/recipes/templates/configmap.yaml b/charts/stable/recipes/templates/configmap.yaml
index d12d3fc9..0e9254cd 100644
--- a/charts/stable/recipes/templates/configmap.yaml
+++ b/charts/stable/recipes/templates/configmap.yaml
@@ -27,6 +27,7 @@ data:
         # pass requests for dynamic content to gunicorn
         location / {
           proxy_set_header Host $host;
+          proxy_set_header REMOTE-USER $http_{{ .Values.sidecar.config.reverse_proxy_header_username }};
           proxy_pass http://localhost:8080;
         }
       }
diff --git a/charts/stable/recipes/values.yaml b/charts/stable/recipes/values.yaml
index 60306240..b0a26cee 100644
--- a/charts/stable/recipes/values.yaml
+++ b/charts/stable/recipes/values.yaml
@@ -21,9 +21,11 @@ sidecar:
     tag: 1.21.6
     # -- nginx sidecar image pull policy
     pullPolicy: IfNotPresent
-  # -- specify nginx related configs
   config:
+    # -- define the max body size to allow larger files to be uploaded
     client_max_body_size: "128M"
+    # -- define the name of the variable in the header containing the authenticated user. It is used together with enabling `REVERSE_PROXY_AUTH`
+    reverse_proxy_header_username: x_authentik_username
 
 # -- environment variables. See [project docs](https://raw.githubusercontent.com/vabene1111/recipes/master/.env.template) for more details.
 # @default -- See below
@@ -42,6 +44,7 @@ env:
   FRACTION_PREF_DEFAULT: "0"
   COMMENT_PREF_DEFAULT: "1"
   SHOPPING_MIN_AUTOSYNC_INTERVAL: "5"
+  REVERSE_PROXY_AUTH: 0
 
 # -- Configures service settings for the chart.
 # @default -- See values.yaml