dangle · May 5, 2025 17:14
diff --git a/README.md b/README.md
diff --git a/unraid_scope_mapping.py b/unraid_scope_mapping.py
 ###############################################################################
 ##### Important Variables #####################################################
 ###############################################################################
 # Set this to your internal Unraid domain or IP
 # Include the port if necessary
 internal_host = "unraid.internal"

 # Set this to your external Unraid domain
 external_host = "unraid.external"

 # This is the attribute the password is stored in on the user
 password_attribute = "unraid_password"
 ###############################################################################

 import hashlib

 # Check if the user has the password attribute
 # My users inherit it from the group "Unraid Admins"
 all_attributes = request.user.group_attributes()

 if password_attribute not in all_attributes:
    ak_logger.info(f"user does not have the {password_attribute} attribute")
    return {}

 # As far as I know, this is the only valid username for Unraid
 unraid_username = "root"

 # Get the Unraid password from the attributes
 unraid_password = all_attributes[password_attribute]

 # Build the URI for the internal Unraid login page
 unraid_uri = f"http://{internal_host}/login"

 # Login to Unraid
 response = requests.post(
    unraid_uri,
    data={
        "username": unraid_username,
        "password": unraid_password,
    },
    allow_redirects=False,  # It's important to not follow redirects
 )

 # Unraid returns a redirect to the main page when successful
 if response.status_code != 302:
    ak_logger.error(f"the request failed with: {response.text}")
    return {}

 # Look for the Unraid cookie
 # The Unraid cookie format is "unraid_{md5(server_name)}" so we can't just copy
 # it directly
 for key, value in response.cookies.items():
    if key.startswith("unraid_"):
        ak_logger.info(f"found cookie '{key}'; creating new cookie for host '{external_host}'")

        # The session for the browser won't match the internal site, so we have
        # to create a new key for our cookie
        host_hash = hashlib.md5(external_host.encode()).hexdigest()
        cookie = f"unraid_{host_hash}={value}; path=/; HttpOnly; SameSite=Lax"

        # Add a header to set this new cookie in the response to the browser
        return {
            "ak_proxy": {
                "user_attributes": {
                    "additionalHeaders": {
                        "Set-Cookie": cookie,
                    }
                }
            }
        }

 # Something went wrong if the login succeeded but the cookie is missing
 ak_logger.error("cannot get unraid token")
 return {}
	###############################################################################
	##### Important Variables #####################################################
	###############################################################################
	# Set this to your internal Unraid domain or IP
	# Include the port if necessary
	internal_host = "unraid.internal"

	# Set this to your external Unraid domain
	external_host = "unraid.external"

	# This is the attribute the password is stored in on the user
	password_attribute = "unraid_password"
	###############################################################################

	import hashlib

	# Check if the user has the password attribute
	# My users inherit it from the group "Unraid Admins"
	all_attributes = request.user.group_attributes()

	if password_attribute not in all_attributes:
	ak_logger.info(f"user does not have the {password_attribute} attribute")
	return {}

	# As far as I know, this is the only valid username for Unraid
	unraid_username = "root"

	# Get the Unraid password from the attributes
	unraid_password = all_attributes[password_attribute]

	# Build the URI for the internal Unraid login page
	unraid_uri = f"http://{internal_host}/login"

	# Login to Unraid
	response = requests.post(
	unraid_uri,
	data={
	"username": unraid_username,
	"password": unraid_password,
	},
	allow_redirects=False, # It's important to not follow redirects
	)

	# Unraid returns a redirect to the main page when successful
	if response.status_code != 302:
	ak_logger.error(f"the request failed with: {response.text}")
	return {}

	# Look for the Unraid cookie
	# The Unraid cookie format is "unraid_{md5(server_name)}" so we can't just copy
	# it directly
	for key, value in response.cookies.items():
	if key.startswith("unraid_"):
	ak_logger.info(f"found cookie '{key}'; creating new cookie for host '{external_host}'")

	# The session for the browser won't match the internal site, so we have
	# to create a new key for our cookie
	host_hash = hashlib.md5(external_host.encode()).hexdigest()
	cookie = f"unraid_{host_hash}={value}; path=/; HttpOnly; SameSite=Lax"

	# Add a header to set this new cookie in the response to the browser
	return {
	"ak_proxy": {
	"user_attributes": {
	"additionalHeaders": {
	"Set-Cookie": cookie,
	}
	}
	}
	}

	# Something went wrong if the login succeeded but the cookie is missing
	ak_logger.error("cannot get unraid token")
	return {}