kevinoconnor7 · March 17, 2024 15:09
diff --git a/authelia.sh b/authelia.sh
 #!/bin/bash
 set -euo pipefail
 IFS=$'\n\t'

 ## BEGIN CONFIGURATION SECTION ##

 # The domain/path of your authelia service. For example:
 #  - sso.example.com
 #  - example.com/auth
 #  - example.com:8443
 #
 # Do not include protocol or a trailing slash. Redirects will
 # _not_ be followed.
 # For safety we will force the request to be done over https.
 AUTHELIA_DOMAIN="sso.example.com"

 # The fully URL for your Home Assistant instance. This will
 # be provided to Authelia for authoriziation purposes.
 HOME_ASSISTANT_URL="https://home.example.com"

 # Usernames should be validated using a regular expression to be of
 # a known format. Special characters will be escaped anyway, but it is
 # generally not recommended to allow more than necessary.
 # This pattern is set by default. In your config file, you can either
 # overwrite it with a different one or use "unset USERNAME_PATTERN" to
 # disable validation completely.
 USERNAME_PATTERN='^[a-z|A-Z|0-9|_|-|.]+$'

 ## END CONFIGURATION SECTION ##



 # Log messages to stderr.
 log() {
  echo "$1" >&2
 }

 err=0

 # Check username and password are present and not malformed.
 if [ -z "$username" ] || [ -z "$password" ]; then
  log "Need username and password environment variables."
  err=1
 elif [ ! -z "$USERNAME_PATTERN" ]; then
  username_match=$(echo "$username" | sed -r "s/$USERNAME_PATTERN/x/")
  if [ "$username_match" != "x" ]; then
    log "Username '$username' has an invalid format."
    err=1
  fi
 fi

 [ $err -ne 0 ] && exit 2

 status_code=$(curl --head --silent \
  --request GET \
  --header "X-Original-URL: https://${HOME_ASSISTANT_URL}" \
  --basic --user "${username}:${password}" \
  -o /dev/null \
  -w '%{http_code}' \
  "https://${AUTHELIA_DOMAIN}/api/verify?auth=basic")

 # Auth success!
 [ $status_code -eq 200 ] && exit 0

 # Auth failed
 exit 3
	#!/bin/bash
	set -euo pipefail
	IFS=$'\n\t'

	## BEGIN CONFIGURATION SECTION ##

	# The domain/path of your authelia service. For example:
	# - sso.example.com
	# - example.com/auth
	# - example.com:8443
	#
	# Do not include protocol or a trailing slash. Redirects will
	# _not_ be followed.
	# For safety we will force the request to be done over https.
	AUTHELIA_DOMAIN="sso.example.com"

	# The fully URL for your Home Assistant instance. This will
	# be provided to Authelia for authoriziation purposes.
	HOME_ASSISTANT_URL="https://home.example.com"

	# Usernames should be validated using a regular expression to be of
	# a known format. Special characters will be escaped anyway, but it is
	# generally not recommended to allow more than necessary.
	# This pattern is set by default. In your config file, you can either
	# overwrite it with a different one or use "unset USERNAME_PATTERN" to
	# disable validation completely.
	USERNAME_PATTERN='^[a-z\|A-Z\|0-9\|_\|-\|.]+$'

	## END CONFIGURATION SECTION ##



	# Log messages to stderr.
	log() {
	echo "$1" >&2
	}

	err=0

	# Check username and password are present and not malformed.
	if [ -z "$username" ] \|\| [ -z "$password" ]; then
	log "Need username and password environment variables."
	err=1
	elif [ ! -z "$USERNAME_PATTERN" ]; then
	username_match=$(echo "$username" \| sed -r "s/$USERNAME_PATTERN/x/")
	if [ "$username_match" != "x" ]; then
	log "Username '$username' has an invalid format."
	err=1
	fi
	fi

	[ $err -ne 0 ] && exit 2

	status_code=$(curl --head --silent \
	--request GET \
	--header "X-Original-URL: https://${HOME_ASSISTANT_URL}" \
	--basic --user "${username}:${password}" \
	-o /dev/null \
	-w '%{http_code}' \
	"https://${AUTHELIA_DOMAIN}/api/verify?auth=basic")

	# Auth success!
	[ $status_code -eq 200 ] && exit 0

	# Auth failed
	exit 3