Make the rspamd webui available, fixes #157

master
kaiyou 7 years ago
parent 3675fdb915
commit 1a3f85fbc2

@ -45,7 +45,8 @@ default_config = {
'DISABLE_STATISTICS': 'False', 'DISABLE_STATISTICS': 'False',
'WELCOME': 'False', 'WELCOME': 'False',
'WELCOME_SUBJECT': 'Dummy welcome topic', 'WELCOME_SUBJECT': 'Dummy welcome topic',
'WELCOME_BODY': 'Dummy welcome body' 'WELCOME_BODY': 'Dummy welcome body',
'WEB_ADMIN': '/admin'
} }
# Load configuration from the environment if available # Load configuration from the environment if available
@ -78,12 +79,12 @@ def get_locale():
# Login configuration # Login configuration
login_manager = flask_login.LoginManager() login_manager = flask_login.LoginManager()
login_manager.init_app(app) login_manager.init_app(app)
login_manager.login_view = ".login" login_manager.login_view = "ui.login"
@login_manager.unauthorized_handler @login_manager.unauthorized_handler
def handle_needs_login(): def handle_needs_login():
return flask.redirect( return flask.redirect(
flask.url_for('.login', next=flask.request.endpoint) flask.url_for('ui.login', next=flask.request.endpoint)
) )
@app.context_processor @app.context_processor

@ -2,6 +2,7 @@ from mailu import db, models, app, limiter
from mailu.internal import internal, nginx from mailu.internal import internal, nginx
import flask import flask
import flask_login
@internal.route("/auth/email") @internal.route("/auth/email")
@ -17,3 +18,13 @@ def nginx_authentication():
for key, value in headers.items(): for key, value in headers.items():
response.headers[key] = str(value) response.headers[key] = str(value)
return response return response
@internal.route("/auth/admin")
def admin_authentication():
""" Fails if the user is not an authenticated admin.
"""
if (not flask_login.current_user.is_anonymous
and flask_login.current_user.global_admin):
return ""
return flask.abort(403)

@ -59,6 +59,11 @@
<i class="fa fa-reply-all"></i> <span>{% trans %}Relayed domains{% endtrans %}</span> <i class="fa fa-reply-all"></i> <span>{% trans %}Relayed domains{% endtrans %}</span>
</a> </a>
</li> </li>
<li>
<a href="{{ config["WEB_ADMIN"] }}/antispam/">
<i class="fa fa-trash-o"></i> <span>{% trans %}Antispam{% endtrans %}</span>
</a>
</li>
{% endif %} {% endif %}
{% if current_user.manager_of or current_user.global_admin %} {% if current_user.manager_of or current_user.global_admin %}
<li> <li>

@ -71,11 +71,20 @@ http {
location {{ WEB_ADMIN }} { location {{ WEB_ADMIN }} {
return 301 {{ WEB_ADMIN }}/ui; return 301 {{ WEB_ADMIN }}/ui;
} }
location ~ {{ WEB_ADMIN }}/(ui|static) { location ~ {{ WEB_ADMIN }}/(ui|static) {
rewrite ^{{ WEB_ADMIN }}/(.*) /$1 break; rewrite ^{{ WEB_ADMIN }}/(.*) /$1 break;
proxy_set_header X-Forwarded-Prefix {{ WEB_ADMIN }}; proxy_set_header X-Forwarded-Prefix {{ WEB_ADMIN }};
proxy_pass http://admin; proxy_pass http://admin;
} }
location {{ WEB_ADMIN }}/antispam {
rewrite ^{{ WEB_ADMIN }}/antispam/(.*) /$1 break;
auth_request /internal/auth/admin;
proxy_set_header X-Real-IP "";
proxy_set_header X-Forwarded-For "";
proxy_pass http://antispam:11334;
}
{% endif %} {% endif %}
{% if WEBDAV != 'none' %} {% if WEBDAV != 'none' %}
@ -85,6 +94,14 @@ http {
} }
{% endif %} {% endif %}
{% endif %} {% endif %}
location /internal {
internal;
proxy_pass http://admin;
proxy_pass_request_body off;
proxy_set_header Content-Length "";
}
} }
# Forwarding authentication server # Forwarding authentication server

Loading…
Cancel
Save