Paul Fitzpatrick
Paul Fitzpatrick
@MHOOO there are a few possible directions to go. One way is to patch this method: https://github.com/gristlabs/grist-core/blob/99ee495b4be0af7408c662671acb540988e3b624/app/server/lib/Authorizer.ts#L93 It is a piece of middleware wrapped around every request. It has access...
@MHOOO that looks very close. The error you are seeing is coming from `getUserProfiles`, which is expecting to find a list of potential users in `mreq.users`. To explain that: Grist...
Hmm not sure what that error is, are there any earlier errors? The error is showing a problem starting python for formula evaluation, but the error shown in the logs...
Great, look forward to seeing what you come up with!
Ah, I think there's a wrinkle with the websocket used for documents. The websocket code kind of does its own thing for authentication, the express middleware isn't easy to apply....
@MHOOO there is one more place that needs updating, related to websockets, in `Comm.js`. I made this experiment, hardcoding a `[email protected]` user just for simplicity: ```diff diff --git a/app/server/lib/Authorizer.ts b/app/server/lib/Authorizer.ts...
Glad that works @MHOOO! Yes, we'd be glad to incorporate this, as a form of authentication that can be configured - wouldn't want it on by default since `x-remote-user` could...
> Alright, I'll try that and also add an environment variable to configure the feature. Any preferences on where such a method should live? Perhaps in `Authorizer.ts`? No strong preference.
Hmm, after pulling the latest docker image I ran: ``` docker run --env GRIST_PROXY_AUTH_HEADER=trust-me --env DEBUG=1 -p8484:8484 -it gristlabs/grist ``` and then: ``` $ curl -H "trust-me: paul@me" http://localhost:8484/api/session/access/active {"user":{"id":6,"email":"paul@me","name":"paul","picture":null},"org":null}...
@helmut72 I think it may be a header name normalization issue. Would it work with all lowercase?