Adds header authentication

[TheYsconator]

As asked in #4 by mindfuucker, I wanted to try to implement header authentication. I wanted to add a login-page to Widdler for myself anyway, so issue #4 was a good place to start.

I've never worked with Go before, so please do check my work if you consider accepting this pull request.

[qbit]

Awesome! Thanks for the PR!

[qbit]

Is there a tool or something you are using for testing? @mindfuucker would this PR let things work with Authentik?

[TheYsconator]

I must admit I just used curl to play around with what was accepted and what was not. Is there an automated testing suite for Go that you would recommend? In that case I'll try to add some tests.

The command I used (and some variations thereof) for testing was:

curl -i -H "authusername: password" http://127.0.0.1:8080

In code, on line 273, you can see a prefix. That can be set to the empty string or to something ending with a hyphen, but either of those two messes up the authentication (as headers have automatic capitalization, I believe). I wasn't able to come up with a neater solution, so I basically just prepend auth (without a hyphen) to circumvent that. This was the only issue I was able to find (with my admittedly limited manual testing).

I believe just using a random header for authentication is not standard, but I've implemented it like this as it follows how header authentication is implemented in the Node JS version of TiddlyWiki. Let me know if you want to follow some other standard instead; I don't mind messing with it, and it's always good to get better at more languages.

Thanks for your quick response!

[FunDeckHermit]

Is there a tool or something you are using for testing? @mindfuucker would this PR let things work with Authentik?

Authentik is quite modifiable and setting the username in a random header is easy to implement. It might be interesting to look at other go-based header authentication schemes. Navidrome and Filebrowser come to mind.

It would however be nice (and safer) to make the header a variable (command-line or ENV variable).
These are the settings Navidrome askes for:

#My Docker Compose file for Navidrome
version: "3"
services:
  navidrome:
    image: deluan/navidrome:latest
    restart: unless-stopped
    ports:
      - "80:4533"
    environment:
      ND_SCANSCHEDULE: 1h
      ND_LOGLEVEL: info  
      ND_BASEURL: ""
      ND_REVERSEPROXYUSERHEADER: "X-authentik-username"
      ND_REVERSEPROXYWHITELIST: "0.0.0.0/0"
    volumes:
      - "./data:/data"
      - "/nfs/content/Music:/music:ro"

Hope this helps!

[TheYsconator]

@mindfuucker I've considered environment variables, but that would require more significant changes to the codebase. As I've implemented this without any discussion with @qbit (and given my limited experience with Go), I didn't want to change this codebase too much.

The benefit of my current implementation is that it does not require additional (code for) setup, and that it uses the already existing .htpasswd file. (And, as mentioned, it works in line with Jermolene's implementation - though we don't have to follow that, of course.)

I'm definitely up for adding an option for (or replacing this PR with) using environment variables, but before I start working on that, I'll await qbit's thoughts.

[qbit]

If Authentik can use this scheme, i'd like to go with what we have.

[qbit]

Pulling it in! We can extend it later if need be.