authelia: Restrict access to firefly
Since we've configured the Ingress for Firefly III to log everyone in as *dustin* via a faked `Remote-User` request header, any user on the Pyrocufflink domain would be able to see my finances. Using Authelia's access control mechanism, we can restrict this to only users in a specific group.
This commit is contained in:
@@ -14,6 +14,20 @@ access_control:
|
|||||||
policy: bypass
|
policy: bypass
|
||||||
- domain: firefly.pyrocufflink.blue
|
- domain: firefly.pyrocufflink.blue
|
||||||
policy: two_factor
|
policy: two_factor
|
||||||
|
subject:
|
||||||
|
- 'group:Firefly III Users'
|
||||||
|
- domain: firefly-importer.pyrocufflink.blue
|
||||||
|
policy: two_factor
|
||||||
|
subject:
|
||||||
|
- 'group:Firefly III Users'
|
||||||
|
- domain: firefly-importer.pyrocufflink.blue
|
||||||
|
policy: one_factor
|
||||||
|
subject:
|
||||||
|
- 'user:svc.xactfetch'
|
||||||
|
- domain: firefly.pyrocufflink.blue
|
||||||
|
policy: deny
|
||||||
|
- domain: firefly-importer.pyrocufflink.blue
|
||||||
|
policy: deny
|
||||||
- domain: scan.pyrocufflink.blue
|
- domain: scan.pyrocufflink.blue
|
||||||
networks:
|
networks:
|
||||||
- internal
|
- internal
|
||||||
|
|||||||
Reference in New Issue
Block a user