46 lines
2 KiB
Text
46 lines
2 KiB
Text
|
#!/usr/bin/with-contenv bash
|
||
|
# shellcheck shell=bash
|
||
|
|
||
|
## Override the webui username & password with a custom one for this session,
|
||
|
## to effectively make localhost requests the only valid kind. This was originally
|
||
|
## intended to pass directly to oauth2-proxy, but the qbittorrent auth process
|
||
|
## requires making a request to /api/v2/auth/login, which isn't really possible.
|
||
|
|
||
|
# Generate password and hash into an array in the format of [BASE64_SALT, PASSWORD, BASE64_HASH]
|
||
|
mapfile \
|
||
|
-d ':' \
|
||
|
-t generated \
|
||
|
< <(
|
||
|
python3 \
|
||
|
-c "from hashlib import pbkdf2_hmac; import os, base64, string, random; salt = os.urandom(16); password = ''.join(random.choices(string.ascii_uppercase+string.ascii_lowercase+string.digits, k=64)); print(f'{base64.standard_b64encode(salt).decode()}:{base64.standard_b64encode(pbkdf2_hmac(\"sha512\", password.encode(), salt, 100000)).decode()}', end='')"
|
||
|
)
|
||
|
# Detect if the qbittorrent config file has the LocalHostAuth key already (it doesn't by default)
|
||
|
grep -qF 'WebUI\LocalHostAuth' /config/qBittorrent/qBittorrent.conf
|
||
|
LOCALHOSTAUTH_MISSING=$?
|
||
|
# Modify the qbittorrent config file to
|
||
|
# 1. Replace the username & password entry (username is always DO_NOT_CHANGE)
|
||
|
# 2. Enable localhost whitelisting to allow oauth2-proxy to bypass auth
|
||
|
awk \
|
||
|
-v "salt=${generated[0]}" \
|
||
|
-v "hash=${generated[1]}" \
|
||
|
-v "localhostauth_missing=$LOCALHOSTAUTH_MISSING" \
|
||
|
'/^WebUI\\Password_PBKDF2=/ { \
|
||
|
printf "WebUI\\Password_PBKDF2=\"@ByteArray(%s:%s)\"\n",salt,hash; \
|
||
|
next; \
|
||
|
}; \
|
||
|
/^WebUI\\Username=/ { \
|
||
|
print "WebUI\\Username=DO_NOT_CHANGE"; \
|
||
|
next; \
|
||
|
}; \
|
||
|
/^WebUI\\LocalHostAuth=/ { \
|
||
|
print "WebUI\\LocalHostAuth=false"; \
|
||
|
next; \
|
||
|
} \
|
||
|
/^\[Preferences]/ { \
|
||
|
print;
|
||
|
if (localhostauth_missing == 1) print "WebUI\\LocalHostAuth=false"; \
|
||
|
next;
|
||
|
} \
|
||
|
{ print; }' \
|
||
|
/config/qBittorrent/qBittorrent.conf \
|
||
|
> tmp && mv tmp /config/qBittorrent/qBittorrent.conf
|