homepage/src/utils/proxy/handlers/credentialed.js

import { getSettings } from "utils/config/config";
import getServiceWidget from "utils/config/service-helpers";
import createLogger from "utils/logger";
import { formatApiCall, sanitizeErrorURL } from "utils/proxy/api-helpers";
import { httpProxy } from "utils/proxy/http";
import validateWidgetData from "utils/proxy/validate-widget-data";
import widgets from "widgets/widgets";

const logger = createLogger("credentialedProxyHandler");

export default async function credentialedProxyHandler(req, res, map) {
  const { group, service, endpoint, index } = req.query;

  if (group && service) {
    const widget = await getServiceWidget(group, service, index);

    if (!widgets?.[widget.type]?.api) {
      return res.status(403).json({ error: "Service does not support API calls" });
    }

    if (widget) {
      const url = new URL(formatApiCall(widgets[widget.type].api, { endpoint, ...widget }));

      const headers = {
        "Content-Type": "application/json",
      };

      if (widget.type === "stocks") {
        const { providers } = getSettings();
        if (widget.provider === "finnhub" && providers?.finnhub) {
          headers["X-Finnhub-Token"] = `${providers?.finnhub}`;
        }
      } else if (widget.type === "coinmarketcap") {
        headers["X-CMC_PRO_API_KEY"] = `${widget.key}`;
      } else if (widget.type === "gotify") {
        headers["X-gotify-Key"] = `${widget.key}`;
      } else if (
        [
          "argocd",
          "authentik",
          "cloudflared",
          "ghostfolio",
          "headscale",
          "hoarder",
          "karakeep",
          "linkwarden",
          "mealie",
          "netalertx",
          "tailscale",
          "tandoor",
          "pterodactyl",
          "vikunja",
          "firefly",
        ].includes(widget.type)
      ) {
        headers.Authorization = `Bearer ${widget.key}`;
      } else if (widget.type === "truenas") {
        if (widget.key) {
          headers.Authorization = `Bearer ${widget.key}`;
        } else {
          headers.Authorization = `Basic ${Buffer.from(`${widget.username}:${widget.password}`).toString("base64")}`;
        }
      } else if (widget.type === "proxmox") {
        headers.Authorization = `PVEAPIToken=${widget.username}=${widget.password}`;
      } else if (widget.type === "proxmoxbackupserver") {
        delete headers["Content-Type"];
        headers.Authorization = `PBSAPIToken=${widget.username}:${widget.password}`;
      } else if (widget.type === "autobrr") {
        headers["X-API-Token"] = `${widget.key}`;
      } else if (widget.type === "tubearchivist") {
        headers.Authorization = `Token ${widget.key}`;
      } else if (widget.type === "miniflux") {
        headers["X-Auth-Token"] = `${widget.key}`;
      } else if (widget.type === "nextcloud") {
        if (widget.key) {
          headers["NC-Token"] = `${widget.key}`;
        } else {
          headers.Authorization = `Basic ${Buffer.from(`${widget.username}:${widget.password}`).toString("base64")}`;
        }
      } else if (widget.type === "paperlessngx") {
        if (widget.key) {
          headers.Authorization = `Token ${widget.key}`;
        } else {
          headers.Authorization = `Basic ${Buffer.from(`${widget.username}:${widget.password}`).toString("base64")}`;
        }
      } else if (widget.type === "azuredevops") {
        headers.Authorization = `Basic ${Buffer.from(`$:${widget.key}`).toString("base64")}`;
      } else if (widget.type === "glances") {
        headers.Authorization = `Basic ${Buffer.from(`${widget.username}:${widget.password}`).toString("base64")}`;
      } else if (widget.type === "plantit") {
        headers.Key = `${widget.key}`;
      } else if (widget.type === "myspeed") {
        headers.Password = `${widget.password}`;
      } else if (widget.type === "esphome") {
        if (widget.username && widget.password) {
          headers.Authorization = `Basic ${Buffer.from(`${widget.username}:${widget.password}`).toString("base64")}`;
        } else if (widget.key) {
          headers.Cookie = `authenticated=${widget.key}`;
        }
      } else if (widget.type === "wgeasy") {
        headers.Authorization = widget.password;
      } else if (widget.type === "gitlab") {
        headers["PRIVATE-TOKEN"] = widget.key;
      } else if (widget.type === "speedtest") {
        if (widget.key) {
          // v1 does not require a key
          headers.Authorization = `Bearer ${widget.key}`;
        }
      } else {
        headers["X-API-Key"] = `${widget.key}`;
      }

      const [status, contentType, data] = await httpProxy(url, {
        method: req.method,
        withCredentials: true,
        credentials: "include",
        headers,
      });

      let resultData = data;

      if (resultData.error?.url) {
        resultData.error.url = sanitizeErrorURL(url);
      }

      if (status === 204 || status === 304) {
        return res.status(status).end();
      }

      if (status >= 400) {
        logger.error("HTTP Error %d calling %s", status, url.toString());
      }

      if (status === 200) {
        if (!validateWidgetData(widget, endpoint, resultData)) {
          return res
            .status(500)
            .json({ error: { message: "Invalid data", url: sanitizeErrorURL(url), data: resultData } });
        }
        if (map) resultData = map(resultData);
      }

      if (contentType) res.setHeader("Content-Type", contentType);
      return res.status(status).send(resultData);
    }
  }

  logger.debug("Invalid or missing proxy service type '%s' in group '%s'", service, group);
  return res.status(400).json({ error: "Invalid proxy service type" });
}
Chore: add organize imports to pre-commit (#5104) 2025-03-30 21:40:03 -07:00			`import { getSettings } from "utils/config/config";`
further restructuring 2022-09-26 15:25:10 +03:00			`import getServiceWidget from "utils/config/service-helpers";`
Chore: add organize imports to pre-commit (#5104) 2025-03-30 21:40:03 -07:00			`import createLogger from "utils/logger";`
Strip sensitive information contained in URLs from frontend API calls 2023-02-15 14:46:31 -08:00			`import { formatApiCall, sanitizeErrorURL } from "utils/proxy/api-helpers";`
utils cleanup, initial static generation 2022-09-26 12:04:37 +03:00			`import { httpProxy } from "utils/proxy/http";`
Chore: add organize imports to pre-commit (#5104) 2025-03-30 21:40:03 -07:00			`import validateWidgetData from "utils/proxy/validate-widget-data";`
starting of widget refactoring 2022-09-25 19:43:47 +03:00			`import widgets from "widgets/widgets";`
refactor widget api design this passes all widget API calls through the backend, with a pluggable design and reusable API handlers 2022-09-04 21:58:42 +03:00
Add authentik 2022-09-25 17:42:16 -07:00			`const logger = createLogger("credentialedProxyHandler");`

Allow map in credentialedproxy 2022-12-16 22:32:28 -08:00			`export default async function credentialedProxyHandler(req, res, map) {`
Enhancement: multiple widgets per service (#4338) 2024-11-27 02:33:40 -08:00			`const { group, service, endpoint, index } = req.query;`
refactor widget api design this passes all widget API calls through the backend, with a pluggable design and reusable API handlers 2022-09-04 21:58:42 +03:00
			`if (group && service) {`
Enhancement: multiple widgets per service (#4338) 2024-11-27 02:33:40 -08:00			`const widget = await getServiceWidget(group, service, index);`
refactor widget api design this passes all widget API calls through the backend, with a pluggable design and reusable API handlers 2022-09-04 21:58:42 +03:00
starting of widget refactoring 2022-09-25 19:43:47 +03:00			`if (!widgets?.[widget.type]?.api) {`
			`return res.status(403).json({ error: "Service does not support API calls" });`
			`}`

refactor widget api design this passes all widget API calls through the backend, with a pluggable design and reusable API handlers 2022-09-04 21:58:42 +03:00			`if (widget) {`
starting of widget refactoring 2022-09-25 19:43:47 +03:00			`const url = new URL(formatApiCall(widgets[widget.type].api, { endpoint, ...widget }));`
consolidate api handlers 2022-09-12 10:59:56 +03:00
			`const headers = {`
			`"Content-Type": "application/json",`
			`};`

Feature: stock market service and info widget (#3617) --------- Co-authored-by: shamoon <4887959+shamoon@users.noreply.github.com> 2024-07-01 17:16:10 -07:00			`if (widget.type === "stocks") {`
			`const { providers } = getSettings();`
			`if (widget.provider === "finnhub" && providers?.finnhub) {`
			headers["X-Finnhub-Token"] = `${providers?.finnhub}`;
			`}`
			`} else if (widget.type === "coinmarketcap") {`
consolidate api handlers 2022-09-12 10:59:56 +03:00			headers["X-CMC_PRO_API_KEY"] = `${widget.key}`;
js linting 2022-09-12 12:39:04 +03:00			`} else if (widget.type === "gotify") {`
Gotify 2022-09-12 10:06:47 +01:00			headers["X-gotify-Key"] = `${widget.key}`;
Run pre-commit hooks over existing codebase Co-Authored-By: Ben Phelps <ben@phelps.io> 2023-10-17 23:26:55 -07:00			`} else if (`
Feature: Linkwarden service widget (#3836) Co-authored-by: shamoon <4887959+shamoon@users.noreply.github.com> 2024-08-09 22:19:06 +01:00			`[`
Feature: Add ArgoCD widget (#4305) Co-authored-by: shamoon <4887959+shamoon@users.noreply.github.com> 2024-11-19 22:59:52 +01:00			`"argocd",`
Feature: Linkwarden service widget (#3836) Co-authored-by: shamoon <4887959+shamoon@users.noreply.github.com> 2024-08-09 22:19:06 +01:00			`"authentik",`
			`"cloudflared",`
			`"ghostfolio",`
Feature: Headscale Service Widget (#4247) 2024-11-05 20:02:33 +03:00			`"headscale",`
Feature: Hoarder service widget (#4913) 2025-03-12 09:46:01 -04:00			`"hoarder",`
Chore: change hoarder widget to karakeep (#5143) 2025-04-05 23:54:48 -07:00			`"karakeep",`
Feature: Linkwarden service widget (#3836) Co-authored-by: shamoon <4887959+shamoon@users.noreply.github.com> 2024-08-09 22:19:06 +01:00			`"linkwarden",`
			`"mealie",`
Enhancement: support netalertX token for password-protected instances (#4122) 2024-10-12 15:30:45 -07:00			`"netalertx",`
Feature: Linkwarden service widget (#3836) Co-authored-by: shamoon <4887959+shamoon@users.noreply.github.com> 2024-08-09 22:19:06 +01:00			`"tailscale",`
			`"tandoor",`
			`"pterodactyl",`
Feature: Vikunja service widget (#4118) Co-authored-by: shamoon <4887959+shamoon@users.noreply.github.com> 2024-10-12 10:53:02 -04:00			`"vikunja",`
Feature: Firefly widget (#4683) Signed-off-by: Amjad Alsharafi <26300843+Amjad50@users.noreply.github.com> Co-authored-by: shamoon <4887959+shamoon@users.noreply.github.com> 2025-02-02 11:40:21 +08:00			`"firefly",`
Feature: Linkwarden service widget (#3836) Co-authored-by: shamoon <4887959+shamoon@users.noreply.github.com> 2024-08-09 22:19:06 +01:00			`].includes(widget.type)`
Run pre-commit hooks over existing codebase Co-Authored-By: Ben Phelps <ben@phelps.io> 2023-10-17 23:26:55 -07:00			`) {`
			headers.Authorization = `Bearer ${widget.key}`;
Enhancement: Add enablePools option to TrueNAS service widget (#2908) --------- Co-authored-by: shamoon <4887959+shamoon@users.noreply.github.com> 2024-02-15 23:38:55 -06:00			`} else if (widget.type === "truenas") {`
			`if (widget.key) {`
			headers.Authorization = `Bearer ${widget.key}`;
			`} else {`
			headers.Authorization = `Basic ${Buffer.from(`${widget.username}:${widget.password}`).toString("base64")}`;
			`}`
Add Proxmox widget 2022-10-04 21:46:48 -07:00			`} else if (widget.type === "proxmox") {`
			headers.Authorization = `PVEAPIToken=${widget.username}=${widget.password}`;
Add Proxmox Backup Server Widget (#879) * Add Proxmox Backup Server Widget * Clarification added to Failed Tasks * Refactor pbs to proxmoxbackupserver * Removing property instead of recreating object * minor code styling of proxmoxbackupserver widget --------- Co-authored-by: Eizock <> Co-authored-by: Michael Shamoon <4887959+shamoon@users.noreply.github.com> 2023-01-29 00:32:47 +00:00			`} else if (widget.type === "proxmoxbackupserver") {`
			`delete headers["Content-Type"];`
			headers.Authorization = `PBSAPIToken=${widget.username}:${widget.password}`;
feat: add autobrr widget 2022-10-26 12:56:43 +02:00			`} else if (widget.type === "autobrr") {`
			headers["X-API-Token"] = `${widget.key}`;
feat: add tubearchivist widget 2022-10-31 15:23:34 +02:00			`} else if (widget.type === "tubearchivist") {`
			headers.Authorization = `Token ${widget.key}`;
Use credentialed proxy for miniflux 2022-12-16 22:33:15 -08:00			`} else if (widget.type === "miniflux") {`
			headers["X-Auth-Token"] = `${widget.key}`;
Add support of NC-Token to Nextcloud widget 2023-03-20 01:15:40 +01:00			`} else if (widget.type === "nextcloud") {`
Update credentialed.js 2023-03-19 23:03:12 -07:00			`if (widget.key) {`
Add support of NC-Token to Nextcloud widget 2023-03-20 01:15:40 +01:00			headers["NC-Token"] = `${widget.key}`;
			`} else {`
			headers.Authorization = `Basic ${Buffer.from(`${widget.username}:${widget.password}`).toString("base64")}`;
			`}`
Add support for auth token 2023-06-05 16:23:37 +02:00			`} else if (widget.type === "paperlessngx") {`
			`if (widget.key) {`
			headers.Authorization = `Token ${widget.key}`;
			`} else {`
			headers.Authorization = `Basic ${Buffer.from(`${widget.username}:${widget.password}`).toString("base64")}`;
			`}`
Run pre-commit hooks over existing codebase Co-Authored-By: Ben Phelps <ben@phelps.io> 2023-10-17 23:26:55 -07:00			`} else if (widget.type === "azuredevops") {`
Adds azure pipelines widget Add translation for result and status remove buildId value translation Fixes syntax in azure pipelines hide running status if finished 2023-07-19 22:59:27 +03:00			headers.Authorization = `Basic ${Buffer.from(`$:${widget.key}`).toString("base64")}`;
glances widget test 1 2023-08-01 03:54:19 +03:00			`} else if (widget.type === "glances") {`
			headers.Authorization = `Basic ${Buffer.from(`${widget.username}:${widget.password}`).toString("base64")}`;
Feature: Plant-it widget (#2941) 2024-02-20 02:54:28 +01:00			`} else if (widget.type === "plantit") {`
			headers.Key = `${widget.key}`;
Feature: MySpeed widget (#3662) --------- Co-authored-by: shamoon <4887959+shamoon@users.noreply.github.com> 2024-06-23 21:00:04 +02:00			`} else if (widget.type === "myspeed") {`
			headers.Password = `${widget.password}`;
Enhancement: support ESPHome widget authentication (#3846) * Added cookie support for auth on ESPHome widget * Lint * Use credentialedProxyHandler instead --------- Co-authored-by: shamoon <4887959+shamoon@users.noreply.github.com> 2024-08-13 16:40:42 +02:00			`} else if (widget.type === "esphome") {`
Enhancement: support basic auth to ESPHome widget (#4429) 2024-12-17 17:35:15 +13:00			`if (widget.username && widget.password) {`
			headers.Authorization = `Basic ${Buffer.from(`${widget.username}:${widget.password}`).toString("base64")}`;
			`} else if (widget.key) {`
Enhancement: support ESPHome widget authentication (#3846) * Added cookie support for auth on ESPHome widget * Lint * Use credentialedProxyHandler instead --------- Co-authored-by: shamoon <4887959+shamoon@users.noreply.github.com> 2024-08-13 16:40:42 +02:00			headers.Cookie = `authenticated=${widget.key}`;
			`}`
Enhancement: more reliable wg-easy widget by custom proxy, use password header (#3966) 2024-09-09 11:40:11 -07:00			`} else if (widget.type === "wgeasy") {`
			`headers.Authorization = widget.password;`
Feature: gitlab service widget (#4317) Co-authored-by: shamoon <4887959+shamoon@users.noreply.github.com> 2024-11-22 16:07:17 +01:00			`} else if (widget.type === "gitlab") {`
			`headers["PRIVATE-TOKEN"] = widget.key;`
Enhancement: support speedtest v1.2 API (#4695) 2025-02-02 19:11:08 -08:00			`} else if (widget.type === "speedtest") {`
			`if (widget.key) {`
			`// v1 does not require a key`
			headers.Authorization = `Bearer ${widget.key}`;
			`}`
consolidate api handlers 2022-09-12 10:59:56 +03:00			`} else {`
			headers["X-API-Key"] = `${widget.key}`;
			`}`

refactor widget api design this passes all widget API calls through the backend, with a pluggable design and reusable API handlers 2022-09-04 21:58:42 +03:00			`const [status, contentType, data] = await httpProxy(url, {`
handle proxy methods other than GET 2022-09-11 14:30:28 +03:00			`method: req.method,`
refactor widget api design this passes all widget API calls through the backend, with a pluggable design and reusable API handlers 2022-09-04 21:58:42 +03:00			`withCredentials: true,`
			`credentials: "include",`
consolidate api handlers 2022-09-12 10:59:56 +03:00			`headers,`
refactor widget api design this passes all widget API calls through the backend, with a pluggable design and reusable API handlers 2022-09-04 21:58:42 +03:00			`});`

Allow map in credentialedproxy 2022-12-16 22:32:28 -08:00			`let resultData = data;`

Cleanup data validation 2023-04-11 11:05:30 -07:00			`if (resultData.error?.url) {`
			`resultData.error.url = sanitizeErrorURL(url);`
			`}`

handle 204 and 304 proxy responses 2022-09-11 14:30:14 +03:00			`if (status === 204 \|\| status === 304) {`
			`return res.status(status).end();`
			`}`

Add authentik 2022-09-25 17:42:16 -07:00			`if (status >= 400) {`
hide webkit details marker, logger url output 2022-11-19 00:12:05 -08:00			`logger.error("HTTP Error %d calling %s", status, url.toString());`
Add authentik 2022-09-25 17:42:16 -07:00			`}`
Run pre-commit hooks over existing codebase Co-Authored-By: Ben Phelps <ben@phelps.io> 2023-10-17 23:26:55 -07:00
Cleanup data validation 2023-04-11 11:05:30 -07:00			`if (status === 200) {`
			`if (!validateWidgetData(widget, endpoint, resultData)) {`
Run pre-commit hooks over existing codebase Co-Authored-By: Ben Phelps <ben@phelps.io> 2023-10-17 23:26:55 -07:00			`return res`
			`.status(500)`
			`.json({ error: { message: "Invalid data", url: sanitizeErrorURL(url), data: resultData } });`
Strip sensitive information contained in URLs from frontend API calls 2023-02-15 14:46:31 -08:00			`}`
Cleanup data validation 2023-04-11 11:05:30 -07:00			`if (map) resultData = map(resultData);`
Allow map in credentialedproxy 2022-12-16 22:32:28 -08:00			`}`

check that content type exists before setting it 2022-09-05 10:08:02 +03:00			`if (contentType) res.setHeader("Content-Type", contentType);`
Allow map in credentialedproxy 2022-12-16 22:32:28 -08:00			`return res.status(status).send(resultData);`
refactor widget api design this passes all widget API calls through the backend, with a pluggable design and reusable API handlers 2022-09-04 21:58:42 +03:00			`}`
			`}`

Add authentik 2022-09-25 17:42:16 -07:00			`logger.debug("Invalid or missing proxy service type '%s' in group '%s'", service, group);`
refactor widget api design this passes all widget API calls through the backend, with a pluggable design and reusable API handlers 2022-09-04 21:58:42 +03:00			`return res.status(400).json({ error: "Invalid proxy service type" });`
			`}`