Support for Proxy Auth via. HTTP header

[eyJhb]

Use case

This would allow to put e.g. Authelia in front of Wger, and then use the header that Authelia passes to wger to create/signin the user.
This could function as a simple way, to support the uses cases such as #1797 (not 100%, but it is quite simple to make).

See miniflux/v2#534 and https://grafana.com/docs/grafana/latest/auth/auth-proxy/ .

Proposal

• Add config option PROXY_AUTH_HEADER=Remote-User
• Add config option PROXY_AUTH_CREATE_USER=True
• ALLOW_REGISTRATION=False should still allow creating users using PROXY_AUTH_
• Mobile app should allow using API key instead of username/password for signin
  • This means user would first authenticate themselves using the website (go through e.g. Authelia -> Wger), copy API key, and then use that from the app.

I might take a jab at this if I have the time.

[rolandgeider]

interesting, this would mean taking the auth header and just going along with it. My feeling is that this should be rather easy to do (or there is already some package for this)

[eyJhb]

I remember a issue with this. So it would require the app to be changed as well, to allow using API key for logging in, instead of using username/password, as that would no longer work (they have no password).

My current nginx setup allows anyone to access /static, /media and /api, and that should still work with such a setup as this.