From b2a1bc18809247b292286896a0a03e94c157e3a7 Mon Sep 17 00:00:00 2001
From: Arran Hobson Sayers <ahobsonsayers@gmail.com>
Date: Sat, 2 Nov 2024 19:01:56 +0000
Subject: [PATCH] Create user on proxy auth

---
 auth/proxy.go | 36 +++++++++++++++++++++++++++++++++---
 1 file changed, 33 insertions(+), 3 deletions(-)

diff --git a/auth/proxy.go b/auth/proxy.go
index 11a7f9a0..c6d4fad1 100644
--- a/auth/proxy.go
+++ b/auth/proxy.go
@@ -1,9 +1,9 @@
 package auth
 
 import (
+	"crypto/rand"
 	"errors"
 	"net/http"
-	"os"
 
 	fbErrors "github.com/filebrowser/filebrowser/v2/errors"
 	"github.com/filebrowser/filebrowser/v2/settings"
@@ -19,11 +19,41 @@ type ProxyAuth struct {
 }
 
 // Auth authenticates the user via an HTTP header.
-func (a ProxyAuth) Auth(r *http.Request, usr users.Store, _ *settings.Settings, srv *settings.Server) (*users.User, error) {
+func (a ProxyAuth) Auth(r *http.Request, usr users.Store, setting *settings.Settings, srv *settings.Server) (*users.User, error) {
 	username := r.Header.Get(a.Header)
 	user, err := usr.Get(srv.Root, username)
 	if errors.Is(err, fbErrors.ErrNotExist) {
-		return nil, os.ErrPermission
+
+		randomPasswordBytes := make([]byte, 32) //nolint:gomnd
+		_, err = rand.Read(randomPasswordBytes)
+		if err != nil {
+			return nil, err
+		}
+
+		var hashedRandomPassword string
+		hashedRandomPassword, err = users.HashPwd(string(randomPasswordBytes))
+		if err != nil {
+			return nil, err
+		}
+
+		user = &users.User{
+			Username:     username,
+			Password:     hashedRandomPassword,
+			LockPassword: true,
+		}
+		setting.Defaults.Apply(user)
+
+		var userHome string
+		userHome, err = setting.MakeUserDir(user.Username, user.Scope, srv.Root)
+		if err != nil {
+			return nil, err
+		}
+		user.Scope = userHome
+
+		err = usr.Save(user)
+		if err != nil {
+			return nil, err
+		}
 	}
 
 	return user, err