Thelounge: Support Auth Proxy Authentication

Feature Description

Support reading a specific HTTP request header (ex. X-WEBAUTH-USER) to authenticate a logged in user.

Background

I have a reverse proxy sitting at my network edge that routes traffic to the proper frontends. In addition this proxy handles authentication and passes information about the logged-in user via headers to the frontend. This is nice since is absolves applications from need to do anything authentication work other than blindly trusting the header provided to them.

Prior Art

This FR is very similar to what Grafana supports, however, it can be simplified quite a bit since The Lounge really just needs the username of the logged-in user -- nothing else.

Initial Investigation

I poked around the code a little bit to see how feasible this. My notes are:

• HTTP headers from the initial WS upgrade request are persisted on the server side so we should be able to read the extra headers.
• Unfortunately the current authentication code assumes that user interaction will take place (i.e. filling out the login form). It doesn't currently have a mechanism for automatically logging someone in via an authentication plugin.

With the second point resolved this should be pretty trivial to implement since we basically just need configuration to tell us what header to read and then The Lounge should just read it and blindly trust it.

Should this be implemented we should document best practices here, in particular that this should only be use if your app is only accessible via a reverse proxy and that the proxy strips the header from user requests.