PodFetch icon indicating copy to clipboard operation
PodFetch copied to clipboard
verified publisher icon SamTV12345

Clarification of GPodder support

Open gardiol opened this issue 2 years ago • 25 comments

Clear and concise description of the problem

I want to add gpodder support, according to docs i need to set either BASIC_AUTH or OIDC_AUTH, but i use reverse-proxy authentication and PodFetch will not start when i enable REVERSE_PROXY and none of the other two.

Is there a way to enable GPODDER_INTEGRATION_ENABLED with proxy auth?

Suggested solution

Allow GPodder with proxy auth

Alternative

No response

Additional context

No response

Validations

  • [X] Follow our Code of Conduct
  • [X] Read the Contributing Guide.
  • [X] Check that there isn't already an issue that request the same feature to avoid creating a duplicate.

gardiol avatar Jan 25 '24 14:01 gardiol

image You need these two env variables set to true and then it should start. Could you please share your docker-compose file?

SamTV12345 avatar Jan 26 '24 21:01 SamTV12345

I run it on bare-metal and this is my startup script:

#!/bin/bash

export SERVER_URL=https://xxxxxx/podfetch/

export DATABASE_URL=sqlite:///xxxxx/podfetch/db/podcast.db

export REVERSE_PROXY=true
export REVERSE_PROXY_HEADER=X-WEBAUTH-USER
export REVERSE_PROXY_AUTO_SIGN_UP=true

export TELEGRAM_BOT_TOKEN=xxxxxxx
export TELEGRAM_BOT_CHAT_ID=xxxxxxx
export TELEGRAM_API_ENABLED=true

#export GPODDER_INTEGRATION_ENABLED=true

cd /xxxxx/podfetch/
./podfetch_amd64 &> /data/daemons/podfetch/podfetch.log

When i uncomment the GPODDER_INTEGRATION_ENABLED i get the message:

Debug file located at /home/runner/work/PodFetch/PodFetch/target/release/build/podfetch-3afafe70fe582c1d/out/built.rs
GPODDER_INTEGRATION_ENABLED activated but no BASIC_AUTH or OIDC_AUTH set. Please set BASIC_AUTH or OIDC_AUTH in the .env file.

gardiol avatar Jan 30 '24 11:01 gardiol

Oh. I see. You downloaded the binary from the release tab. I just released a new version. This one also contains the reverse proxy auth support. With the new version it should work.

SamTV12345 avatar Jan 30 '24 21:01 SamTV12345

Ok, i see, i will upgrade as soon as i can. I do not like Docker, specially for something as simple as Podfetch to setup. Kudos to creating such a streamlined app! There are devs out there that for simpler tasks come up with such complex architectures that docker ends up being mandatory for no real reason.

Anyway, i have a question: my set-up is dual. When connecting from "outside" i get proxy auth, when connecting from "inside" (home) i do not have proxy auth. So opening podfetch from outside result in proxy login/user set, while when at home i need no login at all to enter. This works for me because all my services are setup not to require "personal" configuraitons (with few exceptions). So far podfetch just handles it perfectly, would this cause issues with gpodder integration?

(to be clear: i do not need multiple users, that's the point, but i don't want to authenticate twice when connectiong from outside, this is why i setup proxy auth in podfetch)

gardiol avatar Jan 31 '24 07:01 gardiol

Mmm something still not working, i downloaded and started latest binary release (4.6.0) from github and still get:

Debug file located at /home/runner/work/PodFetch/PodFetch/target/release/build/podfetch-3afafe70fe582c1d/out/built.rs
GPODDER_INTEGRATION_ENABLED activated but no BASIC_AUTH or OIDC_AUTH set. Please set BASIC_AUTH or OIDC_AUTH in the .env file.

when i uncomment that one line above. Env setup is identical as before.

EDIT: i guess the correct version would be 4.6.1, but binaries are still missing, so please ignore my comment and i will wait :)

gardiol avatar Jan 31 '24 07:01 gardiol

Sorry my bad. I put the wrong tag for the relase. Should work now.

SamTV12345 avatar Jan 31 '24 07:01 SamTV12345

Yes, i can confirm it works now! Will test and report more if needed.

gardiol avatar Jan 31 '24 10:01 gardiol

Mmm i get always a 404 Not Found when connecting from AntennaPod. In my setup i have podfetch exposed trough NGINX reverse proxy as "https://mydomain/podfetch", which works great for the web UI, maybe this is not working properly for the gpodder integration and it needs to be on root path? Or i am missing something?

To be clear: i used the same URL https://mydomain/podfetch in antennaPod, and correct username/password for the reverse proxy auth.

gardiol avatar Jan 31 '24 10:01 gardiol

Mmm i get always a 404 Not Found when connecting from AntennaPod. In my setup i have podfetch exposed trough NGINX reverse proxy as "https://mydomain/podfetch", which works great for the web UI, maybe this is not working properly for the gpodder integration and it needs to be on root path? Or i am missing something?

To be clear: i used the same URL https://mydomain/podfetch in antennaPod, and correct username/password for the reverse proxy auth.

Oh yeah. That is a problem. GPodder always expects PodFetch to be hosted at /. So /podfetch won't work for GPodder. Because the app wants to access / you get a 404.

SamTV12345 avatar Jan 31 '24 10:01 SamTV12345

That's what i thought. I will spin a subdomain for podfetch then, but is it a limitation that could be avoided in the future? Also, maybe it should be documented for future reference.

gardiol avatar Jan 31 '24 11:01 gardiol

Ok, i moved to https://podcast.mydomain.com but it's still not working. It doesn't give me any error but the login page stays on with "enter" and "cancel" buttons: doesnt move to the device creation page.

This is what i get in my nginx logs:

127.0.0.1 - willy [31/Jan/2024:14:03:05 +0100] "POST /api/2/auth/willy/login.json HTTP/1.1" 200 0 "-" "AntennaPod/3.2.0"
127.0.0.1 - - [31/Jan/2024:14:03:05 +0100] "GET /api/2/devices/willy.json HTTP/1.1" 401 179 "-" "AntennaPod/3.2.0"

willy user should exist, when i connect via web gui (same url) and i tap on the profile, i see username willy, of course i log in using reverse proxy auth in both cases.

(podfetch itself gives no output error message)

This is all podfetch output i have: Debug file located at /home/runner/work/PodFetch/PodFetch/target/release/build/podfetch-ce09e229467aae0a/out/built.rs 2024-01-31T13:59:44 ❌ - database is locked 2024-01-31T13:59:44 ❌ - database is locked

| _ \ ___ _| | || | | | | |) / _ \ / ` | | / _ \ / | '
| / () | (| | | / || (| | | | || _/ _,|_| _|___|| ||

2024-01-31T13:59:45 ℹ - Settings already present

2024-01-31T13:59:45 ℹ - starting 4 workers 2024-01-31T13:59:45 ℹ - Starting with the following environment variables: 2024-01-31T13:59:45 ℹ - Actix runtime found; starting in Actix runtime 2024-01-31T13:59:45 ℹ - Public server url: https://podcast.mydomain.com/ 2024-01-31T13:59:45 ℹ - Polling interval for new episodes: 300 minutes 2024-01-31T13:59:45 ℹ - Developer specifications available at https://podcast.mydomain.com/swagger-ui/index.html#/ 2024-01-31T13:59:45 ℹ - GPodder integration enabled: true 2024-01-31T13:59:45 ℹ - Podindex API key&secret configured: false

gardiol avatar Jan 31 '24 13:01 gardiol

Hi, any hints on how to solve the 401 on devices?

gardiol avatar Feb 05 '24 07:02 gardiol

I'll take a Look at it today. I'm currently preparing for my exams.

SamTV12345 avatar Feb 05 '24 07:02 SamTV12345

Do you have AntennaPod configured to point to your reverse proxy? If so is the username in the query and the currently logged in user the same? I faced a similar issue where I told Nginx that I want with username testuseradmin and I logged in as testadmin. This is the line in the code: https://github.com/SamTV12345/PodFetch/blob/cf56f686672c916c0f22f5ea9a784b5d7787570b/src/gpodder/device/device_controller.rs#L47

SamTV12345 avatar Feb 06 '24 20:02 SamTV12345

In antennapod i added my full URL (https://podcast.mydomain.com) which is the same URL i access via web. In both cases i use the same username and password (which get's passed via PROXY_AUTH to PodFetch). As it works on the web gui, sohuld it work also via gpodder using antenna pod? Is the URL different in this case?

gardiol avatar Feb 07 '24 09:02 gardiol

I did some testing: if i disable proxy authentication i can successfully create the device and add gpodder to antennapod. When i re-enable proxy auth. gpodder sync from antennapod fails.

The issue seems to be between podfetch and the proxy auth.

I have also, via CLI, made sure that podfetch has one user with the correct name and password (beside the proxy auth) but nothing changes.

gardiol avatar Feb 13 '24 12:02 gardiol

Just pinging, i understand if you're busy with exams

gardiol avatar Feb 20 '24 14:02 gardiol

Hi, i got the same error message as described above. I am hosting PodFetch on my NAS as Container from Docker-Hub. Would be very nice, if you con solve this. Thank you in advance.

Tommy-01 avatar Mar 03 '24 11:03 Tommy-01

Yes, using AntennaPod is not possible at this time. If you disable your proxy authentication it will work, but clearly that is not an option.

gardiol avatar Mar 05 '24 07:03 gardiol

Ah sorry, there was a "little" mistake on my side. I didn't use an proxy and nevertheless get this error. Should i open an new Ticket?

Tommy-01 avatar Mar 06 '24 16:03 Tommy-01

Ah sorry, there was a "little" mistake on my side. I didn't use an proxy and nevertheless get this error. Should i open an new Ticket?

Sure better create a new ticket so we don't clutter this issue.

SamTV12345 avatar Mar 06 '24 18:03 SamTV12345

What would i do to help investigate and fix this issue? It is indeed related to proxy auth...

gardiol avatar Mar 20 '24 21:03 gardiol

Sorry it's been a while. I finally have time tomorrow to work again on PodFetch. It's been a busy time. I'd need to replicate your nginx server with the user database and go from there. If I have the identical setup I should hopefully get the same errors 😃.

SamTV12345 avatar Mar 20 '24 21:03 SamTV12345

Just setup proxy auth, that is enough for me to make gpodder unusable from antennapod...

gardiol avatar Mar 20 '24 21:03 gardiol

Alright. I'll check tomorrow again. I think last time I tried it it worked without a problem.

SamTV12345 avatar Mar 20 '24 22:03 SamTV12345