From c098abf14fa577ba3864fcc397492da3937fb028 Mon Sep 17 00:00:00 2001
From: Maximilian Friedersdorff <max@gwairfelin.com>
Date: Tue, 30 Sep 2025 09:57:10 +0100
Subject: [PATCH] Auto login using X-Auth-Request-User header

---
 internal/middleware/session.go | 18 ++++++++++++++----
 1 file changed, 14 insertions(+), 4 deletions(-)

diff --git a/internal/middleware/session.go b/internal/middleware/session.go
index 6c02c02..c2854f3 100644
--- a/internal/middleware/session.go
+++ b/internal/middleware/session.go
@@ -58,16 +58,26 @@ func (s *SessionStore) AsMiddleware(next http.Handler) http.Handler {
 
 		// No session yet
 		if err != nil {
-			http.Redirect(w, r, "/login/", http.StatusFound)
-			return
+			user := r.Header.Get("X-Auth-Request-User")
+			if user != "" {
+				s.Login(user, w)
+			} else {
+				http.Redirect(w, r, "/login/", http.StatusFound)
+				return
+			}
 		}
 
 		session, ok := s.sessions[sessionCookie.Value]
 
 		// Session expired
 		if !ok {
-			http.Redirect(w, r, "/login/", http.StatusFound)
-			return
+			user := r.Header.Get("X-Auth-Request-User")
+			if user != "" {
+				s.Login(user, w)
+			} else {
+				http.Redirect(w, r, "/login/", http.StatusFound)
+				return
+			}
 		}
 
 		ctx := r.Context()