Firewall: Aliases - allow setting a custom auth http header

Author: nox-404

src/opnsense/mvc/app/models/OPNsense/Firewall/Alias.php

@@ -78,6 +78,19 @@ public function performValidation($validateFullModel = false)
                         $messages->appendMessage(new Message(gettext('Illegal characters in token'), $ref . '.authtype'));
                     }
                     break;
+                case 'Header':
+                    if (empty($username) || empty($password)) {
+                        $messages->appendMessage(new Message(gettext('Please provide a header key and value when Header auth is selected'), $ref . '.authtype'));
+                    } elseif (strlen($username) > 255) {
+                        $messages->appendMessage(new Message(gettext('Invalid key length'), $ref . '.authtype'));
+                    } elseif (strlen($password) > 512) {
+                        $messages->appendMessage(new Message(gettext('Invalid value length'), $ref . '.authtype'));
+                    } elseif (!preg_match('/^[A-Za-z0-9-_.]+$/', $username)) {
+                        $messages->appendMessage(new Message(gettext('Illegal characters in key'), $ref . '.authtype'));
+                    } elseif (!preg_match('/^[A-Za-z0-9-_.]+$/', $password)) {
+                        $messages->appendMessage(new Message(gettext('Illegal characters in value'), $ref . '.authtype'));
+                    }
+                    break;
             }
         }
 

src/opnsense/mvc/app/models/OPNsense/Firewall/Alias.xml

@@ -75,6 +75,7 @@
                     <OptionValues>
                         <Basic>Basic</Basic>
                         <Bearer>Bearer</Bearer>
+                        <Header>Header</Header>
                     </OptionValues>
                 </authtype>
                 <categories type="ModelRelationField">

src/opnsense/mvc/app/views/OPNsense/Firewall/alias.volt

@@ -378,6 +378,10 @@
                             case 'Bearer':
                                 $("#alias\\.password").show().attr('placeholder', '{{lang._('API token')}}');
                                 break;
+                            case 'Header':
+                                $("#alias\\.username").show().attr('placeholder', '{{lang._('HTTP Header')}}');
+                                $("#alias\\.password").show().attr('placeholder', '{{lang._('API token')}}');
+                                break;
                         }
                     });
                     $("#alias\\.authtype").change();

src/opnsense/scripts/filter/lib/alias/uri.py

@@ -71,6 +71,8 @@ def iter_addresses(self, url):
                 req_opts['auth'] = requests.auth.HTTPBasicAuth(self._username, self._password)
             elif self._authtype == 'Bearer':
                 req_opts['headers']['Authorization'] = f'Bearer {self._password}'
+            elif self._authtype == 'Header' and self._username is not None:
+                req_opts['headers'][self._username] = self._password
 
         # fetch data
         try: