From 2318baaade2c66041f85e3fb1fd94ea530bf504b Mon Sep 17 00:00:00 2001
From: Rob Vermaas <rob.vermaas@gmail.com>
Date: Fri, 22 Sep 2017 11:36:49 +0000
Subject: [PATCH] Add 'readonly_ips' option, to allow readonly access for
 certain IPs when 'private' option is enabled.

---
 src/lib/Hydra/Controller/Root.pm | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/lib/Hydra/Controller/Root.pm b/src/lib/Hydra/Controller/Root.pm
index 234f73f4..8a0af07b 100644
--- a/src/lib/Hydra/Controller/Root.pm
+++ b/src/lib/Hydra/Controller/Root.pm
@@ -12,6 +12,7 @@ use Nix::Config;
 use Encode;
 use File::Basename;
 use JSON;
+use List::MoreUtils qw{any};
 
 # Put this controller at top-level.
 __PACKAGE__->config->{namespace} = '';
@@ -20,7 +21,12 @@ __PACKAGE__->config->{namespace} = '';
 sub noLoginNeeded {
   my ($c) = @_;
 
-  return $c->request->path eq "google-login" ||
+  my $hostname = $c->request->headers->header('X-Forwarded-For') || $c->request->hostname;
+  my $readonly_ips = $c->config->{readonly_ips} // "";
+  my $whitelisted = any { $_ == $hostname } split(/,/, $readonly_ips);
+
+  return $whitelisted ||
+         $c->request->path eq "google-login" ||
          $c->request->path eq "login" ||
          $c->request->path eq "logo" ||
          $c->request->path =~ /^static\//;