New connection!mode option https://github.com/alexbelgium/hassio-addons/security/advisories/GHSA-qv4x-8hwg-7cqj

sonarr/rootfs/etc/cont-init.d/32-nginx_ingress.sh

@@ -24,25 +24,42 @@ slug=sonarr
 CONFIG_LOCATION=/config/addons_config/"$slug"/config.xml
 
 if [ -f "$CONFIG_LOCATION" ]; then
-    # Set UrlBase
-    if ! bashio::config.true "ingress_disabled"; then
-        bashio::log.warning "---------------------------"
-        bashio::log.warning "Ingress is enabled, authentification will be disabled and should be managed through HA itself. If you need authentification, please disable ingress in addon options"
-        bashio::log.warning "---------------------------"
-        # Define UrlBase
-        sed -i "/UrlBase/d" "$CONFIG_LOCATION"
-        sed -i "2a <UrlBase>$slug<\/UrlBase>" "$CONFIG_LOCATION"
-        # Disable local auth
-        sed -i "/AuthenticationType/d" "$CONFIG_LOCATION"
-        sed -i "2a <AuthenticationType>DisabledForLocalAddresses</AuthenticationType>" "$CONFIG_LOCATION"
-        # Disable local auth
-        sed -i "/AuthenticationMethod/d" "$CONFIG_LOCATION"
-        sed -i "2a <AuthenticationMethod>external</AuthenticationMethod>" "$CONFIG_LOCATION"
-    else
-        bashio::log.warning "---------------------------"
-        bashio::log.info "Disabling ingress and enabling authentification"
-        bashio::log.warning "---------------------------"
-        sed -i "/UrlBase/d" "$CONFIG_LOCATION"
-        sed -i "/<AuthenticationMethod>external/d" "$CONFIG_LOCATION"
-    fi
+
+    # Define addon mode
+    connection_mode="$(bashio::config "connection_mode")"
+    bashio::log.green "---------------------------"
+    bashio::log.green "Connection_mode is $connection_mode"
+    bashio::log.green "---------------------------"
+    case connectionmode in
+        # Ingress mode, authentification is disabled
+        ingress_noauth)
+            bashio::log.green "Ingress is enabled, authentification is disabled"
+            bashio::log.yellow "WARNING : Make sure that the port is not exposed externally by your router to avoid a security risk !"
+            # Define UrlBase
+            sed -i "/UrlBase/d" "$CONFIG_LOCATION"
+            sed -i "2a <UrlBase>$slug<\/UrlBase>" "$CONFIG_LOCATION"
+            # Disable local auth
+            sed -i "/AuthenticationType/d" "$CONFIG_LOCATION"
+            sed -i "2a <AuthenticationType>DisabledForLocalAddresses</AuthenticationType>" "$CONFIG_LOCATION"
+            # Disable local auth
+            sed -i "/AuthenticationMethod/d" "$CONFIG_LOCATION"
+            sed -i "2a <AuthenticationMethod>external</AuthenticationMethod>" "$CONFIG_LOCATION"
+            ;;
+        # Ingress mode, with authentification
+        ingress_auth)
+            bashio::log.green "Ingress is enabled, and external authentification is enabled"
+            # Define UrlBase
+            sed -i "/UrlBase/d" "$CONFIG_LOCATION"
+            sed -i "2a <UrlBase>$slug<\/UrlBase>" "$CONFIG_LOCATION"
+            sed -i "/<AuthenticationMethod>external/d" "$CONFIG_LOCATION"
+            ;;
+        # No ingress mode, with authentification
+        noingress_auth)
+            bashio::log.green "Disabling ingress and enabling authentification"
+            bashio::log.yellow "WARNING : Ingress is disabled so the app won't be available from HA itself !"
+            sed -i "/UrlBase/d" "$CONFIG_LOCATION"
+            sed -i "/<AuthenticationMethod>external/d" "$CONFIG_LOCATION"
+            ;;
+    esac
+
 fi