From 2921e9bc99f76e8c98ffe682ab05bb8b2a315715 Mon Sep 17 00:00:00 2001
From: Alexandre <alexandre.pary@gmail.com>
Date: Sun, 19 May 2024 21:00:48 +0200
Subject: [PATCH] Allow ingress access to restricted areas

---
 birdnet-pi/CHANGELOG.md                               | 2 ++
 birdnet-pi/rootfs/etc/cont-init.d/33-nginx_ingress.sh | 4 ++++
 2 files changed, 6 insertions(+)

diff --git a/birdnet-pi/CHANGELOG.md b/birdnet-pi/CHANGELOG.md
index fe3b47937..16e0dbd95 100644
--- a/birdnet-pi/CHANGELOG.md
+++ b/birdnet-pi/CHANGELOG.md
@@ -1,3 +1,5 @@
+- [INGRESS] Allow access to restricted area without password if authentificated from within the homeassistant app
+
 ## 0.13-31 (19-05-2024)
 - [SPECIES_CONVERTER] : Significantly improve, add a webui when the option is enabled
 - [SPECIES_CONVERTER] : Improve the SPECIES_CONVERTER webui with input text filtering in both browser and mobile
diff --git a/birdnet-pi/rootfs/etc/cont-init.d/33-nginx_ingress.sh b/birdnet-pi/rootfs/etc/cont-init.d/33-nginx_ingress.sh
index 18e50448f..69905f1e2 100755
--- a/birdnet-pi/rootfs/etc/cont-init.d/33-nginx_ingress.sh
+++ b/birdnet-pi/rootfs/etc/cont-init.d/33-nginx_ingress.sh
@@ -25,4 +25,8 @@ sed -i "s/%%port%%/${ingress_port}/g" /etc/nginx/servers/ingress.conf
 sed -i "s/%%interface%%/${ingress_interface}/g" /etc/nginx/servers/ingress.conf
 sed -i "s|%%ingress_entry%%|${ingress_entry}|g" /etc/nginx/servers/ingress.conf
 
+echo "... ensuring restricted area access"
+echo "${ingress_entry}" > /ingress_url
+sed -i "/function is_authenticated/a if (strpos(\$_SERVER['HTTP_REFERER'], '/api/hassio_ingress') !== false && strpos(\$_SERVER['HTTP_REFERER'], trim(file_get_contents('/ingress_url'))) !== false) { \$ret = true; return \$ret; }" "$HOME"/BirdNET-Pi/scripts/common.php
+
 echo " "