Add default role config for proxy users

This allows users to specify a default role for users when using a proxy for auth. This can be useful for users who can't/don't want to define a header mapping for the remote-role header.
2026-03-04 06:33:45 +00:00 · 2025-05-05 19:13:07 -05:00 · 2025-05-05 19:13:07 -05:00 · 08af50e051
commit 08af50e051
parent bae309db09
2 changed files with 7 additions and 4 deletions
--- a/frigate/api/auth.py
+++ b/frigate/api/auth.py
@ -261,14 +261,14 @@ def auth(request: Request):

        role_header = proxy_config.header_map.role
        role = (
-            request.headers.get(role_header, default="viewer")
+            request.headers.get(role_header, default=proxy_config.default_role)
            if role_header
-            else "viewer"
+            else proxy_config.default_role
        )

-        # if comma-separated with "admin", use "admin", else "viewer"
+        # if comma-separated with "admin", use "admin", else use default role
        success_response.headers["remote-role"] = (
-            "admin" if role and "admin" in role else "viewer"
+            "admin" if role and "admin" in role else proxy_config.default_role
        )

        return success_response
--- a/frigate/config/proxy.py
+++ b/frigate/config/proxy.py
@ -30,3 +30,6 @@ class ProxyConfig(FrigateBaseModel):
        default=None,
        title="Secret value for proxy authentication.",
    )
+    default_role: Optional[str] = Field(
+        default="viewer", title="Default role for proxy users."
+    )