Possibility to configure an OpenID Connect provider on the instance level WIP (#128).
This commit is contained in:
John Livingston
@ -3,6 +3,7 @@ import type { NextFunction, Request, Response } from 'express'
|
||||
import { initWebchatRouter } from './webchat'
|
||||
import { initSettingsRouter } from './settings'
|
||||
import { initApiRouter } from './api'
|
||||
import { initOIDCRouter } from './oidc'
|
||||
|
||||
async function initRouters (options: RegisterServerOptions): Promise<void> {
|
||||
const { getRouter } = options
|
||||
@ -13,6 +14,7 @@ async function initRouters (options: RegisterServerOptions): Promise<void> {
|
||||
router.use('/webchat', await initWebchatRouter(options))
|
||||
router.use('/settings', await initSettingsRouter(options))
|
||||
router.use('/api', await initApiRouter(options))
|
||||
router.use('/oidc', await initOIDCRouter(options))
|
||||
}
|
||||
|
||||
export {
|
||||
|
||||
66
server/lib/routers/oidc.ts
Normal file
66
server/lib/routers/oidc.ts
Normal file
@ -0,0 +1,66 @@
|
||||
import type { RegisterServerOptions } from '@peertube/peertube-types'
|
||||
import type { Router, Request, Response, NextFunction, CookieOptions } from 'express'
|
||||
import { asyncMiddleware } from '../middlewares/async'
|
||||
import { ExternalAuthOIDC } from '../external-auth/oidc'
|
||||
|
||||
const cookieNamePrefix = 'peertube-plugin-livechat-oidc-'
|
||||
const cookieOptions: CookieOptions = {
|
||||
secure: true,
|
||||
httpOnly: true,
|
||||
sameSite: 'none',
|
||||
maxAge: 1000 * 60 * 10 // 10 minutes
|
||||
}
|
||||
|
||||
async function initOIDCRouter (options: RegisterServerOptions): Promise<Router> {
|
||||
const { peertubeHelpers, getRouter } = options
|
||||
const router = getRouter()
|
||||
const logger = peertubeHelpers.logger
|
||||
|
||||
router.get('/connect', asyncMiddleware(
|
||||
async (req: Request, res: Response, next: NextFunction) => {
|
||||
logger.info('[oidc router] OIDC connect call')
|
||||
try {
|
||||
const oidc = ExternalAuthOIDC.singleton()
|
||||
const oidcClient = await oidc.load()
|
||||
if (!oidcClient) {
|
||||
throw new Error('[oidc router] External Auth OIDC not loaded yet')
|
||||
}
|
||||
|
||||
const authenticationProcess = await oidc.initAuthenticationProcess()
|
||||
res.cookie(cookieNamePrefix + 'code-verifier', authenticationProcess.encryptedCodeVerifier, cookieOptions)
|
||||
res.cookie(cookieNamePrefix + 'state', authenticationProcess.encryptedState, cookieOptions)
|
||||
return res.redirect(authenticationProcess.redirectUrl)
|
||||
} catch (err) {
|
||||
logger.error('[oidc router] Failed to process the OIDC callback: ' + (err as string))
|
||||
next()
|
||||
}
|
||||
}
|
||||
))
|
||||
|
||||
router.get('/cb', asyncMiddleware(
|
||||
async (req: Request, res: Response, next: NextFunction) => {
|
||||
logger.info('[oidc router] OIDC callback call')
|
||||
try {
|
||||
const oidc = ExternalAuthOIDC.singleton()
|
||||
const oidcClient = await oidc.load()
|
||||
if (!oidcClient) {
|
||||
throw new Error('[oidc router] External Auth OIDC not loaded yet')
|
||||
}
|
||||
|
||||
const userInfos = await oidc.validateAuthenticationProcess(req, cookieNamePrefix)
|
||||
logger.info(JSON.stringify(userInfos)) // FIXME
|
||||
|
||||
res.send('ok')
|
||||
} catch (err) {
|
||||
logger.error('[oidc router] Failed to process the OIDC callback: ' + (err as string))
|
||||
next()
|
||||
}
|
||||
}
|
||||
))
|
||||
|
||||
return router
|
||||
}
|
||||
|
||||
export {
|
||||
initOIDCRouter
|
||||
}
|
||||
Reference in New Issue
Block a user