Possibility to configure an OpenID Connect provider on the instance level WIP (#128).

This commit is contained in:
John Livingston
2024-04-16 17:18:14 +02:00
parent e646ebfd69
commit 669b260307
11 changed files with 158 additions and 24 deletions

View File

@ -5,11 +5,13 @@ import { RoomChannel } from './room-channel'
import { BotsCtl } from './bots/ctl'
import { ExternalAuthOIDC } from './external-auth/oidc'
import { loc } from './loc'
const escapeHTML = require('escape-html')
type AvatarSet = 'sepia' | 'cat' | 'bird' | 'fenec' | 'abstract' | 'legacy'
async function initSettings (options: RegisterServerOptions): Promise<void> {
const { peertubeHelpers, settingsManager } = options
const logger = peertubeHelpers.logger
initImportantNotesSettings(options)
initChatSettings(options)
@ -21,6 +23,30 @@ async function initSettings (options: RegisterServerOptions): Promise<void> {
initChatServerAdvancedSettings(options)
await ExternalAuthOIDC.initSingleton(options)
const loadOidc = (): void => {
try {
const oidc = ExternalAuthOIDC.singleton()
oidc.isOk().then(
() => {
logger.info('Loading External Auth OIDC...')
oidc.load().then(
() => {
logger.info('External Auth OIDC loaded')
},
() => {
logger.error('Loading the External Auth OIDC failed')
}
)
},
() => {
logger.info('No valid External Auth OIDC, nothing loaded')
}
)
} catch (err) {
logger.error(err as string)
}
}
loadOidc() // we don't have to wait (can take time, it will do external http requests)
let currentProsodyRoomtype = (await settingsManager.getSettings(['prosody-room-type']))['prosody-room-type']
@ -30,6 +56,7 @@ async function initSettings (options: RegisterServerOptions): Promise<void> {
// To avoid race condition, we will just stop and start the bots at every settings saving.
await BotsCtl.destroySingleton()
await BotsCtl.initSingleton(options)
loadOidc() // we don't have to wait (can take time, it will do external http requests)
await ExternalAuthOIDC.initSingleton(options)
@ -145,12 +172,21 @@ function initFederationSettings ({ registerSetting }: RegisterServerOptions): vo
* Registers settings related to the "External Authentication" section.
* @param param0 server options
*/
function initExternalAuth ({ registerSetting }: RegisterServerOptions): void {
function initExternalAuth (options: RegisterServerOptions): void {
const registerSetting = options.registerSetting
registerSetting({
type: 'html',
private: true,
descriptionHTML: loc('external_auth_description')
})
registerSetting({
type: 'html',
private: true,
descriptionHTML: loc('experimental_warning')
})
registerSetting({
name: 'external-auth-custom-oidc',
label: loc('external_auth_custom_oidc_label'),
@ -159,6 +195,20 @@ function initExternalAuth ({ registerSetting }: RegisterServerOptions): void {
default: false,
private: true
})
registerSetting({
type: 'html',
name: 'external-auth-custom-oidc-redirect-uris-info',
private: true,
descriptionHTML: loc('external_auth_custom_oidc_redirect_uris_info_description')
})
registerSetting({
type: 'html',
name: 'external-auth-custom-oidc-redirect-uris',
private: true,
descriptionHTML: `<ul><li>${escapeHTML(ExternalAuthOIDC.redirectUri(options)) as string}</li></ul>`
})
registerSetting({
name: 'external-auth-custom-oidc-button-label',
label: loc('external_auth_custom_oidc_button_label_label'),