versia-pub/server
2
0
Fork 0
mirror of https://github.com/versia-pub/server.git synced 2025-12-06 08:28:19 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

refactor(config): 🔥 Remove old oidc section in config

Browse source
This commit is contained in:
Jesse Wierzbinski 2024-10-11 17:03:33 +02:00
parent ce781f3336
commit 9f1e89b592
No known key found for this signature in database
9 changed files with 116 additions and 147 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

27
api/api/auth/login/index.ts
View file

@ -110,7 +110,30 @@ const returnError = (context: Context, error: string, description: string) => {
export default apiRoute((app) => export default apiRoute((app) =>
app.openapi(route, async (context) => { app.openapi(route, async (context) => {
if (config.oidc.forced) { const oidcConfig = config.plugins?.config?.["@versia/openid"] as
| {
forced: boolean;
providers: {
id: string;
name: string;
icon: string;
}[];
keys: {
private: string;
public: string;
};
}
| undefined;
if (!oidcConfig) {
return returnError(
context,
"invalid_request",
"The OpenID Connect plugin is not enabled on this instance. Cannot process login request.",
);
}
if (oidcConfig?.forced) {
return returnError( return returnError(
context, context,
"invalid_request", "invalid_request",
@ -156,7 +179,7 @@ export default apiRoute((app) =>
// Try and import the key // Try and import the key
const privateKey = await crypto.subtle.importKey( const privateKey = await crypto.subtle.importKey(
"pkcs8", "pkcs8",
Buffer.from(config.oidc.keys?.private ?? "", "base64"), Buffer.from(oidcConfig?.keys?.private ?? "", "base64"),
"Ed25519", "Ed25519",
false, false,
["sign"], ["sign"],

19
api/api/v1/instance/index.ts
View file

@ -53,6 +53,17 @@ export default apiRoute((app) =>
const knownDomainsCount = await Instance.getCount(); const knownDomainsCount = await Instance.getCount();
const oidcConfig = config.plugins?.config?.["@versia/openid"] as
| {
forced: boolean;
providers: {
id: string;
name: string;
icon: string;
}[];
}
| undefined;
// TODO: fill in more values // TODO: fill in more values
return context.json({ return context.json({
approval_required: false, approval_required: false,
@ -94,13 +105,15 @@ export default apiRoute((app) =>
}, },
version: "4.3.0-alpha.3+glitch", version: "4.3.0-alpha.3+glitch",
versia_version: version, versia_version: version,
// TODO: Put into plugin directly
sso: { sso: {
forced: false, forced: oidcConfig?.forced ?? false,
providers: config.oidc.providers.map((p) => ({ providers:
oidcConfig?.providers.map((p) => ({
name: p.name, name: p.name,
icon: proxyUrl(p.icon) || undefined, icon: proxyUrl(p.icon) || undefined,
id: p.id, id: p.id,
})), })) ?? [],
}, },
contact_account: contactAccount?.toApi() || undefined, contact_account: contactAccount?.toApi() || undefined,
} satisfies Record<string, unknown> & { } satisfies Record<string, unknown> & {

18
api/api/v2/instance/index.ts
View file

@ -133,6 +133,17 @@ export default apiRoute((app) =>
30 * 24 * 60 * 60 * 1000, 30 * 24 * 60 * 60 * 1000,
); );
const oidcConfig = config.plugins?.config?.["@versia/openid"] as
| {
forced: boolean;
providers: {
id: string;
name: string;
icon: string;
}[];
}
| undefined;
// TODO: fill in more values // TODO: fill in more values
return context.json({ return context.json({
domain: new URL(config.http.base_url).hostname, domain: new URL(config.http.base_url).hostname,
@ -216,12 +227,13 @@ export default apiRoute((app) =>
hint: "", hint: "",
})), })),
sso: { sso: {
forced: false, forced: oidcConfig?.forced ?? false,
providers: config.oidc.providers.map((p) => ({ providers:
oidcConfig?.providers.map((p) => ({
name: p.name, name: p.name,
icon: proxyUrl(p.icon) ?? "", icon: proxyUrl(p.icon) ?? "",
id: p.id, id: p.id,
})), })) ?? [],
}, },
}); });
}), }),

2
app.ts
View file

@ -121,7 +121,7 @@ export const appFactory = async () => {
const plugins = await loader.loadPlugins( const plugins = await loader.loadPlugins(
join(process.cwd(), "plugins"), join(process.cwd(), "plugins"),
config.plugins?.autoload, config.plugins?.autoload ?? true,
config.plugins?.overrides.enabled, config.plugins?.overrides.enabled,
config.plugins?.overrides.disabled, config.plugins?.overrides.disabled,
); );

67
config/config.example.toml
View file

@ -53,35 +53,6 @@ rules = [
"Don't post illegal content", "Don't post illegal content",
] ]
[oidc]
# Run Versia Server with this value missing to generate a new key
# [oidc.keys]
# public = "XXXX"
# private = "XXXX"
# If enabled, Versia Server will require users to log in with an OAuth provider
forced = false
# Allow registration with OAuth providers
# Overriden by the signups.registration setting
allow_registration = true
# The provider MUST support OpenID Connect with .well-known discovery
# Most notably, GitHub does not support this
# Redirect URLs in your OAuth provider can be set to this:
# <base_url>/oauth/sso/<provider_id>/callback*
# The asterisk is important, as it allows for any query parameters to be passed
# Authentik for example uses regex so it can be set to (regex):
# <base_url>/oauth/sso/<provider_id>/callback.*
# [[oidc.providers]]
# name = "CPlusPatch ID"
# id = "cpluspatch-id"
# This MUST match the provider's issuer URI, including the trailing slash (or lack thereof)
# url = "https://id.cpluspatch.com/application/o/versia-testing/"
# client_id = "XXXX"
# client_secret = "XXXXX"
# icon = "https://cpluspatch.com/images/icons/logo.svg"
[http] [http]
# The full URL Versia Server will be reachable by (paths are not supported) # The full URL Versia Server will be reachable by (paths are not supported)
base_url = "https://versia.localhost:9900" base_url = "https://versia.localhost:9900"
@ -424,3 +395,41 @@ max_coeff = 1.0
# Applies before the global ratelimit changes # Applies before the global ratelimit changes
# "/api/v1/accounts/:id/block" = { duration = 30, max = 60 } # "/api/v1/accounts/:id/block" = { duration = 30, max = 60 }
# "/api/v1/timelines/public" = { duration = 60, max = 200 } # "/api/v1/timelines/public" = { duration = 60, max = 200 }
[plugins]
# Whether to automatically load all plugins in the plugins directory
autoload = true
# Override for autoload
[plugins.overrides]
enabled = []
disabled = []
[plugins.config."@versia/openid"]
# If enabled, Versia will require users to log in with an OAuth provider
forced = false
# Allow registration with OAuth providers
# Overriden by the signups.registration setting
allow_registration = true
# [plugins.config."@versia/openid".keys]
# Run Versia Server with those values missing to generate a new key
# public = ""
# private = ""
# The provider MUST support OpenID Connect with .well-known discovery
# Most notably, GitHub does not support this
# Redirect URLs in your OAuth provider can be set to this:
# <base_url>/oauth/sso/<provider_id>/callback*
# The asterisk is important, as it allows for any query parameters to be passed
# Authentik for example uses regex so it can be set to (regex):
# <base_url>/oauth/sso/<provider_id>/callback.*
# [[oidc.providers]]
# name = "CPlusPatch ID"
# id = "cpluspatch-id"
# This MUST match the provider's issuer URI, including the trailing slash (or lack thereof)
# url = "https://id.cpluspatch.com/application/o/versia-testing/"
# client_id = "XXXX"
# client_secret = "XXXXX"
# icon = "https://cpluspatch.com/images/icons/logo.svg"

73
config/config.schema.json
View file

@ -185,75 +185,6 @@
}, },
"additionalProperties": false "additionalProperties": false
}, },
"oidc": {
"type": "object",
"properties": {
"forced": {
"type": "boolean",
"default": false
},
"allow_registration": {
"type": "boolean",
"default": true
},
"providers": {
"type": "array",
"items": {
"type": "object",
"properties": {
"name": {
"type": "string",
"minLength": 1
},
"id": {
"type": "string",
"minLength": 1
},
"url": {
"type": "string",
"minLength": 1
},
"client_id": {
"type": "string",
"minLength": 1
},
"client_secret": {
"type": "string",
"minLength": 1
},
"icon": {
"type": "string",
"minLength": 1
}
},
"required": [
"name",
"id",
"url",
"client_id",
"client_secret"
],
"additionalProperties": false
},
"default": []
},
"keys": {
"type": "object",
"properties": {
"public": {
"type": "string",
"minLength": 1
},
"private": {
"type": "string",
"minLength": 1
}
},
"additionalProperties": false
}
},
"additionalProperties": false
},
"http": { "http": {
"type": "object", "type": "object",
"properties": { "properties": {
@ -4049,12 +3980,10 @@
"redis", "redis",
"sonic", "sonic",
"signups", "signups",
"oidc",
"http", "http",
"smtp", "smtp",
"filters", "filters",
"ratelimits", "ratelimits"
"plugins"
], ],
"additionalProperties": false, "additionalProperties": false,
"$schema": "http://json-schema.org/draft-07/schema#" "$schema": "http://json-schema.org/draft-07/schema#"

30
packages/config-manager/config.type.ts
View file

@ -120,33 +120,6 @@ export const configValidator = z
rules: z.array(z.string()).default([]), rules: z.array(z.string()).default([]),
}) })
.strict(), .strict(),
oidc: z
.object({
forced: z.boolean().default(false),
allow_registration: z.boolean().default(true),
providers: z
.array(
z
.object({
name: z.string().min(1),
id: z.string().min(1),
url: z.string().min(1),
client_id: z.string().min(1),
client_secret: z.string().min(1),
icon: z.string().min(1).optional(),
})
.strict(),
)
.default([]),
keys: z
.object({
public: z.string().min(1).optional(),
private: z.string().min(1).optional(),
})
.strict()
.optional(),
})
.strict(),
http: z http: z
.object({ .object({
base_url: z.string().min(1).default("http://versia.social"), base_url: z.string().min(1).default("http://versia.social"),
@ -727,7 +700,8 @@ export const configValidator = z
), ),
config: z.record(z.string(), z.any()).optional(), config: z.record(z.string(), z.any()).optional(),
}) })
.strict(), .strict()
.optional(),
}) })
.strict(); .strict();

11
packages/database-interface/user.ts
View file

@ -398,7 +398,14 @@ export class User extends BaseInterface<typeof Users, UserWithRelations> {
return this.update(this.data); return this.update(this.data);
} }
public async getLinkedOidcAccounts(): Promise< public async getLinkedOidcAccounts(
providers: {
id: string;
name: string;
url: string;
icon?: string;
}[],
): Promise<
{ {
id: string; id: string;
name: string; name: string;
@ -414,7 +421,7 @@ export class User extends BaseInterface<typeof Users, UserWithRelations> {
return accounts return accounts
.map((account) => { .map((account) => {
const issuer = config.oidc.providers.find( const issuer = providers.find(
(provider) => provider.id === account.issuerId, (provider) => provider.id === account.issuerId,
); );

4
plugins/openid/routes/sso/index.ts
View file

@ -69,7 +69,9 @@ export default (plugin: PluginType) => {
); );
} }
const linkedAccounts = await user.getLinkedOidcAccounts(); const linkedAccounts = await user.getLinkedOidcAccounts(
context.get("pluginConfig").providers,
);
return context.json( return context.json(
linkedAccounts.map((account) => ({ linkedAccounts.map((account) => ({