Browse Source

add auto launch

pull/2659/head
Bernd Storath 1 month ago
parent
commit
10c068ba12
  1. 34
      docs/content/advanced/config/external-authentication.md
  2. 24
      src/app/pages/login/index.vue
  3. 1
      src/server/api/auth/methods.get.ts
  4. 14
      src/server/utils/config.ts

34
docs/content/advanced/config/external-authentication.md

@ -4,7 +4,7 @@ title: External Authentication
## OAuth
### Providers
### Setup
To enable OAuth set the env var `OAUTH_PROVIDERS` to any of the following providers:
@ -65,28 +65,44 @@ You can allow multiple domains by separating them with a comma:
e.g. `example.com,example.org`
### Google
### Auto Launch
To automatically launch the OAuth login flow when visiting the login page, set the following environment variable to the provider you want to launch:
| Env | Required | Default | Description |
| ------------------- | -------- | ------- | ----------------------------- |
| `OAUTH_AUTO_LAUNCH` | ✖️ | - | Auto launch an OAuth provider |
When enabled:
- Visiting the login page will automatically redirect to the selected provider's login page
- The user can still access the normal login page by visiting `/login?auto_launch=false`
- You can auto launch any provider by visiting `/login?auto_launch=<provider>`
#### Provider Configuration
#### Google
| Env | Required | Description |
| ---------------------------- | -------- | -------------------- |
| `OAUTH_GOOGLE_CLIENT_ID` | ✔️ | Google Client ID |
| `OAUTH_GOOGLE_CLIENT_SECRET` | ✔️ | Google Client Secret |
#### Setup
##### Setup
1. Go to [Google Cloud Console](https://console.cloud.google.com/apis/credentials)
2. Create an OAuth 2.0 Client ID (Web application)
3. Add Authorized redirect URI: See [Redirect URIs](#redirect-uris)
4. Copy the Client ID and Client Secret to the environment variables
### GitHub
#### GitHub
| Env | Required | Description |
| ---------------------------- | -------- | -------------------- |
| `OAUTH_GITHUB_CLIENT_ID` | ✔️ | GitHub Client ID |
| `OAUTH_GITHUB_CLIENT_SECRET` | ✔️ | GitHub Client Secret |
#### Setup
##### Setup
1. Go to [GitHub Developer Settings](https://github.com/settings/developers)
2. Create a new OAuth App
@ -94,7 +110,7 @@ e.g. `example.com,example.org`
4. Create a new client secret
5. Copy the Client ID and Client Secret to the environment variables
### Generic OIDC
#### Generic OIDC
This supports generic OIDC providers like Authelia, Authentik, etc.
@ -113,7 +129,7 @@ The provider needs to be available with HTTPS and have a valid certificate.
| `OAUTH_OIDC_CLIENT_SECRET` | ✔️ | - | - | OIDC Client Secret |
| `OAUTH_OIDC_NAME` | ✖️ | OIDC | `Authelia` | Provider Name |
#### Authelia Setup
##### Authelia Setup
Generate Client ID and Secret:
@ -141,11 +157,11 @@ docker run --rm authelia/authelia:latest authelia crypto hash generate pbkdf2 --
token_endpoint_auth_method: client_secret_post
```
### Generic OAuth
#### Generic OAuth
Not currently supported
### Disable Password Authentication
#### Disable Password Authentication
To disable password-based authentication and only allow login via OAuth providers, set the following environment variable to `true`:

24
src/app/pages/login/index.vue

@ -69,6 +69,7 @@
<script setup lang="ts">
const toast = useToast();
const { t } = useI18n();
const route = useRoute();
const authenticating = ref(false);
const remember = ref(false);
@ -77,6 +78,29 @@ const password = ref<string>('');
const { data: authMethods } = await useFetch('/api/auth/methods');
watchEffect(() => {
const autoLauchQuery =
typeof route.query.auto_launch === 'string' && !!route.query.auto_launch
? route.query.auto_launch
: undefined;
if (authMethods.value?.autoLaunchProvider && !autoLauchQuery) {
navigateTo(`/api/auth/${authMethods.value.autoLaunchProvider}`, {
external: true,
});
}
if (
autoLauchQuery &&
autoLauchQuery !== 'false' &&
authMethods.value?.providers?.[autoLauchQuery as OAUTH_PROVIDER]
) {
navigateTo(`/api/auth/${autoLauchQuery}`, {
external: true,
});
}
});
const _submit = useSubmit(
(data) =>
$fetch('/api/auth/password', {

1
src/server/api/auth/methods.get.ts

@ -13,5 +13,6 @@ export default defineEventHandler(() => {
oauthEnabled:
WG_ENV.OAUTH_PROVIDERS !== undefined && WG_ENV.OAUTH_PROVIDERS.length > 0,
passwordDisabled: WG_ENV.DISABLE_PASSWORD_AUTH,
autoLaunchProvider: WG_ENV.OAUTH_AUTO_LAUNCH,
};
});

14
src/server/utils/config.ts

@ -30,6 +30,11 @@ const detectAwg = async (): Promise<'awg' | 'wg'> => {
} else return 'wg';
};
const oauthProviders = process.env.OAUTH_PROVIDERS?.split(',')
.map((v) => v.trim())
.filter((v) => isValidOauthProvider(v))
.filter((v) => isConfiguredOauthProvider(OAUTH_PROVIDERS[v]));
export const WG_ENV = {
/** UI is hosted on HTTP instead of HTTPS */
INSECURE: process.env.INSECURE === 'true',
@ -40,16 +45,16 @@ export const WG_ENV = {
WG_EXECUTABLE: await detectAwg(),
DISABLE_VERSION_CHECK: process.env.DISABLE_VERSION_CHECK === 'true',
/** List of enabled OAuth providers */
OAUTH_PROVIDERS: process.env.OAUTH_PROVIDERS?.split(',')
.map((v) => v.trim())
.filter((v) => isValidOauthProvider(v))
.filter((v) => isConfiguredOauthProvider(OAUTH_PROVIDERS[v])),
OAUTH_PROVIDERS: oauthProviders,
/** List of allowed OAuth domains */
OAUTH_ALLOWED_DOMAINS: process.env.OAUTH_ALLOWED_DOMAINS?.split(',').map(
(v) => v.trim()
),
/** Automatically register users that log in with an OAuth provider */
OAUTH_AUTO_REGISTER: process.env.OAUTH_AUTO_REGISTER === 'true',
/** Which OAuth provider to automatically launch */
OAUTH_AUTO_LAUNCH:
oauthProviders?.find((p) => p === process.env.OAUTH_AUTO_LAUNCH) ?? null,
/** Disable password authentication */
DISABLE_PASSWORD_AUTH: process.env.DISABLE_PASSWORD_AUTH === 'true',
};
@ -60,6 +65,7 @@ Enabled OAuth providers: ${WG_ENV.OAUTH_PROVIDERS.join(', ')}
Allowed OAuth domains: ${WG_ENV.OAUTH_ALLOWED_DOMAINS?.join(', ') ?? 'All'}
OAuth auto register: ${WG_ENV.OAUTH_AUTO_REGISTER ? 'Enabled' : 'Disabled'}
Password authentication: ${WG_ENV.DISABLE_PASSWORD_AUTH ? 'Disabled' : 'Enabled'}
Auto launch OAuth provider: ${WG_ENV.OAUTH_AUTO_LAUNCH ?? 'None'}
`);
}

Loading…
Cancel
Save