Browse Source

improve oauth config logic

pull/2671/head
Bernd Storath 3 weeks ago
parent
commit
81fdc8fcb3
  1. 1
      src/server/database/repositories/client/types.ts
  2. 2
      src/server/utils/config.ts
  3. 34
      src/server/utils/oauth.ts

1
src/server/database/repositories/client/types.ts

@ -93,7 +93,6 @@ export const ClientUpdateSchema = schemaForType<UpdateClientType>()(
})
);
// TODO: investigate if coerce is bad
const clientId = z.coerce.number({ message: t('zod.client.id') });
export const ClientGetSchema = z.object({

2
src/server/utils/config.ts

@ -44,7 +44,7 @@ export const WG_ENV = {
DISABLE_IPV6: process.env.DISABLE_IPV6 === 'true',
WG_EXECUTABLE: await detectAwg(),
DISABLE_VERSION_CHECK: process.env.DISABLE_VERSION_CHECK === 'true',
/** List of enabled OAuth providers */
/** List of enabled and configured OAuth providers */
OAUTH_PROVIDERS: oauthProviders,
/** List of allowed OAuth domains */
OAUTH_ALLOWED_DOMAINS: process.env.OAUTH_ALLOWED_DOMAINS?.split(',').map(

34
src/server/utils/oauth.ts

@ -12,6 +12,11 @@ type OAuthConfig = {
userInfoFlow?: 'github';
};
type ConfiguredOAuthConfig = OAuthConfig & {
clientId: string;
clientSecret: string;
};
const GoogleConfig: OAuthConfig = {
friendlyName: 'Google',
server: 'https://accounts.google.com',
@ -63,22 +68,23 @@ export function isValidOauthProvider(
}
export function isConfiguredOauthProvider(
oauthProvider: (typeof OAUTH_PROVIDERS)[OAUTH_PROVIDER]
): oauthProvider is (typeof OAUTH_PROVIDERS)[OAUTH_PROVIDER] & {
clientId: string;
clientSecret: string;
} {
oauthProvider: OAuthConfig
): oauthProvider is ConfiguredOAuthConfig {
if (!oauthProvider.clientId || !oauthProvider.clientSecret) {
return false;
}
return true;
}
function isEnabledProvider(provider: OAUTH_PROVIDER) {
return WG_ENV.OAUTH_PROVIDERS?.includes(provider);
function getEnabledOauthProvider(provider: OAUTH_PROVIDER) {
if (!WG_ENV.OAUTH_PROVIDERS?.includes(provider)) {
return;
}
// WG_ENV.OAUTH_PROVIDERS is filtered to configured providers during startup.
return OAUTH_PROVIDERS[provider] as ConfiguredOAuthConfig;
}
// TODO: simplify logic between WG_ENV.OAUTH_PROVIDERS and buildOauthConfig
export async function buildOauthConfig(event: H3Event) {
const provider = getRouterParam(event, 'provider');
if (!provider || !isValidOauthProvider(provider)) {
@ -88,22 +94,14 @@ export async function buildOauthConfig(event: H3Event) {
});
}
if (!isEnabledProvider(provider)) {
const oauthProvider = getEnabledOauthProvider(provider);
if (!oauthProvider) {
throw createError({
statusCode: 403,
statusMessage: 'Provider is not enabled',
});
}
const oauthProvider = OAUTH_PROVIDERS[provider];
if (!isConfiguredOauthProvider(oauthProvider)) {
throw createError({
statusCode: 500,
statusMessage: 'Provider is not configured',
});
}
const config = await client.discovery(
new URL(oauthProvider.server),
oauthProvider.clientId,

Loading…
Cancel
Save