mirror of
https://github.com/NginxProxyManager/nginx-proxy-manager.git
synced 2025-06-18 10:06:26 +00:00
Add a field to specify a list of allowed emails when using OpenID Connect auth.
This commit is contained in:
Subv
Jamie Curnow
40
backend/migrations/20200522144240_openid_allowed_users.js
Normal file
40
backend/migrations/20200522144240_openid_allowed_users.js
Normal file
@ -0,0 +1,40 @@
|
||||
const migrate_name = 'openid_allowed_users';
|
||||
const logger = require('../logger').migrate;
|
||||
|
||||
/**
|
||||
* Migrate
|
||||
*
|
||||
* @see http://knexjs.org/#Schema
|
||||
*
|
||||
* @param {Object} knex
|
||||
* @param {Promise} Promise
|
||||
* @returns {Promise}
|
||||
*/
|
||||
exports.up = function (knex/*, Promise*/) {
|
||||
logger.info('[' + migrate_name + '] Migrating Up...');
|
||||
|
||||
return knex.schema.table('proxy_host', function (proxy_host) {
|
||||
proxy_host.integer('openidc_restrict_users_enabled').notNull().unsigned().defaultTo(0);
|
||||
proxy_host.json('openidc_allowed_users').notNull().defaultTo([]);
|
||||
})
|
||||
.then(() => {
|
||||
logger.info('[' + migrate_name + '] proxy_host Table altered');
|
||||
});
|
||||
};
|
||||
|
||||
/**
|
||||
* Undo Migrate
|
||||
*
|
||||
* @param {Object} knex
|
||||
* @param {Promise} Promise
|
||||
* @returns {Promise}
|
||||
*/
|
||||
exports.down = function (knex/*, Promise*/) {
|
||||
return knex.schema.table('proxy_host', function (proxy_host) {
|
||||
proxy_host.dropColumn('openidc_restrict_users_enabled');
|
||||
proxy_host.dropColumn('openidc_allowed_users');
|
||||
})
|
||||
.then(() => {
|
||||
logger.info('[' + migrate_name + '] proxy_host Table altered');
|
||||
});
|
||||
};
|
||||
@ -20,12 +20,18 @@ class ProxyHost extends Model {
|
||||
this.domain_names = [];
|
||||
}
|
||||
|
||||
// Default for openidc_allowed_users
|
||||
if (typeof this.openidc_allowed_users === 'undefined') {
|
||||
this.openidc_allowed_users = [];
|
||||
}
|
||||
|
||||
// Default for meta
|
||||
if (typeof this.meta === 'undefined') {
|
||||
this.meta = {};
|
||||
}
|
||||
|
||||
this.domain_names.sort();
|
||||
this.openidc_allowed_users.sort();
|
||||
}
|
||||
|
||||
$beforeUpdate () {
|
||||
@ -35,6 +41,11 @@ class ProxyHost extends Model {
|
||||
if (typeof this.domain_names !== 'undefined') {
|
||||
this.domain_names.sort();
|
||||
}
|
||||
|
||||
// Sort openidc_allowed_users
|
||||
if (typeof this.openidc_allowed_users !== 'undefined') {
|
||||
this.openidc_allowed_users.sort();
|
||||
}
|
||||
}
|
||||
|
||||
static get name () {
|
||||
@ -46,7 +57,7 @@ class ProxyHost extends Model {
|
||||
}
|
||||
|
||||
static get jsonAttributes () {
|
||||
return ['domain_names', 'meta', 'locations'];
|
||||
return ['domain_names', 'meta', 'locations', 'openidc_allowed_users'];
|
||||
}
|
||||
|
||||
static get relationMappings () {
|
||||
|
||||
@ -256,6 +256,22 @@
|
||||
},
|
||||
"openidc_client_secret": {
|
||||
"type": "string"
|
||||
},
|
||||
"openidc_restrict_users_enabled": {
|
||||
"description": "Only allow a specific set of OpenID Connect emails to access the resource",
|
||||
"example": true,
|
||||
"type": "boolean"
|
||||
},
|
||||
"openidc_allowed_users": {
|
||||
"type": "array",
|
||||
"minItems": 0,
|
||||
"items": {
|
||||
"type": "string",
|
||||
"description": "Email Address",
|
||||
"example": "john@example.com",
|
||||
"format": "email",
|
||||
"minLength": 1
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@ -82,6 +82,12 @@
|
||||
"openidc_client_secret": {
|
||||
"$ref": "../definitions.json#/definitions/openidc_client_secret"
|
||||
},
|
||||
"openidc_restrict_users_enabled": {
|
||||
"$ref": "../definitions.json#/definitions/openidc_restrict_users_enabled"
|
||||
},
|
||||
"openidc_allowed_users": {
|
||||
"$ref": "../definitions.json#/definitions/openidc_allowed_users"
|
||||
},
|
||||
"enabled": {
|
||||
"$ref": "../definitions.json#/definitions/enabled"
|
||||
},
|
||||
@ -197,6 +203,12 @@
|
||||
"openidc_client_secret": {
|
||||
"$ref": "#/definitions/openidc_client_secret"
|
||||
},
|
||||
"openidc_restrict_users_enabled": {
|
||||
"$ref": "#/definitions/openidc_restrict_users_enabled"
|
||||
},
|
||||
"openidc_allowed_users": {
|
||||
"$ref": "#/definitions/openidc_allowed_users"
|
||||
},
|
||||
"enabled": {
|
||||
"$ref": "#/definitions/enabled"
|
||||
},
|
||||
@ -305,6 +317,12 @@
|
||||
"openidc_client_secret": {
|
||||
"$ref": "#/definitions/openidc_client_secret"
|
||||
},
|
||||
"openidc_restrict_users_enabled": {
|
||||
"$ref": "#/definitions/openidc_restrict_users_enabled"
|
||||
},
|
||||
"openidc_allowed_users": {
|
||||
"$ref": "#/definitions/openidc_allowed_users"
|
||||
},
|
||||
"enabled": {
|
||||
"$ref": "#/definitions/enabled"
|
||||
},
|
||||
@ -396,6 +414,12 @@
|
||||
"openidc_client_secret": {
|
||||
"$ref": "#/definitions/openidc_client_secret"
|
||||
},
|
||||
"openidc_restrict_users_enabled": {
|
||||
"$ref": "#/definitions/openidc_restrict_users_enabled"
|
||||
},
|
||||
"openidc_allowed_users": {
|
||||
"$ref": "#/definitions/openidc_allowed_users"
|
||||
},
|
||||
"enabled": {
|
||||
"$ref": "#/definitions/enabled"
|
||||
},
|
||||
|
||||
Reference in New Issue
Block a user