mirror of
https://github.com/NginxProxyManager/nginx-proxy-manager.git
synced 2025-05-03 04:22:28 +00:00
caeb2934f0
* add `oidc-config` setting allowing an admin user to configure parameters * modify login page to show another button when oidc is configured * add dependency `openid-client` `v5.4.0` * add backend route to process "OAuth2 Authorization Code" flow initialisation * add backend route to process callback of above flow * sign in the authenticated user with internal jwt token if internal user with email matching the one retrieved from oauth claims exists Note: Only Open ID Connect Discovery is supported which most modern Identity Providers offer. Tested with Authentik 2023.2.2 and Keycloak 18.0.2
108 lines
2.2 KiB
JavaScript
108 lines
2.2 KiB
JavaScript
const express = require('express');
|
|
const validator = require('../../lib/validator');
|
|
const jwtdecode = require('../../lib/express/jwt-decode');
|
|
const internalSetting = require('../../internal/setting');
|
|
const apiValidator = require('../../lib/validator/api');
|
|
|
|
let router = express.Router({
|
|
caseSensitive: true,
|
|
strict: true,
|
|
mergeParams: true
|
|
});
|
|
|
|
/**
|
|
* /api/settings
|
|
*/
|
|
router
|
|
.route('/')
|
|
.options((req, res) => {
|
|
res.sendStatus(204);
|
|
})
|
|
.all(jwtdecode())
|
|
|
|
/**
|
|
* GET /api/settings
|
|
*
|
|
* Retrieve all settings
|
|
*/
|
|
.get((req, res, next) => {
|
|
internalSetting.getAll(res.locals.access)
|
|
.then((rows) => {
|
|
res.status(200)
|
|
.send(rows);
|
|
})
|
|
.catch(next);
|
|
});
|
|
|
|
/**
|
|
* Specific setting
|
|
*
|
|
* /api/settings/something
|
|
*/
|
|
router
|
|
.route('/:setting_id')
|
|
.options((req, res) => {
|
|
res.sendStatus(204);
|
|
})
|
|
.all(jwtdecode())
|
|
|
|
/**
|
|
* GET /settings/something
|
|
*
|
|
* Retrieve a specific setting
|
|
*/
|
|
.get((req, res, next) => {
|
|
validator({
|
|
required: ['setting_id'],
|
|
additionalProperties: false,
|
|
properties: {
|
|
setting_id: {
|
|
$ref: 'definitions#/definitions/setting_id'
|
|
}
|
|
}
|
|
}, {
|
|
setting_id: req.params.setting_id
|
|
})
|
|
.then((data) => {
|
|
return internalSetting.get(res.locals.access, {
|
|
id: data.setting_id
|
|
});
|
|
})
|
|
.then((row) => {
|
|
if (row.id === 'oidc-config') {
|
|
// redact oidc configuration via api
|
|
let m = row.meta
|
|
row.meta = {
|
|
name: m.name,
|
|
enabled: m.enabled === true && !!(m.clientID && m.clientSecret && m.issuerURL && m.redirectURL && m.name)
|
|
};
|
|
// remove these temporary cookies used during oidc authentication
|
|
res.clearCookie('npm_oidc')
|
|
res.clearCookie('npm_oidc_error')
|
|
}
|
|
res.status(200)
|
|
.send(row);
|
|
})
|
|
.catch(next);
|
|
})
|
|
|
|
/**
|
|
* PUT /api/settings/something
|
|
*
|
|
* Update and existing setting
|
|
*/
|
|
.put((req, res, next) => {
|
|
apiValidator({$ref: 'endpoints/settings#/links/1/schema'}, req.body)
|
|
.then((payload) => {
|
|
payload.id = req.params.setting_id;
|
|
return internalSetting.update(res.locals.access, payload);
|
|
})
|
|
.then((result) => {
|
|
res.status(200)
|
|
.send(result);
|
|
})
|
|
.catch(next);
|
|
});
|
|
|
|
module.exports = router;
|