feat: add ldap and oidc support (#1497)

Co-authored-by: Thomas Camlong <49837342+ajnart@users.noreply.github.com>
Co-authored-by: Tagaishi <Tagaishi@hotmail.ch>

src/env.js

@@ -1,6 +1,14 @@
 const { z } = require('zod');
 const { createEnv } = require('@t3-oss/env-nextjs');
 
+const trueStrings = ["1", "t", "T", "TRUE", "true", "True"];
+const falseStrings = ["0", "f", "F", "FALSE", "false", "False"];
+
+const zodParsedBoolean = () => z
+  .enum([...trueStrings, ...falseStrings])
+  .default("false")
+  .transform((value) => trueStrings.includes(value))
+
 const portSchema = z
   .string()
   .regex(/\d*/)
@@ -8,6 +16,8 @@ const portSchema = z
   .optional();
 const envSchema = z.enum(['development', 'test', 'production']);
 
+const authProviders = process.env.AUTH_PROVIDER?.replaceAll(' ', '').split(',') || ['credentials'];
+
 const env = createEnv({
   /**
    * Specify your server-side environment variables schema here. This way you can ensure the app
@@ -28,6 +38,37 @@ const env = createEnv({
     DOCKER_PORT: portSchema,
     DEMO_MODE: z.string().optional(),
     HOSTNAME: z.string().optional(),
+
+    // Authentication
+    AUTH_PROVIDER: z.string().default('credentials').transform(providers => providers.replaceAll(' ', '').split(',')),
+    // LDAP
+    ...(authProviders.includes('ldap')
+      ? {
+        AUTH_LDAP_URI: z.string().url(),
+        AUTH_LDAP_BIND_DN: z.string(),
+        AUTH_LDAP_BIND_PASSWORD: z.string(),
+        AUTH_LDAP_BASE: z.string(),
+        AUTH_LDAP_USERNAME_ATTRIBUTE: z.string().default('uid'),
+        AUTH_LDAP_GROUP_CLASS: z.string().default('groupOfUniqueNames'),
+        AUTH_LDAP_GROUP_MEMBER_ATTRIBUTE: z.string().default('member'),
+        AUTH_LDAP_GROUP_MEMBER_USER_ATTRIBUTE: z.string().default('dn'),
+        AUTH_LDAP_ADMIN_GROUP: z.string().default('admin'),
+        AUTH_LDAP_OWNER_GROUP: z.string().default('admin'),
+      }
+      : {}),
+    // OIDC
+    ...(authProviders.includes('oidc')
+      ? {
+        AUTH_OIDC_CLIENT_ID: z.string(),
+        AUTH_OIDC_CLIENT_SECRET: z.string(),
+        AUTH_OIDC_URI: z.string().url(),
+        // Custom Display name, defaults to OIDC
+        AUTH_OIDC_CLIENT_NAME: z.string().default('OIDC'),
+        AUTH_OIDC_ADMIN_GROUP: z.string().default('admin'),
+        AUTH_OIDC_OWNER_GROUP: z.string().default('admin'),
+        AUTH_OIDC_AUTO_LOGIN: zodParsedBoolean()
+      }
+      : {}),
   },
 
   /**
@@ -64,6 +105,25 @@ const env = createEnv({
     NEXT_PUBLIC_PORT: process.env.PORT,
     NEXT_PUBLIC_NODE_ENV: process.env.NODE_ENV,
     HOSTNAME: process.env.HOSTNAME,
+    AUTH_PROVIDER: process.env.AUTH_PROVIDER,
+    AUTH_LDAP_URI: process.env.AUTH_LDAP_URI,
+    AUTH_LDAP_BIND_DN: process.env.AUTH_LDAP_BIND_DN,
+    AUTH_LDAP_BIND_PASSWORD: process.env.AUTH_LDAP_BIND_PASSWORD,
+    AUTH_LDAP_BASE: process.env.AUTH_LDAP_BASE,
+    AUTH_LDAP_USERNAME_ATTRIBUTE: process.env.AUTH_LDAP_USERNAME_ATTRIBUTE,
+    AUTH_LDAP_GROUP_CLASS: process.env.AUTH_LDAP_GROUP_CLASS,
+    AUTH_LDAP_GROUP_MEMBER_ATTRIBUTE: process.env.AUTH_LDAP_GROUP_MEMBER_ATTRIBUTE,
+    AUTH_LDAP_GROUP_MEMBER_USER_ATTRIBUTE: process.env.AUTH_LDAP_GROUP_MEMBER_USER_ATTRIBUTE,
+    AUTH_LDAP_ADMIN_GROUP: process.env.AUTH_LDAP_ADMIN_GROUP,
+    AUTH_LDAP_OWNER_GROUP: process.env.AUTH_LDAP_OWNER_GROUP,
+    AUTH_OIDC_CLIENT_ID: process.env.AUTH_OIDC_CLIENT_ID,
+    AUTH_OIDC_CLIENT_SECRET: process.env.AUTH_OIDC_CLIENT_SECRET,
+    AUTH_OIDC_URI: process.env.AUTH_OIDC_URI,
+    AUTH_OIDC_CLIENT_NAME: process.env.AUTH_OIDC_CLIENT_NAME,
+    AUTH_OIDC_GROUP_CLAIM: process.env.AUTH_OIDC_GROUP_CLAIM,
+    AUTH_OIDC_ADMIN_GROUP: process.env.AUTH_OIDC_ADMIN_GROUP,
+    AUTH_OIDC_OWNER_GROUP: process.env.AUTH_OIDC_OWNER_GROUP,
+    AUTH_OIDC_AUTO_LOGIN: process.env.AUTH_OIDC_AUTO_LOGIN,
     DEMO_MODE: process.env.DEMO_MODE,
   },
   skipValidation: !!process.env.SKIP_ENV_VALIDATION,