feat: add ldap and oidc sso (#500)

* wip: sso * feat: add ldap client and provider * feat: implement login form * feat: finish sso * fix: lint and format issue * chore: address pull request feedback * fix: build not working * fix: oidc is redirected to internal docker container hostname * fix: build not working * refactor: migrate to ldapts * fix: format and frozen lock file * fix: deepsource issues * fix: unit tests for ldap authorization not working * refactor: remove unnecessary args from dockerfile * chore: address pull request feedback * fix: use console instead of logger in auth env.mjs * fix: default value for auth provider of wrong type * fix: broken lock file * fix: format issue
2024-07-20 22:23:58 +02:00
parent 5da74ca7e0
commit dc75ffb9e6
27 changed files with 1112 additions and 189 deletions
--- a/packages/auth/configuration.ts
+++ b/packages/auth/configuration.ts
@@ -1,18 +1,20 @@
+import type { ReadonlyHeaders } from "next/dist/server/web/spec-extension/adapters/headers";
 import { cookies } from "next/headers";
-import { DrizzleAdapter } from "@auth/drizzle-adapter";
 import NextAuth from "next-auth";
 import Credentials from "next-auth/providers/credentials";

 import { db } from "@homarr/db";

+import { adapter } from "./adapter";
 import { createSessionCallback, createSignInCallback } from "./callbacks";
-import { createCredentialsConfiguration } from "./providers/credentials";
-import { EmptyNextAuthProvider } from "./providers/empty";
+import { createCredentialsConfiguration } from "./providers/credentials/credentials-provider";
+import { EmptyNextAuthProvider } from "./providers/empty/empty-provider";
+import { filterProviders } from "./providers/filter-providers";
+import { OidcProvider } from "./providers/oidc/oidc-provider";
+import { createRedirectUri } from "./redirect";
 import { sessionMaxAgeInSeconds, sessionTokenCookieName } from "./session";

-const adapter = DrizzleAdapter(db);
-
-export const createConfiguration = (isCredentialsRequest: boolean) =>
+export const createConfiguration = (isCredentialsRequest: boolean, headers: ReadonlyHeaders | null) =>
  NextAuth({
    logger: {
      error: (code, ...message) => {
@@ -28,11 +30,16 @@ export const createConfiguration = (isCredentialsRequest: boolean) =>
    },
    trustHost: true,
    adapter,
-    providers: [Credentials(createCredentialsConfiguration(db)), EmptyNextAuthProvider()],
+    providers: filterProviders([
+      Credentials(createCredentialsConfiguration(db)),
+      EmptyNextAuthProvider(),
+      OidcProvider(headers),
+    ]),
    callbacks: {
      session: createSessionCallback(db),
      signIn: createSignInCallback(adapter, isCredentialsRequest),
    },
+    redirectProxyUrl: createRedirectUri(headers, "/api/auth"),
    secret: "secret-is-not-defined-yet", // TODO: This should be added later
    session: {
      strategy: "database",