feat: add ldap and oidc sso (#500)

* wip: sso * feat: add ldap client and provider * feat: implement login form * feat: finish sso * fix: lint and format issue * chore: address pull request feedback * fix: build not working * fix: oidc is redirected to internal docker container hostname * fix: build not working * refactor: migrate to ldapts * fix: format and frozen lock file * fix: deepsource issues * fix: unit tests for ldap authorization not working * refactor: remove unnecessary args from dockerfile * chore: address pull request feedback * fix: use console instead of logger in auth env.mjs * fix: default value for auth provider of wrong type * fix: broken lock file * fix: format issue
2024-07-20 22:23:58 +02:00
parent 5da74ca7e0
commit dc75ffb9e6
27 changed files with 1112 additions and 189 deletions
--- a/packages/auth/providers/credentials/authorization/basic-authorization.ts
+++ b/packages/auth/providers/credentials/authorization/basic-authorization.ts
@@ -0,0 +1,36 @@
+import bcrypt from "bcrypt";
+
+import type { Database } from "@homarr/db";
+import { eq } from "@homarr/db";
+import { users } from "@homarr/db/schema/sqlite";
+import { logger } from "@homarr/log";
+import type { validation, z } from "@homarr/validation";
+
+export const authorizeWithBasicCredentialsAsync = async (
+  db: Database,
+  credentials: z.infer<typeof validation.user.signIn>,
+) => {
+  const user = await db.query.users.findFirst({
+    where: eq(users.name, credentials.name),
+  });
+
+  if (!user?.password) {
+    logger.info(`user ${credentials.name} was not found`);
+    return null;
+  }
+
+  logger.info(`user ${user.name} is trying to log in. checking password...`);
+  const isValidPassword = await bcrypt.compare(credentials.password, user.password);
+
+  if (!isValidPassword) {
+    logger.warn(`password for user ${user.name} was incorrect`);
+    return null;
+  }
+
+  logger.info(`user ${user.name} successfully authorized`);
+
+  return {
+    id: user.id,
+    name: user.name,
+  };
+};