feat: add ldap and oidc sso (#500)

* wip: sso * feat: add ldap client and provider * feat: implement login form * feat: finish sso * fix: lint and format issue * chore: address pull request feedback * fix: build not working * fix: oidc is redirected to internal docker container hostname * fix: build not working * refactor: migrate to ldapts * fix: format and frozen lock file * fix: deepsource issues * fix: unit tests for ldap authorization not working * refactor: remove unnecessary args from dockerfile * chore: address pull request feedback * fix: use console instead of logger in auth env.mjs * fix: default value for auth provider of wrong type * fix: broken lock file * fix: format issue
2024-07-20 22:23:58 +02:00
parent 5da74ca7e0
commit dc75ffb9e6
27 changed files with 1112 additions and 189 deletions
--- a/packages/auth/redirect.ts
+++ b/packages/auth/redirect.ts
@@ -0,0 +1,26 @@
+import type { ReadonlyHeaders } from "next/dist/server/web/spec-extension/adapters/headers";
+
+/**
+ * The redirect_uri is constructed to work behind a reverse proxy. It is constructed from the headers x-forwarded-proto and x-forwarded-host.
+ * @param headers
+ * @param pathname
+ * @returns
+ */
+export const createRedirectUri = (headers: ReadonlyHeaders | null, pathname: string) => {
+  if (!headers) {
+    return pathname;
+  }
+
+  let protocol = headers.get("x-forwarded-proto") ?? "http";
+
+  // @see https://support.glitch.com/t/x-forwarded-proto-contains-multiple-protocols/17219
+  if (protocol.includes(",")) {
+    protocol = protocol.includes("https") ? "https" : "http";
+  }
+
+  const path = pathname.startsWith("/") ? pathname : `/${pathname}`;
+
+  const host = headers.get("x-forwarded-host") ?? headers.get("host");
+
+  return `${protocol}://${host}${path}`;
+};