From cc2d7c863d2828b26786d4cde0ff7ca8d0c058a3 Mon Sep 17 00:00:00 2001 From: Chris Smith Date: Sun, 14 Jan 2024 11:42:30 -0500 Subject: [PATCH] Add Authelia as a custom oidc source set a path to browsers outside of /root Grant root ownership over /data set umask + perms after yarn build revert local testing to upstream --- .env.sample | 7 ++++ Dockerfile | 2 +- pages/api/v1/auth/[...nextauth].ts | 55 +++++++++++++++++++++++------- pages/api/v1/logins/index.ts | 9 ++++- types/enviornment.d.ts | 9 ++++- 5 files changed, 67 insertions(+), 15 deletions(-) diff --git a/.env.sample b/.env.sample index d2a8d60..7939458 100644 --- a/.env.sample +++ b/.env.sample @@ -65,6 +65,13 @@ AUTH0_ISSUER= AUTH0_CLIENT_SECRET= AUTH0_CLIENT_ID= +# Authelia +NEXT_PUBLIC_AUTHELIA_ENABLED="" +AUTHELIA_CLIENT_ID="" +AUTHELIA_CLIENT_SECRET="" +AUTHELIA_WELLKNOWN_URL="" + + # Authentik NEXT_PUBLIC_AUTHENTIK_ENABLED= AUTHENTIK_CUSTOM_NAME= diff --git a/Dockerfile b/Dockerfile index a6d6129..9de1541 100644 --- a/Dockerfile +++ b/Dockerfile @@ -20,4 +20,4 @@ COPY . . RUN yarn prisma generate && \ yarn build -CMD yarn prisma migrate deploy && yarn start +CMD yarn prisma migrate deploy && yarn start \ No newline at end of file diff --git a/pages/api/v1/auth/[...nextauth].ts b/pages/api/v1/auth/[...nextauth].ts index d7549de..53c2588 100644 --- a/pages/api/v1/auth/[...nextauth].ts +++ b/pages/api/v1/auth/[...nextauth].ts @@ -97,19 +97,19 @@ if ( const user = await prisma.user.findFirst({ where: emailEnabled ? { - OR: [ - { - username: username.toLowerCase(), - }, - { - email: username?.toLowerCase(), - }, - ], - emailVerified: { not: null }, - } + OR: [ + { + username: username.toLowerCase(), + }, + { + email: username?.toLowerCase(), + }, + ], + emailVerified: { not: null }, + } : { - username: username.toLowerCase(), - }, + username: username.toLowerCase(), + }, }); let passwordMatches: boolean = false; @@ -239,6 +239,37 @@ if (process.env.NEXT_PUBLIC_AUTH0_ENABLED === "true") { }; } +// Authelia +if (process.env.NEXT_PUBLIC_AUTHELIA_ENABLED === "true") { + providers.push( + { + id: "authelia", + name: "Authelia", + type: "oauth", + clientId: process.env.AUTHELIA_CLIENT_ID!, + clientSecret: process.env.AUTHELIA_CLIENT_SECRET!, + wellKnown: process.env.AUTHELIA_WELLKNOWN_URL!, + authorization: { params: { scope: "openid email profile" } }, + idToken: true, + checks: ["pkce", "state"], + profile(profile) { + return { + id: profile.sub, + name: profile.name, + email: profile.email, + username: profile.preferred_username, + } + }, + } + ); + + const _linkAccount = adapter.linkAccount; + adapter.linkAccount = (account) => { + const { "not-before-policy": _, refresh_expires_in, ...data } = account; + return _linkAccount ? _linkAccount(data) : undefined; + }; +} + // Authentik if (process.env.NEXT_PUBLIC_AUTHENTIK_ENABLED === "true") { providers.push( diff --git a/pages/api/v1/logins/index.ts b/pages/api/v1/logins/index.ts index 34b3aaf..bdf6588 100644 --- a/pages/api/v1/logins/index.ts +++ b/pages/api/v1/logins/index.ts @@ -391,10 +391,17 @@ export function getLogins() { name: process.env.ZOOM_CUSTOM_NAME ?? "Zoom", }); } + // Authelia + if (process.env.NEXT_PUBLIC_AUTHELIA_ENABLED === "true") { + buttonAuths.push({ + method: "authelia", + name: process.env.AUTHELIA_CUSTOM_NAME ?? "Authelia", + }); + } return { credentialsEnabled: process.env.NEXT_PUBLIC_CREDENTIALS_ENABLED === "true" || - process.env.NEXT_PUBLIC_CREDENTIALS_ENABLED === undefined + process.env.NEXT_PUBLIC_CREDENTIALS_ENABLED === undefined ? "true" : "false", emailEnabled: diff --git a/types/enviornment.d.ts b/types/enviornment.d.ts index 58d74c5..ed73396 100644 --- a/types/enviornment.d.ts +++ b/types/enviornment.d.ts @@ -66,6 +66,13 @@ declare global { AUTH0_CLIENT_SECRET?: string; AUTH0_CLIENT_ID?: string; + // Authelia + NEXT_PUBLIC_AUTHELIA_ENABLED?: string; + AUTHELIA_CUSTOM_NAME?: string; + AUTHELIA_CLIENT_ID?: string; + AUTHELIA_CLIENT_SECRET?: string; + AUTHELIA_WELLKNOWN_URL?: string; + // Authentik NEXT_PUBLIC_AUTHENTIK_ENABLED?: string; AUTHENTIK_CUSTOM_NAME?: string; @@ -400,4 +407,4 @@ declare global { } } -export {}; +export { };