Merge pull request #321 from Jacq/main

Added Authentik provider and option to disable standard login
2023-12-07 09:15:41 +03:30 · 2023-12-07 09:15:41 +03:30 · 5b44bbcf59
parent 9cd165f2ce 8ba2cecf06
commit 5b44bbcf59
3 changed files with 63 additions and 0 deletions
--- a/.env.sample
+++ b/.env.sample
@ -12,6 +12,7 @@ PAGINATION_TAKE_COUNT=
 STORAGE_FOLDER=
 AUTOSCROLL_TIMEOUT=
 NEXT_PUBLIC_DISABLE_REGISTRATION=
+NEXT_PUBLIC_DISABLE_LOGIN=
 RE_ARCHIVE_LIMIT=
 NEXT_PUBLIC_MAX_UPLOAD_SIZE=

@ -33,3 +34,9 @@ NEXT_PUBLIC_KEYCLOAK_ENABLED=
 KEYCLOAK_ISSUER=
 KEYCLOAK_CLIENT_ID=
 KEYCLOAK_CLIENT_SECRET=
+
+# Authentik
+NEXT_PUBLIC_AUTHENTIK_ENABLED=
+AUTHENTIK_ISSUER=
+AUTHENTIK_CLIENT_ID=
+AUTHENTIK_CLIENT_SECRET=
--- a/pages/api/v1/auth/[...nextauth].ts
+++ b/pages/api/v1/auth/[...nextauth].ts
@ -10,11 +10,13 @@ import sendVerificationRequest from "@/lib/api/sendVerificationRequest";
 import { Provider } from "next-auth/providers";
 import verifySubscription from "@/lib/api/verifySubscription";
 import KeycloakProvider from "next-auth/providers/keycloak";
+import AuthentikProvider from "next-auth/providers/authentik";

 const emailEnabled =
  process.env.EMAIL_FROM && process.env.EMAIL_SERVER ? true : false;

 const keycloakEnabled = process.env.NEXT_PUBLIC_KEYCLOAK_ENABLED === "true";
+const authentikEnabled = process.env.NEXT_PUBLIC_AUTHENTIK_ENABLED === "true";

 const adapter = PrismaAdapter(prisma);

@ -103,6 +105,34 @@ if (keycloakEnabled) {
  };
 }

+if (authentikEnabled) {
+  console.log(authentikEnabled)
+  providers.push(
+    AuthentikProvider({
+      id: "authentik",
+      name: "Authentik",
+      clientId: process.env.AUTHENTIK_CLIENT_ID!,
+      clientSecret: process.env.AUTHENTIK_CLIENT_SECRET!,
+      issuer: process.env.AUTHENTIK_ISSUER,
+      profile: (profile) => {
+        console.log(profile)
+        return {
+          id: profile.sub,
+          username: profile.preferred_username,
+          name: profile.name ?? profile.preferred_username,
+          email: profile.email,
+          image: profile.picture,
+        };
+      },
+    })
+  );
+  const _linkAccount = adapter.linkAccount;
+  adapter.linkAccount = (account) => {
+    const { "not-before-policy": _, refresh_expires_in, ...data } = account;
+    return _linkAccount ? _linkAccount(data) : undefined;
+  };
+}
+
 export const authOptions: AuthOptions = {
  adapter: adapter as Adapter,
  session: {
--- a/pages/login.tsx
+++ b/pages/login.tsx
@ -13,6 +13,7 @@ interface FormData {

 const emailEnabled = process.env.NEXT_PUBLIC_EMAIL_PROVIDER;
 const keycloakEnabled = process.env.NEXT_PUBLIC_KEYCLOAK_ENABLED;
+const authentikEnabled = process.env.NEXT_PUBLIC_AUTHENTIK_ENABLED;

 export default function Login() {
  const [submitLoader, setSubmitLoader] = useState(false);
@ -60,10 +61,24 @@ export default function Login() {
    setSubmitLoader(false);
  }

+  async function loginUserAuthentik() {
+    setSubmitLoader(true);
+
+    const load = toast.loading("Authenticating...");
+
+    const res = await signIn("authentik", {});
+
+    toast.dismiss(load);
+
+    setSubmitLoader(false);
+  }
+
  return (
    <CenteredForm text="Sign in to your account">
      <form onSubmit={loginUser}>
        <div className="p-4 mx-auto flex flex-col gap-3 justify-between max-w-[30rem] min-w-80 w-full bg-base-200 rounded-2xl shadow-md border border-neutral-content">
+          {process.env.NEXT_PUBLIC_DISABLE_LOGIN !== "true" ? (
+          <div>
          <p className="text-3xl text-center font-extralight">
            Enter your credentials
          </p>
@ -110,6 +125,8 @@ export default function Login() {
            className=" w-full text-center"
            loading={submitLoader}
          />
+          </div>
+          ) : undefined}
          {process.env.NEXT_PUBLIC_KEYCLOAK_ENABLED === "true" ? (
            <SubmitButton
              type="button"
@ -119,6 +136,15 @@ export default function Login() {
              loading={submitLoader}
            />
          ) : undefined}
+          {process.env.NEXT_PUBLIC_AUTHENTIK_ENABLED === "true" ? (
+            <SubmitButton
+              type="button"
+              onClick={loginUserAuthentik}
+              label="Sign in with Authentiks"
+              className=" w-full text-center"
+              loading={submitLoader}
+            />
+          ) : undefined}
          {process.env.NEXT_PUBLIC_DISABLE_REGISTRATION ===
          "true" ? undefined : (
            <div className="flex items-baseline gap-1 justify-center">