xwx.moe/el.xwx.moe
xwx.moe/ el.xwx.moe
1
0
Disbranĉigi 0
Fontkodo Issues Tirpetoj Actions Packages Projects Eldonoj Wiki Activity

feat: basic support for Keycloak (OIDC)

This commit is contained in:
Tomáš Hruška 2023-11-09 11:41:08 +01:00
parent 518b94b1f4
commit 946eed3773
8 changed files with 122 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
.env.sample
View File

@ -23,3 +23,9 @@ EMAIL_SERVER=
# Docker postgres settings
POSTGRES_PASSWORD=
# Keycloak
NEXT_PUBLIC_KEYCLOAK_ENABLED=
KEYCLOAK_ISSUER=
KEYCLOAK_CLIENT=
KEYCLOAK_CLIENT_SECRET=

2
lib/api/controllers/users/userId/deleteUserById.ts
View File

@ -22,7 +22,7 @@ export default async function deleteUserById(
}
// Then, we check if the provided password matches the one stored in the database
const isPasswordValid = bcrypt.compareSync(body.password, user.password);
const isPasswordValid = bcrypt.compareSync(body.password, user.password || "");
if (!isPasswordValid) {
return {

39
pages/api/v1/auth/[...nextauth].ts
View File

@ -9,10 +9,16 @@ import { Adapter } from "next-auth/adapters";
import sendVerificationRequest from "@/lib/api/sendVerificationRequest";
import { Provider } from "next-auth/providers";
import verifySubscription from "@/lib/api/verifySubscription";
import KeycloakProvider from 'next-auth/providers/keycloak';
const emailEnabled =
process.env.EMAIL_FROM && process.env.EMAIL_SERVER ? true : false;
const keycloakEnabled =
!!process.env.NEXT_PUBLIC_KEYCLOAK_ENABLED;
const adapter = PrismaAdapter(prisma);
const STRIPE_SECRET_KEY = process.env.STRIPE_SECRET_KEY;
const providers: Provider[] = [
@ -59,7 +65,7 @@ const providers: Provider[] = [
}),
];
if (emailEnabled)
if (emailEnabled) {
providers.push(
EmailProvider({
server: process.env.EMAIL_SERVER,
@ -70,9 +76,36 @@ if (emailEnabled)
},
})
);
}
if (keycloakEnabled) {
providers.push(
KeycloakProvider({
id: 'keycloak',
name: 'Keycloak',
clientId: process.env.KEYCLOAK_CLIENT_ID!,
clientSecret: process.env.KEYCLOAK_CLIENT_SECRET!,
issuer: process.env.KEYCLOAK_ISSUER,
profile: (profile) => {
return {
id: profile.sub,
username: profile.preferred_username,
name: profile.name ?? profile.preferred_username,
email: profile.email,
image: profile.picture,
};
},
}),
);
const _linkAccount = adapter.linkAccount;
adapter.linkAccount = (account) => {
const { 'not-before-policy': _, refresh_expires_in, ...data } = account;
return _linkAccount ? _linkAccount(data) : undefined;
};
}
export const authOptions: AuthOptions = {
adapter: PrismaAdapter(prisma) as Adapter,
adapter: adapter as Adapter,
session: {
strategy: "jwt",
maxAge: 30 * 24 * 60 * 60, // 30 days
@ -85,7 +118,7 @@ export const authOptions: AuthOptions = {
callbacks: {
async jwt({ token, trigger, user }) {
token.sub = token.sub ? Number(token.sub) : undefined;
if (trigger === "signIn") token.id = user?.id as number;
if (trigger === "signIn" || trigger === "signUp") token.id = user?.id as number;
return token;
},

22
pages/login.tsx
View File

@ -12,6 +12,7 @@ interface FormData {
}
const emailEnabled = process.env.NEXT_PUBLIC_EMAIL_PROVIDER;
const keycloakEnabled = process.env.NEXT_PUBLIC_KEYCLOAK_ENABLED;
export default function Login() {
const [submitLoader, setSubmitLoader] = useState(false);
@ -47,6 +48,18 @@ export default function Login() {
}
}
async function loginUserKeycloak() {
setSubmitLoader(true);
const load = toast.loading("Authenticating...");
const res = await signIn("keycloak", {});
toast.dismiss(load);
setSubmitLoader(false);
}
return (
<CenteredForm text="Sign in to your account">
<form onSubmit={loginUser}>
@ -102,6 +115,15 @@ export default function Login() {
className=" w-full text-center"
loading={submitLoader}
/>
{process.env.NEXT_PUBLIC_KEYCLOAK_ENABLED === "true" ? (
<SubmitButton
type="button"
onClick={loginUserKeycloak}
label="Sign in with Keycloak"
className=" w-full text-center"
loading={submitLoader}
/>
) : undefined}
{process.env.NEXT_PUBLIC_DISABLE_REGISTRATION ===
"true" ? undefined : (
<div className="flex items-baseline gap-1 justify-center">

2
prisma/migrations/20231105202241_modify_user_password/migration.sql Normal file
View File

@ -0,0 +1,2 @@
-- AlterTable
ALTER TABLE "User" ALTER COLUMN "password" DROP NOT NULL;

23
prisma/migrations/20231108232127_recreate_table_account/migration.sql Normal file
View File

@ -0,0 +1,23 @@
-- CreateTable
CREATE TABLE "Account" (
"id" TEXT NOT NULL,
"userId" INTEGER NOT NULL,
"type" TEXT NOT NULL,
"provider" TEXT NOT NULL,
"providerAccountId" TEXT NOT NULL,
"refresh_token" TEXT,
"access_token" TEXT,
"expires_at" INTEGER,
"token_type" TEXT,
"scope" TEXT,
"id_token" TEXT,
"session_state" TEXT,
CONSTRAINT "Account_pkey" PRIMARY KEY ("id")
);
-- CreateIndex
CREATE UNIQUE INDEX "Account_provider_providerAccountId_key" ON "Account"("provider", "providerAccountId");
-- AddForeignKey
ALTER TABLE "Account" ADD CONSTRAINT "Account_userId_fkey" FOREIGN KEY ("userId") REFERENCES "User"("id") ON DELETE CASCADE ON UPDATE CASCADE;

23
prisma/schema.prisma
View File

@ -7,6 +7,25 @@ datasource db {
url = env("DATABASE_URL")
}
model Account {
id String @id @default(cuid())
userId Int
type String
provider String
providerAccountId String
refresh_token String?
access_token String?
expires_at Int?
token_type String?
scope String?
id_token String?
session_state String?
user User @relation(fields: [userId], references: [id], onDelete: Cascade)
@@unique([provider, providerAccountId])
}
model User {
id Int @id @default(autoincrement())
name String
@ -17,7 +36,9 @@ model User {
emailVerified DateTime?
image String?
password String
accounts Account[]
password String?
collections Collection[]
tags Tag[]

5
types/enviornment.d.ts vendored
View File

@ -16,6 +16,11 @@ declare global {
BUCKET_NAME?: string;
SPACES_REGION?: string;
NEXT_PUBLIC_KEYCLOAK_ENABLED?: string;
KEYCLOAK_ISSUER?: string;
KEYCLOAK_CLIENT_ID?: string;
KEYCLOAK_CLIENT_SECRET?: string;
NEXT_PUBLIC_EMAIL_PROVIDER?: string;
EMAIL_FROM?: string;
EMAIL_SERVER?: string;