From b1dd9d66b67bd6ca3052a50820b79dfcdb9e946d Mon Sep 17 00:00:00 2001
From: Jacq <494120+Jacq@users.noreply.github.com>
Date: Sun, 26 Nov 2023 12:44:44 +0100
Subject: [PATCH] Update [...nextauth].ts

Added Authentik provider
Added option to disable standard login with NEXT_PUBLIC_DISABLE_LOGIN=true
---
 .env.sample                        |  7 +++++++
 pages/api/v1/auth/[...nextauth].ts | 30 ++++++++++++++++++++++++++++++
 pages/login.tsx                    | 27 +++++++++++++++++++++++++++
 3 files changed, 64 insertions(+)

diff --git a/.env.sample b/.env.sample
index 74e9192..975e871 100644
--- a/.env.sample
+++ b/.env.sample
@@ -12,6 +12,7 @@ PAGINATION_TAKE_COUNT=
 STORAGE_FOLDER=
 AUTOSCROLL_TIMEOUT=
 NEXT_PUBLIC_DISABLE_REGISTRATION=
+NEXT_PUBLIC_DISABLE_LOGIN=
 RE_ARCHIVE_LIMIT=
 
 # AWS S3 Settings
@@ -32,3 +33,9 @@ NEXT_PUBLIC_KEYCLOAK_ENABLED=
 KEYCLOAK_ISSUER=
 KEYCLOAK_CLIENT_ID=
 KEYCLOAK_CLIENT_SECRET=
+
+# Authentik
+NEXT_PUBLIC_AUTHENTIK_ENABLED=
+AUTHENTIK_ISSUER=
+AUTHENTIK_CLIENT_ID=
+AUTHENTIK_CLIENT_SECRET=
diff --git a/pages/api/v1/auth/[...nextauth].ts b/pages/api/v1/auth/[...nextauth].ts
index 4b5dd59..bb4f3ae 100644
--- a/pages/api/v1/auth/[...nextauth].ts
+++ b/pages/api/v1/auth/[...nextauth].ts
@@ -10,11 +10,13 @@ import sendVerificationRequest from "@/lib/api/sendVerificationRequest";
 import { Provider } from "next-auth/providers";
 import verifySubscription from "@/lib/api/verifySubscription";
 import KeycloakProvider from "next-auth/providers/keycloak";
+import AuthentikProvider from "next-auth/providers/authentik";
 
 const emailEnabled =
   process.env.EMAIL_FROM && process.env.EMAIL_SERVER ? true : false;
 
 const keycloakEnabled = process.env.NEXT_PUBLIC_KEYCLOAK_ENABLED === "true";
+const authentikEnabled = process.env.NEXT_PUBLIC_AUTHENTIK_ENABLED === "true";
 
 const adapter = PrismaAdapter(prisma);
 
@@ -103,6 +105,34 @@ if (keycloakEnabled) {
   };
 }
 
+if (authentikEnabled) {
+  console.log(authentikEnabled)
+  providers.push(
+    AuthentikProvider({
+      id: "authentik",
+      name: "Authentik",
+      clientId: process.env.AUTHENTIK_CLIENT_ID!,
+      clientSecret: process.env.AUTHENTIK_CLIENT_SECRET!,
+      issuer: process.env.AUTHENTIK_ISSUER,
+      profile: (profile) => {
+        console.log(profile)
+        return {
+          id: profile.sub,
+          username: profile.preferred_username,
+          name: profile.name ?? profile.preferred_username,
+          email: profile.email,
+          image: profile.picture,
+        };
+      },
+    })
+  );
+  const _linkAccount = adapter.linkAccount;
+  adapter.linkAccount = (account) => {
+    const { "not-before-policy": _, refresh_expires_in, ...data } = account;
+    return _linkAccount ? _linkAccount(data) : undefined;
+  };
+}
+
 export const authOptions: AuthOptions = {
   adapter: adapter as Adapter,
   session: {
diff --git a/pages/login.tsx b/pages/login.tsx
index b1a7ce4..9b51924 100644
--- a/pages/login.tsx
+++ b/pages/login.tsx
@@ -13,6 +13,7 @@ interface FormData {
 
 const emailEnabled = process.env.NEXT_PUBLIC_EMAIL_PROVIDER;
 const keycloakEnabled = process.env.NEXT_PUBLIC_KEYCLOAK_ENABLED;
+const authentikEnabled = process.env.NEXT_PUBLIC_AUTHENTIK_ENABLED;
 
 export default function Login() {
   const [submitLoader, setSubmitLoader] = useState(false);
@@ -60,10 +61,25 @@ export default function Login() {
     setSubmitLoader(false);
   }
 
+  async function loginUserAuthentik() {
+    setSubmitLoader(true);
+
+    const load = toast.loading("Authenticating...");
+
+    const res = await signIn("authentik", {});
+
+    toast.dismiss(load);
+
+    setSubmitLoader(false);
+  }
+
   return (
     <CenteredForm text="Sign in to your account">
       <form onSubmit={loginUser}>
         <div className="p-4 mx-auto flex flex-col gap-3 justify-between max-w-[30rem] min-w-80 w-full bg-slate-50 dark:bg-neutral-800 rounded-2xl shadow-md border border-sky-100 dark:border-neutral-700">
+          
+          {process.env.NEXT_PUBLIC_DISABLE_LOGIN !== "true" ? (
+          <div>
           <p className="text-3xl text-black dark:text-white text-center font-extralight">
             Enter your credentials
           </p>
@@ -115,6 +131,8 @@ export default function Login() {
             className=" w-full text-center"
             loading={submitLoader}
           />
+          </div>
+          ) : undefined}
           {process.env.NEXT_PUBLIC_KEYCLOAK_ENABLED === "true" ? (
             <SubmitButton
               type="button"
@@ -124,6 +142,15 @@ export default function Login() {
               loading={submitLoader}
             />
           ) : undefined}
+          {process.env.NEXT_PUBLIC_AUTHENTIK_ENABLED === "true" ? (
+            <SubmitButton
+              type="button"
+              onClick={loginUserAuthentik}
+              label="Sign in with Authentiks"
+              className=" w-full text-center"
+              loading={submitLoader}
+            />
+          ) : undefined}
           {process.env.NEXT_PUBLIC_DISABLE_REGISTRATION ===
           "true" ? undefined : (
             <div className="flex items-baseline gap-1 justify-center">