Add Authelia as a custom oidc source

set a path to browsers outside of /root Grant root ownership over /data set umask + perms after yarn build revert local testing to upstream
2024-01-14 11:42:30 -05:00 · 2024-01-14 11:42:30 -05:00 · cc2d7c863d
parent 047e156cfb
commit cc2d7c863d
5 changed files with 67 additions and 15 deletions
--- a/.env.sample
+++ b/.env.sample
@ -65,6 +65,13 @@ AUTH0_ISSUER=
 AUTH0_CLIENT_SECRET=
 AUTH0_CLIENT_ID=

+# Authelia
+NEXT_PUBLIC_AUTHELIA_ENABLED=""
+AUTHELIA_CLIENT_ID=""
+AUTHELIA_CLIENT_SECRET=""
+AUTHELIA_WELLKNOWN_URL=""
+
+
 # Authentik
 NEXT_PUBLIC_AUTHENTIK_ENABLED=
 AUTHENTIK_CUSTOM_NAME=
--- a/pages/api/v1/auth/[...nextauth].ts
+++ b/pages/api/v1/auth/[...nextauth].ts
@ -97,19 +97,19 @@ if (
        const user = await prisma.user.findFirst({
          where: emailEnabled
            ? {
-                OR: [
-                  {
-                    username: username.toLowerCase(),
-                  },
-                  {
-                    email: username?.toLowerCase(),
-                  },
-                ],
-                emailVerified: { not: null },
-              }
+              OR: [
+                {
+                  username: username.toLowerCase(),
+                },
+                {
+                  email: username?.toLowerCase(),
+                },
+              ],
+              emailVerified: { not: null },
+            }
            : {
-                username: username.toLowerCase(),
-              },
+              username: username.toLowerCase(),
+            },
        });

        let passwordMatches: boolean = false;
@ -239,6 +239,37 @@ if (process.env.NEXT_PUBLIC_AUTH0_ENABLED === "true") {
  };
 }

+// Authelia
+if (process.env.NEXT_PUBLIC_AUTHELIA_ENABLED === "true") {
+  providers.push(
+    {
+      id: "authelia",
+      name: "Authelia",
+      type: "oauth",
+      clientId: process.env.AUTHELIA_CLIENT_ID!,
+      clientSecret: process.env.AUTHELIA_CLIENT_SECRET!,
+      wellKnown: process.env.AUTHELIA_WELLKNOWN_URL!,
+      authorization: { params: { scope: "openid email profile" } },
+      idToken: true,
+      checks: ["pkce", "state"],
+      profile(profile) {
+        return {
+          id: profile.sub,
+          name: profile.name,
+          email: profile.email,
+          username: profile.preferred_username,
+        }
+      },
+    }
+  );
+
+  const _linkAccount = adapter.linkAccount;
+  adapter.linkAccount = (account) => {
+    const { "not-before-policy": _, refresh_expires_in, ...data } = account;
+    return _linkAccount ? _linkAccount(data) : undefined;
+  };
+}
+
 // Authentik
 if (process.env.NEXT_PUBLIC_AUTHENTIK_ENABLED === "true") {
  providers.push(
--- a/pages/api/v1/logins/index.ts
+++ b/pages/api/v1/logins/index.ts
@ -391,10 +391,17 @@ export function getLogins() {
      name: process.env.ZOOM_CUSTOM_NAME ?? "Zoom",
    });
  }
+  // Authelia
+  if (process.env.NEXT_PUBLIC_AUTHELIA_ENABLED === "true") {
+    buttonAuths.push({
+      method: "authelia",
+      name: process.env.AUTHELIA_CUSTOM_NAME ?? "Authelia",
+    });
+  }
  return {
    credentialsEnabled:
      process.env.NEXT_PUBLIC_CREDENTIALS_ENABLED === "true" ||
-      process.env.NEXT_PUBLIC_CREDENTIALS_ENABLED === undefined
+        process.env.NEXT_PUBLIC_CREDENTIALS_ENABLED === undefined
        ? "true"
        : "false",
    emailEnabled:
--- a/types/enviornment.d.ts
+++ b/types/enviornment.d.ts
@ -66,6 +66,13 @@ declare global {
      AUTH0_CLIENT_SECRET?: string;
      AUTH0_CLIENT_ID?: string;

+      // Authelia
+      NEXT_PUBLIC_AUTHELIA_ENABLED?: string;
+      AUTHELIA_CUSTOM_NAME?: string;
+      AUTHELIA_CLIENT_ID?: string;
+      AUTHELIA_CLIENT_SECRET?: string;
+      AUTHELIA_WELLKNOWN_URL?: string;
+
      // Authentik
      NEXT_PUBLIC_AUTHENTIK_ENABLED?: string;
      AUTHENTIK_CUSTOM_NAME?: string;
@ -400,4 +407,4 @@ declare global {
  }
 }

-export {};
+export { };