add single-user authentication

2025-09-12 14:45:06 +00:00
parent 742a3e2143
commit bb4c94f0f6
5 changed files with 34 additions and 8 deletions
--- a/.dockerignore
+++ b/.dockerignore
@@ -1,3 +1,3 @@
 /data
-node_modules
+src/node_modules
 docker-compose.*.yml
--- a/3
+++ b/3
@@ -1,5 +1,6 @@
 FROM node:20
-ADD src /app
+ADD src/package*.json /app/
 WORKDIR /app
 RUN npm install
+ADD src /app
 CMD ["npm", "start"]
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -20,7 +20,7 @@ services:
      # Enabled app modules
      APP_MODULES: core, archive
      # Enabled authentication modules
-      AUTH_MODULES: oidc, github, google
+      AUTH_MODULES: single, oidc, github, google
      # Secure secret for memory store, generate with `openssl rand -hex 64`
      SECURE_SECRET: 9ed678e6da3333a53c635039a5f53015ba3d4c841a0ade4e46f31c2d42c9b3e71edcdda7e1d75d066a39a8f56f9eb325d556a90195c6e7f45c6e2fffd0e98a7a
      # Default FedID server to use for identity management
@@ -29,6 +29,12 @@ services:
      # AUTH MODULES
      # ============

+      # Single User
+      # -----------
+      # Use for local development to auto-create a test user
+      # SINGLE_API_KEY_CORE: OGExYWE2ZjMwYjdhZjQyZWE4MmE1YTUwO
+      # SINGLE_API_KEY_ARCHIVE: MDY5ZDMyZjMyZDAzYTU0ZDQwZWJiM2I4M
+
      # OpenID Connect
      # --------------
      # Works with any OIDC provider
--- a/src/http/auth.js
+++ b/src/http/auth.js
@@ -45,10 +45,12 @@ export function getNewKey(user) {
    return apiKey;
 }

-async function createApiKeys(client, user) {
+async function createApiKeys(client, user, issuer) {
    const config = getConfig();
    for (const type in config.appModules) {
-        const apiKey = getNewKey(user);
+        const apiKey = issuer !== 'https://single'
+            ? getNewKey(user)
+            : config.authModules.single[type]
        await client.query(`
            INSERT INTO public.auth (
                user_id,
@@ -149,11 +151,10 @@ export async function checkUser(type, issuer, identifier, username, photo) {
            photo,
            type,
        ]);
-        console.log(res.rows[0])
        if (res.rowCount === 0) {
            return null;
        }
-        await createApiKeys(client, res.rows[0]);
+        await createApiKeys(client, res.rows[0], issuer);
    } else {
        if (photo !== userExists.rows[0].photo || username != userExists.rows[0].username) {
            await client.query(`
@@ -168,7 +169,7 @@ export async function checkUser(type, issuer, identifier, username, photo) {
                userExists.rows[0].id,
            ]);
        }
-        await createApiKeys(client, userExists.rows[0]);
+        await createApiKeys(client, userExists.rows[0], issuer);
    }
    const user = await getUser(client, issuer, identifier);
    return user;
--- a/src/modules/auth/single.js
+++ b/src/modules/auth/single.js
@@ -0,0 +1,18 @@
+import { checkUser } from "../../http/auth.js";
+import { getConfig } from "../../common/config.js";
+
+const key = 'single';
+
+export function getModuleConfig() {
+    const config = getConfig();
+    return {
+        core: process.env.SINGLE_API_KEY_CORE,
+        archive: process.env.SINGLE_API_KEY_ARCHIVE,
+    }
+}
+
+export async function initModule(app, passport) {
+    if (process.env.SINGLE_API_KEY_CORE && process.env.SINGLE_API_KEY_ARCHIVE) {
+        await checkUser(key, 'https://single', 'single', 'single');
+    }
+}