From bb4c94f0f61064de0b185edf7b28ff33d9ad9103 Mon Sep 17 00:00:00 2001 From: JlincFM Date: Fri, 12 Sep 2025 14:45:06 +0000 Subject: [PATCH] add single-user authentication --- .dockerignore | 2 +- Dockerfile | 3 ++- docker-compose.yml | 8 +++++++- src/http/auth.js | 11 ++++++----- src/modules/auth/single.js | 18 ++++++++++++++++++ 5 files changed, 34 insertions(+), 8 deletions(-) create mode 100644 src/modules/auth/single.js diff --git a/.dockerignore b/.dockerignore index b32b83a..9c9f3d2 100644 --- a/.dockerignore +++ b/.dockerignore @@ -1,3 +1,3 @@ /data -node_modules +src/node_modules docker-compose.*.yml diff --git a/Dockerfile b/Dockerfile index 7af8064..8f04488 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,6 @@ FROM node:20 -ADD src /app +ADD src/package*.json /app/ WORKDIR /app RUN npm install +ADD src /app CMD ["npm", "start"] diff --git a/docker-compose.yml b/docker-compose.yml index c1a7f32..081947f 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -20,7 +20,7 @@ services: # Enabled app modules APP_MODULES: core, archive # Enabled authentication modules - AUTH_MODULES: oidc, github, google + AUTH_MODULES: single, oidc, github, google # Secure secret for memory store, generate with `openssl rand -hex 64` SECURE_SECRET: 9ed678e6da3333a53c635039a5f53015ba3d4c841a0ade4e46f31c2d42c9b3e71edcdda7e1d75d066a39a8f56f9eb325d556a90195c6e7f45c6e2fffd0e98a7a # Default FedID server to use for identity management @@ -29,6 +29,12 @@ services: # AUTH MODULES # ============ + # Single User + # ----------- + # Use for local development to auto-create a test user + # SINGLE_API_KEY_CORE: OGExYWE2ZjMwYjdhZjQyZWE4MmE1YTUwO + # SINGLE_API_KEY_ARCHIVE: MDY5ZDMyZjMyZDAzYTU0ZDQwZWJiM2I4M + # OpenID Connect # -------------- # Works with any OIDC provider diff --git a/src/http/auth.js b/src/http/auth.js index 5c74078..eb5f23b 100644 --- a/src/http/auth.js +++ b/src/http/auth.js @@ -45,10 +45,12 @@ export function getNewKey(user) { return apiKey; } -async function createApiKeys(client, user) { +async function createApiKeys(client, user, issuer) { const config = getConfig(); for (const type in config.appModules) { - const apiKey = getNewKey(user); + const apiKey = issuer !== 'https://single' + ? getNewKey(user) + : config.authModules.single[type] await client.query(` INSERT INTO public.auth ( user_id, @@ -149,11 +151,10 @@ export async function checkUser(type, issuer, identifier, username, photo) { photo, type, ]); - console.log(res.rows[0]) if (res.rowCount === 0) { return null; } - await createApiKeys(client, res.rows[0]); + await createApiKeys(client, res.rows[0], issuer); } else { if (photo !== userExists.rows[0].photo || username != userExists.rows[0].username) { await client.query(` @@ -168,7 +169,7 @@ export async function checkUser(type, issuer, identifier, username, photo) { userExists.rows[0].id, ]); } - await createApiKeys(client, userExists.rows[0]); + await createApiKeys(client, userExists.rows[0], issuer); } const user = await getUser(client, issuer, identifier); return user; diff --git a/src/modules/auth/single.js b/src/modules/auth/single.js new file mode 100644 index 0000000..0afcd45 --- /dev/null +++ b/src/modules/auth/single.js @@ -0,0 +1,18 @@ +import { checkUser } from "../../http/auth.js"; +import { getConfig } from "../../common/config.js"; + +const key = 'single'; + +export function getModuleConfig() { + const config = getConfig(); + return { + core: process.env.SINGLE_API_KEY_CORE, + archive: process.env.SINGLE_API_KEY_ARCHIVE, + } +} + +export async function initModule(app, passport) { + if (process.env.SINGLE_API_KEY_CORE && process.env.SINGLE_API_KEY_ARCHIVE) { + await checkUser(key, 'https://single', 'single', 'single'); + } +} \ No newline at end of file