jlinc-labs/jlinc-server
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add single-user authentication

Browse Source
This commit is contained in:
Ben Curtis
2025-09-12 14:45:06 +00:00
parent 742a3e2143
commit bb4c94f0f6
5 changed files with 34 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.dockerignore
View File

@@ -1,3 +1,3 @@
/data /data
node_modules src/node_modules
docker-compose.*.yml docker-compose.*.yml

3
Dockerfile
View File

@@ -1,5 +1,6 @@
FROM node:20 FROM node:20
ADD src /app ADD src/package*.json /app/
WORKDIR /app WORKDIR /app
RUN npm install RUN npm install
ADD src /app
CMD ["npm", "start"] CMD ["npm", "start"]

8
docker-compose.yml
View File

@@ -20,7 +20,7 @@ services:
# Enabled app modules # Enabled app modules
APP_MODULES: core, archive APP_MODULES: core, archive
# Enabled authentication modules # Enabled authentication modules
AUTH_MODULES: oidc, github, google AUTH_MODULES: single, oidc, github, google
# Secure secret for memory store, generate with `openssl rand -hex 64` # Secure secret for memory store, generate with `openssl rand -hex 64`
SECURE_SECRET: 9ed678e6da3333a53c635039a5f53015ba3d4c841a0ade4e46f31c2d42c9b3e71edcdda7e1d75d066a39a8f56f9eb325d556a90195c6e7f45c6e2fffd0e98a7a SECURE_SECRET: 9ed678e6da3333a53c635039a5f53015ba3d4c841a0ade4e46f31c2d42c9b3e71edcdda7e1d75d066a39a8f56f9eb325d556a90195c6e7f45c6e2fffd0e98a7a
# Default FedID server to use for identity management # Default FedID server to use for identity management
@@ -29,6 +29,12 @@ services:
# AUTH MODULES # AUTH MODULES
# ============ # ============
# Single User
# -----------
# Use for local development to auto-create a test user
# SINGLE_API_KEY_CORE: OGExYWE2ZjMwYjdhZjQyZWE4MmE1YTUwO
# SINGLE_API_KEY_ARCHIVE: MDY5ZDMyZjMyZDAzYTU0ZDQwZWJiM2I4M
# OpenID Connect # OpenID Connect
# -------------- # --------------
# Works with any OIDC provider # Works with any OIDC provider

11
src/http/auth.js
View File

@@ -45,10 +45,12 @@ export function getNewKey(user) {
return apiKey; return apiKey;
} }
async function createApiKeys(client, user) { async function createApiKeys(client, user, issuer) {
const config = getConfig(); const config = getConfig();
for (const type in config.appModules) { for (const type in config.appModules) {
const apiKey = getNewKey(user); const apiKey = issuer !== 'https://single'
? getNewKey(user)
: config.authModules.single[type]
await client.query(` await client.query(`
INSERT INTO public.auth ( INSERT INTO public.auth (
user_id, user_id,
@@ -149,11 +151,10 @@ export async function checkUser(type, issuer, identifier, username, photo) {
photo, photo,
type, type,
]); ]);
console.log(res.rows[0])
if (res.rowCount === 0) { if (res.rowCount === 0) {
return null; return null;
} }
await createApiKeys(client, res.rows[0]); await createApiKeys(client, res.rows[0], issuer);
} else { } else {
if (photo !== userExists.rows[0].photo || username != userExists.rows[0].username) { if (photo !== userExists.rows[0].photo || username != userExists.rows[0].username) {
await client.query(` await client.query(`
@@ -168,7 +169,7 @@ export async function checkUser(type, issuer, identifier, username, photo) {
userExists.rows[0].id, userExists.rows[0].id,
]); ]);
} }
await createApiKeys(client, userExists.rows[0]); await createApiKeys(client, userExists.rows[0], issuer);
} }
const user = await getUser(client, issuer, identifier); const user = await getUser(client, issuer, identifier);
return user; return user;

18
src/modules/auth/single.js Normal file
View File

@@ -0,0 +1,18 @@
import { checkUser } from "../../http/auth.js";
import { getConfig } from "../../common/config.js";
const key = 'single';
export function getModuleConfig() {
const config = getConfig();
return {
core: process.env.SINGLE_API_KEY_CORE,
archive: process.env.SINGLE_API_KEY_ARCHIVE,
}
}
export async function initModule(app, passport) {
if (process.env.SINGLE_API_KEY_CORE && process.env.SINGLE_API_KEY_ARCHIVE) {
await checkUser(key, 'https://single', 'single', 'single');
}
}