60e52d0423
* Separate environment configs * wip * wip * test * plugins * test * test * .sequelizerc, unfortunately can't go through /utils/environment due to not supporting TS * docker-compose -> docker compose * fix: .local wipes .development * Add custom validation message for invalid SECRET_KEY (often confused)
108 lines
3.2 KiB
TypeScript
108 lines
3.2 KiB
TypeScript
/* eslint-disable @typescript-eslint/no-var-requires */
|
|
import path from "path";
|
|
import { glob } from "glob";
|
|
import Router from "koa-router";
|
|
import find from "lodash/find";
|
|
import sortBy from "lodash/sortBy";
|
|
import env from "@server/env";
|
|
import Team from "@server/models/Team";
|
|
import environment from "@server/utils/environment";
|
|
|
|
export type AuthenticationProviderConfig = {
|
|
id: string;
|
|
name: string;
|
|
enabled: boolean;
|
|
router: Router;
|
|
};
|
|
|
|
export default class AuthenticationHelper {
|
|
private static providersCache: AuthenticationProviderConfig[];
|
|
|
|
/**
|
|
* Returns the enabled authentication provider configurations for the current
|
|
* installation.
|
|
*
|
|
* @returns A list of authentication providers
|
|
*/
|
|
public static get providers() {
|
|
if (this.providersCache) {
|
|
return this.providersCache;
|
|
}
|
|
|
|
const authenticationProviderConfigs: AuthenticationProviderConfig[] = [];
|
|
const rootDir = env.ENVIRONMENT === "test" ? "" : "build";
|
|
|
|
glob
|
|
.sync(path.join(rootDir, "plugins/*/server/auth/!(*.test|schema).[jt]s"))
|
|
.forEach((filePath: string) => {
|
|
const { default: authProvider, name } = require(path.join(
|
|
process.cwd(),
|
|
filePath
|
|
));
|
|
const id = filePath.replace("build/", "").split("/")[1];
|
|
const config = require(path.join(
|
|
process.cwd(),
|
|
rootDir,
|
|
"plugins",
|
|
id,
|
|
"plugin.json"
|
|
));
|
|
|
|
// Test the all required env vars are set for the auth provider
|
|
const enabled = (config.requiredEnvVars ?? []).every(
|
|
(name: string) => !!environment[name]
|
|
);
|
|
|
|
if (enabled) {
|
|
authenticationProviderConfigs.push({
|
|
id,
|
|
name: name ?? config.name,
|
|
enabled,
|
|
router: authProvider,
|
|
});
|
|
}
|
|
});
|
|
|
|
this.providersCache = sortBy(authenticationProviderConfigs, "id");
|
|
return this.providersCache;
|
|
}
|
|
|
|
/**
|
|
* Returns the enabled authentication provider configurations for a team,
|
|
* if given otherwise all enabled providers are returned.
|
|
*
|
|
* @param team The team to get enabled providers for
|
|
* @returns A list of authentication providers
|
|
*/
|
|
public static providersForTeam(team?: Team) {
|
|
const isCloudHosted = env.isCloudHosted;
|
|
|
|
return AuthenticationHelper.providers
|
|
.sort((config) => (config.id === "email" ? 1 : -1))
|
|
.filter((config) => {
|
|
// Guest sign-in is an exception as it does not have an authentication
|
|
// provider using passport, instead it exists as a boolean option.
|
|
if (config.id === "email") {
|
|
return team?.emailSigninEnabled;
|
|
}
|
|
|
|
// If no team return all possible authentication providers except email.
|
|
if (!team) {
|
|
return true;
|
|
}
|
|
|
|
const authProvider = find(team.authenticationProviders, {
|
|
name: config.id,
|
|
});
|
|
|
|
// If cloud hosted then the auth provider must be enabled for the team,
|
|
// If self-hosted then it must not be actively disabled, otherwise all
|
|
// providers are considered.
|
|
return (
|
|
(!isCloudHosted && authProvider?.enabled !== false) ||
|
|
(isCloudHosted && authProvider?.enabled)
|
|
);
|
|
});
|
|
}
|
|
}
|