Merge branch 'advplyr:master' into nfo-metadata

2025-07-10 01:15:06 +02:00 · 2023-11-21 09:09:12 +02:00 · 2023-11-21 09:09:12 +02:00 · a4d4f1bc2e
commit a4d4f1bc2e
parent d990e5b909 048e27f03f
30 changed files with 6546 additions and 372 deletions
--- a/server/objects/settings/ServerSettings.js
+++ b/server/objects/settings/ServerSettings.js
@ -54,6 +54,24 @@ class ServerSettings {
    this.version = packageJson.version
    this.buildNumber = packageJson.buildNumber

+    // Auth settings
+    // Active auth methodes
+    this.authActiveAuthMethods = ['local']
+
+    // openid settings
+    this.authOpenIDIssuerURL = null
+    this.authOpenIDAuthorizationURL = null
+    this.authOpenIDTokenURL = null
+    this.authOpenIDUserInfoURL = null
+    this.authOpenIDJwksURL = null
+    this.authOpenIDLogoutURL = null
+    this.authOpenIDClientID = null
+    this.authOpenIDClientSecret = null
+    this.authOpenIDButtonText = 'Login with OpenId'
+    this.authOpenIDAutoLaunch = false
+    this.authOpenIDAutoRegister = false
+    this.authOpenIDMatchExistingBy = null
+
    if (settings) {
      this.construct(settings)
    }
@ -94,6 +112,36 @@ class ServerSettings {
    this.version = settings.version || null
    this.buildNumber = settings.buildNumber || 0 // Added v2.4.5

+    this.authActiveAuthMethods = settings.authActiveAuthMethods || ['local']
+
+    this.authOpenIDIssuerURL = settings.authOpenIDIssuerURL || null
+    this.authOpenIDAuthorizationURL = settings.authOpenIDAuthorizationURL || null
+    this.authOpenIDTokenURL = settings.authOpenIDTokenURL || null
+    this.authOpenIDUserInfoURL = settings.authOpenIDUserInfoURL || null
+    this.authOpenIDJwksURL = settings.authOpenIDJwksURL || null
+    this.authOpenIDLogoutURL = settings.authOpenIDLogoutURL || null
+    this.authOpenIDClientID = settings.authOpenIDClientID || null
+    this.authOpenIDClientSecret = settings.authOpenIDClientSecret || null
+    this.authOpenIDButtonText = settings.authOpenIDButtonText || 'Login with OpenId'
+    this.authOpenIDAutoLaunch = !!settings.authOpenIDAutoLaunch
+    this.authOpenIDAutoRegister = !!settings.authOpenIDAutoRegister
+    this.authOpenIDMatchExistingBy = settings.authOpenIDMatchExistingBy || null
+
+    if (!Array.isArray(this.authActiveAuthMethods)) {
+      this.authActiveAuthMethods = ['local']
+    }
+
+    // remove uninitialized methods
+    // OpenID
+    if (this.authActiveAuthMethods.includes('openid') && !this.isOpenIDAuthSettingsValid) {
+      this.authActiveAuthMethods.splice(this.authActiveAuthMethods.indexOf('openid', 0), 1)
+    }
+
+    // fallback to local    
+    if (!Array.isArray(this.authActiveAuthMethods) || this.authActiveAuthMethods.length == 0) {
+      this.authActiveAuthMethods = ['local']
+    }
+
    // Migrations
    if (settings.storeCoverWithBook != undefined) { // storeCoverWithBook was renamed to storeCoverWithItem in 2.0.0
      this.storeCoverWithItem = !!settings.storeCoverWithBook
@ -150,23 +198,96 @@ class ServerSettings {
      language: this.language,
      logLevel: this.logLevel,
      version: this.version,
-      buildNumber: this.buildNumber
+      buildNumber: this.buildNumber,
+      authActiveAuthMethods: this.authActiveAuthMethods,
+      authOpenIDIssuerURL: this.authOpenIDIssuerURL,
+      authOpenIDAuthorizationURL: this.authOpenIDAuthorizationURL,
+      authOpenIDTokenURL: this.authOpenIDTokenURL,
+      authOpenIDUserInfoURL: this.authOpenIDUserInfoURL,
+      authOpenIDJwksURL: this.authOpenIDJwksURL,
+      authOpenIDLogoutURL: this.authOpenIDLogoutURL,
+      authOpenIDClientID: this.authOpenIDClientID, // Do not return to client
+      authOpenIDClientSecret: this.authOpenIDClientSecret, // Do not return to client
+      authOpenIDButtonText: this.authOpenIDButtonText,
+      authOpenIDAutoLaunch: this.authOpenIDAutoLaunch,
+      authOpenIDAutoRegister: this.authOpenIDAutoRegister,
+      authOpenIDMatchExistingBy: this.authOpenIDMatchExistingBy
    }
  }

  toJSONForBrowser() {
    const json = this.toJSON()
    delete json.tokenSecret
+    delete json.authOpenIDClientID
+    delete json.authOpenIDClientSecret
    return json
  }

+  get supportedAuthMethods() {
+    return ['local', 'openid']
+  }
+
+  /**
+   * Auth settings required for openid to be valid
+   */
+  get isOpenIDAuthSettingsValid() {
+    return this.authOpenIDIssuerURL &&
+      this.authOpenIDAuthorizationURL &&
+      this.authOpenIDTokenURL &&
+      this.authOpenIDUserInfoURL &&
+      this.authOpenIDJwksURL &&
+      this.authOpenIDClientID &&
+      this.authOpenIDClientSecret
+  }
+
+  get authenticationSettings() {
+    return {
+      authActiveAuthMethods: this.authActiveAuthMethods,
+      authOpenIDIssuerURL: this.authOpenIDIssuerURL,
+      authOpenIDAuthorizationURL: this.authOpenIDAuthorizationURL,
+      authOpenIDTokenURL: this.authOpenIDTokenURL,
+      authOpenIDUserInfoURL: this.authOpenIDUserInfoURL,
+      authOpenIDJwksURL: this.authOpenIDJwksURL,
+      authOpenIDLogoutURL: this.authOpenIDLogoutURL,
+      authOpenIDClientID: this.authOpenIDClientID, // Do not return to client
+      authOpenIDClientSecret: this.authOpenIDClientSecret, // Do not return to client
+      authOpenIDButtonText: this.authOpenIDButtonText,
+      authOpenIDAutoLaunch: this.authOpenIDAutoLaunch,
+      authOpenIDAutoRegister: this.authOpenIDAutoRegister,
+      authOpenIDMatchExistingBy: this.authOpenIDMatchExistingBy
+    }
+  }
+
+  get authFormData() {
+    const clientFormData = {}
+    if (this.authActiveAuthMethods.includes('openid')) {
+      clientFormData.authOpenIDButtonText = this.authOpenIDButtonText
+      clientFormData.authOpenIDAutoLaunch = this.authOpenIDAutoLaunch
+    }
+    return clientFormData
+  }
+
+  /**
+   * Update server settings
+   * 
+   * @param {Object} payload 
+   * @returns {boolean} true if updates were made
+   */
  update(payload) {
-    var hasUpdates = false
+    let hasUpdates = false
    for (const key in payload) {
-      if (key === 'sortingPrefixes' && payload[key] && payload[key].length) {
-        var prefixesCleaned = payload[key].filter(prefix => !!prefix).map(prefix => prefix.toLowerCase())
-        if (prefixesCleaned.join(',') !== this[key].join(',')) {
-          this[key] = [...prefixesCleaned]
+      if (key === 'sortingPrefixes') {
+        // Sorting prefixes are updated with the /api/sorting-prefixes endpoint
+        continue
+      } else if (key === 'authActiveAuthMethods') {
+        if (!payload[key]?.length) {
+          Logger.error(`[ServerSettings] Invalid authActiveAuthMethods`, payload[key])
+          continue
+        }
+        this.authActiveAuthMethods.sort()
+        payload[key].sort()
+        if (payload[key].join() !== this.authActiveAuthMethods.join()) {
+          this.authActiveAuthMethods = payload[key]
          hasUpdates = true
        }
      } else if (this[key] !== payload[key]) {
--- a/server/objects/user/User.js
+++ b/server/objects/user/User.js
@ -24,6 +24,8 @@ class User {
    this.librariesAccessible = [] // Library IDs (Empty if ALL libraries)
    this.itemTagsSelected = [] // Empty if ALL item tags accessible

+    this.authOpenIDSub = null
+
    if (user) {
      this.construct(user)
    }
@ -66,7 +68,7 @@ class User {
  getDefaultUserPermissions() {
    return {
      download: true,
-      update: true,
+      update: this.type === 'root' || this.type === 'admin',
      delete: this.type === 'root',
      upload: this.type === 'root' || this.type === 'admin',
      accessAllLibraries: true,
@ -93,7 +95,8 @@ class User {
      createdAt: this.createdAt,
      permissions: this.permissions,
      librariesAccessible: [...this.librariesAccessible],
-      itemTagsSelected: [...this.itemTagsSelected]
+      itemTagsSelected: [...this.itemTagsSelected],
+      authOpenIDSub: this.authOpenIDSub
    }
  }

@ -186,6 +189,8 @@ class User {

    this.librariesAccessible = [...(user.librariesAccessible || [])]
    this.itemTagsSelected = [...(user.itemTagsSelected || [])]
+
+    this.authOpenIDSub = user.authOpenIDSub || null
  }

  update(payload) {