Merge branch 'auth-providers' into dev

2025-07-12 06:55:01 +02:00 · 2025-04-23 22:08:37 -04:00 · 2025-04-23 22:08:37 -04:00 · f4fd33b47f
commit f4fd33b47f
parent 9ea7c43212 d6d6a59eee
93 changed files with 5788 additions and 1608 deletions
--- a/server/lib/config.ts
+++ b/server/lib/config.ts
@ -91,7 +91,19 @@ const configSchema = z.object({
                credentials: z.boolean().optional()
            })
            .optional(),
-        trust_proxy: z.boolean().optional().default(true)
+        trust_proxy: z.boolean().optional().default(true),
+        secret: z
+            .string()
+            .optional()
+            .transform(getEnvOrYaml("SERVER_SECRET"))
+            .pipe(
+                z
+                    .string()
+                    .min(
+                        32,
+                        "SERVER_SECRET must be at least 32 characters long"
+                    )
+            )
    }),
    traefik: z.object({
        http_entrypoint: z.string(),
--- a/server/lib/crypto.ts
+++ b/server/lib/crypto.ts
@ -0,0 +1,40 @@
+import * as crypto from "crypto";
+
+const ALGORITHM = "aes-256-gcm";
+
+export function encrypt(value: string, key: string): string {
+    const iv = crypto.randomBytes(12);
+    const keyBuffer = Buffer.from(key, "base64"); // assuming base64 input
+
+    const cipher = crypto.createCipheriv(ALGORITHM, keyBuffer, iv);
+
+    const encrypted = Buffer.concat([
+        cipher.update(value, "utf8"),
+        cipher.final()
+    ]);
+    const authTag = cipher.getAuthTag();
+
+    return [
+        iv.toString("base64"),
+        encrypted.toString("base64"),
+        authTag.toString("base64")
+    ].join(":");
+}
+
+export function decrypt(encryptedValue: string, key: string): string {
+    const [ivB64, encryptedB64, authTagB64] = encryptedValue.split(":");
+
+    const iv = Buffer.from(ivB64, "base64");
+    const encrypted = Buffer.from(encryptedB64, "base64");
+    const authTag = Buffer.from(authTagB64, "base64");
+    const keyBuffer = Buffer.from(key, "base64");
+
+    const decipher = crypto.createDecipheriv(ALGORITHM, keyBuffer, iv);
+    decipher.setAuthTag(authTag);
+
+    const decrypted = Buffer.concat([
+        decipher.update(encrypted),
+        decipher.final()
+    ]);
+    return decrypted.toString("utf8");
+}
--- a/server/lib/idp/generateRedirectUrl.ts
+++ b/server/lib/idp/generateRedirectUrl.ts
@ -0,0 +1,8 @@
+import config from "@server/lib/config";
+
+export function generateOidcRedirectUrl(idpId: number) {
+    const dashboardUrl = config.getRawConfig().app.dashboard_url;
+    const redirectPath = `/auth/idp/${idpId}/oidc/callback`;
+    const redirectUrl = new URL(redirectPath, dashboardUrl).toString();
+    return redirectUrl;
+}