Updated security schemes.

2025-05-05 06:37:10 -04:00 · 2024-03-25 23:03:20 +01:00 · 2024-03-25 23:03:20 +01:00 · 91b60e9e71
commit 91b60e9e71
parent 85bb520355
7 changed files with 31 additions and 22 deletions
--- a/settings.json.docker
+++ b/settings.json.docker
@ -652,20 +652,21 @@
   */
  "lowerCasePadIds": "${LOWER_CASE_PAD_IDS:false}",
  "sso": {
+    "issuer": "${SSO_ISSUER:http://localhost:9001}",
      "clients": [
        {
-          "client_id": "admin_client",
-          "client_secret": "admin",
+          "client_id": "${ADMIN_CLIENT:admin_client}",
+          "client_secret": "${ADMIN_SECRET:admin}",
          "grant_types": ["authorization_code"],
          "response_types": ["code"],
-          "redirect_uris": ["http://localhost:9001/admin/*"]
+          "redirect_uris": ["${ADMIN_REDIRECT:http://localhost:9001/admin/}"]
        },
        {
-          "client_id": "user_client",
-          "client_secret": "user",
+          "client_id": "${USER_CLIENT:user_client}",
+          "client_secret": "${USER_SECRET:user}",
          "grant_types": ["authorization_code"],
          "response_types": ["code"],
-          "redirect_uris": ["http://localhost:9001/*"]
+          "redirect_uris": ["${USER_REDIRECT:http://localhost:9001/}"]
        }
      ]
    }
--- a/settings.json.template
+++ b/settings.json.template
@ -653,20 +653,21 @@
  "lowerCasePadIds": false,

  "sso": {
+    "issuer": "${SSO_ISSUER:http://localhost:9001}",
      "clients": [
        {
-          "client_id": "admin_client",
-          "client_secret": "admin",
+          "client_id": "${ADMIN_CLIENT:admin_client}",
+          "client_secret": "${ADMIN_SECRET:admin}",
          "grant_types": ["authorization_code"],
          "response_types": ["code"],
-          "redirect_uris": ["http://localhost:9001/admin/*"]
+          "redirect_uris": ["${ADMIN_REDIRECT:http://localhost:9001/admin/}"]
        },
        {
-          "client_id": "user_client",
-          "client_secret": "user",
+          "client_id": "${USER_CLIENT:user_client}",
+          "client_secret": "${USER_SECRET:user}",
          "grant_types": ["authorization_code"],
          "response_types": ["code"],
-          "redirect_uris": ["http://localhost:9001/*"]
+          "redirect_uris": ["${USER_REDIRECT:http://localhost:9001/}"]
        }
      ]
    }
--- a/src/node/handler/APIHandler.ts
+++ b/src/node/handler/APIHandler.ts
@ -149,7 +149,6 @@ exports.version = version;


 type APIFields = {
-  apikey: string;
  api_key: string;
  padID: string;
  padName: string;
--- a/src/node/hooks/express/openapi.ts
+++ b/src/node/hooks/express/openapi.ts
@ -483,14 +483,24 @@ const generateDefinitionForVersion = (version:string, style = APIPathStyle.FLAT)
        ...defaultResponses,
      },
      securitySchemes: {
-        ApiKey: {
-          type: 'apiKey',
-          in: 'query',
-          name: 'apikey',
+        openid: {
+          type: "oauth2",
+          flows: {
+            authorizationCode: {
+              authorizationUrl: settings.sso.issuer+"/oidc/auth",
+              tokenUrl: settings.sso.issuer+"/oidc/token",
+              scopes: {
+                openid: "openid",
+                profile: "profile",
+                email: "email",
+                admin: "admin"
+              }
+            }
          },
        },
      },
-    security: [{ApiKey: []}],
+    },
+    security: [{openid: []}],
  };

  // build operations
@ -622,6 +632,7 @@ exports.expressPreSession = async (hookName:string, {app}:any) => {
          let data;
          try {
            data = await apiHandler.handle(version, funcName, fields, req, res);
+            console.log(app._router.stack)
          } catch (err) {
            const errCaused = err as ErrorCaused
            // convert all errors to http errors
--- a/src/node/security/OAuth2Provider.ts
+++ b/src/node/security/OAuth2Provider.ts
@ -82,7 +82,7 @@ export const expressCreateServer = async (hookName: string, args: ArgsExpressTyp
    publicKeyExported = publicKey
    privateKeyExported = privateKey

-    const oidc = new Provider('http://localhost:9001', {
+    const oidc = new Provider(settings.sso.issuer, {
        ...configuration, jwks: {
            keys: [
                privateKeyJWK
@ -98,7 +98,6 @@ export const expressCreateServer = async (hookName: string, args: ArgsExpressTyp
        },
        features:{
             userinfo: {enabled: true},
-
             claimsParameter: {enabled: true},
            devInteractions: {enabled: false},
          resourceIndicators: {enabled: true,   defaultResource(ctx) {
--- a/src/tests/backend/specs/api/fuzzImportTest.ts
+++ b/src/tests/backend/specs/api/fuzzImportTest.ts
@ -9,7 +9,6 @@ const settings = require('../../../container/loadSettings.js').loadSettings();

 const host = "http://" + settings.ip + ":" + settings.port;

-const apiKey = common.apiKey;
 var apiVersion = 1;
 var testPadId = "TEST_fuzz" + makeid();

--- a/src/tests/backend/specs/api/pad.ts
+++ b/src/tests/backend/specs/api/pad.ts
@ -12,7 +12,6 @@ const common = require('../../common');
 const padManager = require('../../../../node/db/PadManager');

 let agent:any;
-const apiKey = common.apiKey;
 let apiVersion = 1;
 const testPadId = makeid();
 const newPadId = makeid();