From 6fa27e5d28e17f552f290852c055a2614e2c9a11 Mon Sep 17 00:00:00 2001 From: Aarnav Tale Date: Sat, 30 Mar 2024 19:11:13 -0400 Subject: [PATCH] fix: read oidc configuration from env then config --- app/routes/login.tsx | 16 +++++++++++----- app/routes/oidc.callback.tsx | 10 +++++----- app/utils/config.ts | 33 ++++++++++++++++++++++++++++++++- 3 files changed, 48 insertions(+), 11 deletions(-) diff --git a/app/routes/login.tsx b/app/routes/login.tsx index 0c2f7fd..62700b0 100644 --- a/app/routes/login.tsx +++ b/app/routes/login.tsx @@ -7,6 +7,7 @@ import Card from '~/components/Card' import Code from '~/components/Code' import Input from '~/components/Input' import { type Key } from '~/types' +import { getContext } from '~/utils/config' import { pull } from '~/utils/headscale' import { startOidc } from '~/utils/oidc' import { commitSession, getSession } from '~/utils/sessions' @@ -22,9 +23,10 @@ export async function loader({ request }: LoaderFunctionArgs) { }) } - const issuer = process.env.OIDC_ISSUER - const id = process.env.OIDC_CLIENT_ID - const secret = process.env.OIDC_CLIENT_SECRET + const context = await getContext() + const issuer = context.oidcConfig?.issuer + const id = context.oidcConfig?.client + const secret = context.oidcConfig?.secret const normal = process.env.DISABLE_API_KEY_LOGIN if (issuer && (!id || !secret)) { @@ -51,9 +53,13 @@ export async function loader({ request }: LoaderFunctionArgs) { export async function action({ request }: ActionFunctionArgs) { const formData = await request.formData() const oidcStart = String(formData.get('oidc-start')) + if (oidcStart) { - const issuer = process.env.OIDC_ISSUER - const id = process.env.OIDC_CLIENT_ID + const context = await getContext() + const issuer = context.oidcConfig?.issuer + const id = context.oidcConfig?.client + + // We know it exists here because this action only happens on OIDC // eslint-disable-next-line @typescript-eslint/no-non-null-assertion return startOidc(issuer!, id!, request) } diff --git a/app/routes/oidc.callback.tsx b/app/routes/oidc.callback.tsx index be3cd5b..e75ad38 100644 --- a/app/routes/oidc.callback.tsx +++ b/app/routes/oidc.callback.tsx @@ -1,15 +1,15 @@ import { type LoaderFunctionArgs } from '@remix-run/node' +import { getContext } from '~/utils/config' import { finishOidc } from '~/utils/oidc' export async function loader({ request }: LoaderFunctionArgs) { - const issuer = process.env.OIDC_ISSUER - const id = process.env.OIDC_CLIENT_ID - const secret = process.env.OIDC_CLIENT_SECRET + const context = await getContext() + const oidc = context.oidcConfig - if (!issuer || !id || !secret) { + if (!oidc) { throw new Error('An invalid OIDC configuration was provided') } - return finishOidc(issuer, id, secret, request) + return finishOidc(oidc.issuer, oidc.client, oidc.secret, request) } diff --git a/app/utils/config.ts b/app/utils/config.ts index 86a8a99..8ab7cb4 100644 --- a/app/utils/config.ts +++ b/app/utils/config.ts @@ -162,6 +162,11 @@ type Context = { hasAcl: boolean; hasAclWrite: boolean; headscaleUrl: string; + oidcConfig?: { + issuer: string; + client: string; + secret: string; + }; } export let context: Context @@ -174,13 +179,39 @@ export async function getContext() { hasConfigWrite: await hasConfigW(), hasAcl: await hasAcl(), hasAclWrite: await hasAclW(), - headscaleUrl: await getHeadscaleUrl() + headscaleUrl: await getHeadscaleUrl(), + oidcConfig: await getOidcConfig() } } return context } +async function getOidcConfig() { + // Check for the OIDC environment variables first + let issuer = process.env.OIDC_ISSUER + let client = process.env.OIDC_CLIENT + let secret = process.env.OIDC_SECRET + + if (!issuer || !client || !secret) { + const config = await getConfig() + issuer = config.oidc?.issuer + client = config.oidc?.client_id + secret = config.oidc?.client_secret + } + + // If atleast one is defined but not all 3, throw an error + if ((issuer || client || secret) && !(issuer && client && secret)) { + throw new Error('OIDC configuration is incomplete') + } + + if (!issuer || !client || !secret) { + return + } + + return { issuer, client, secret } +} + async function getHeadscaleUrl() { if (process.env.HEADSCALE_URL) { return process.env.HEADSCALE_URL