packages/auth/env.ts

import { createEnv } from "@t3-oss/env-nextjs";
import { z } from "zod";

import { createBooleanSchema, createDurationSchema, shouldSkipEnvValidation } from "@homarr/common/env-validation";
import { supportedAuthProviders } from "@homarr/definitions";

const authProvidersSchema = z
  .string()
  .min(1)
  .transform((providers) =>
    providers
      .replaceAll(" ", "")
      .toLowerCase()
      .split(",")
      .filter((provider) => {
        if (supportedAuthProviders.some((supportedProvider) => supportedProvider === provider)) return true;
        else if (!provider)
          console.log("One or more of the entries for AUTH_PROVIDER could not be parsed and/or returned null.");
        else console.log(`The value entered for AUTH_PROVIDER "${provider}" is incorrect.`);
        return false;
      }),
  )
  .default("credentials");

const skipValidation = shouldSkipEnvValidation();
const authProviders = skipValidation ? [] : authProvidersSchema.parse(process.env.AUTH_PROVIDERS);

export const env = createEnv({
  server: {
    AUTH_LOGOUT_REDIRECT_URL: z.string().url().optional(),
    AUTH_SESSION_EXPIRY_TIME: createDurationSchema("30d"),
    AUTH_PROVIDERS: authProvidersSchema,
    ...(authProviders.includes("oidc")
      ? {
          AUTH_OIDC_ISSUER: z.string().url(),
          AUTH_OIDC_CLIENT_ID: z.string().min(1),
          AUTH_OIDC_CLIENT_SECRET: z.string().min(1),
          AUTH_OIDC_CLIENT_NAME: z.string().min(1).default("OIDC"),
          AUTH_OIDC_AUTO_LOGIN: createBooleanSchema(false),
          AUTH_OIDC_SCOPE_OVERWRITE: z.string().min(1).default("openid email profile groups"),
          AUTH_OIDC_GROUPS_ATTRIBUTE: z.string().default("groups"), // Is used in the signIn event to assign the correct groups, key is from object of decoded id_token
          AUTH_OIDC_NAME_ATTRIBUTE_OVERWRITE: z.string().optional(),
        }
      : {}),
    ...(authProviders.includes("ldap")
      ? {
          AUTH_LDAP_URI: z.string().url(),
          AUTH_LDAP_BIND_DN: z.string(),
          AUTH_LDAP_BIND_PASSWORD: z.string(),
          AUTH_LDAP_BASE: z.string(),
          AUTH_LDAP_SEARCH_SCOPE: z.enum(["base", "one", "sub"]).default("base"),
          AUTH_LDAP_USERNAME_ATTRIBUTE: z.string().default("uid"),
          AUTH_LDAP_USER_MAIL_ATTRIBUTE: z.string().default("mail"),
          AUTH_LDAP_USERNAME_FILTER_EXTRA_ARG: z.string().optional(),
          AUTH_LDAP_GROUP_CLASS: z.string().default("groupOfUniqueNames"),
          AUTH_LDAP_GROUP_MEMBER_ATTRIBUTE: z.string().default("member"),
          AUTH_LDAP_GROUP_MEMBER_USER_ATTRIBUTE: z.string().default("dn"),
          AUTH_LDAP_GROUP_FILTER_EXTRA_ARG: z.string().optional(),
        }
      : {}),
  },
  client: {},
  runtimeEnv: {
    AUTH_LOGOUT_REDIRECT_URL: process.env.AUTH_LOGOUT_REDIRECT_URL,
    AUTH_SESSION_EXPIRY_TIME: process.env.AUTH_SESSION_EXPIRY_TIME,
    AUTH_PROVIDERS: process.env.AUTH_PROVIDERS,
    AUTH_LDAP_BASE: process.env.AUTH_LDAP_BASE,
    AUTH_LDAP_BIND_DN: process.env.AUTH_LDAP_BIND_DN,
    AUTH_LDAP_BIND_PASSWORD: process.env.AUTH_LDAP_BIND_PASSWORD,
    AUTH_LDAP_GROUP_CLASS: process.env.AUTH_LDAP_GROUP_CLASS,
    AUTH_LDAP_GROUP_FILTER_EXTRA_ARG: process.env.AUTH_LDAP_GROUP_FILTER_EXTRA_ARG,
    AUTH_LDAP_GROUP_MEMBER_ATTRIBUTE: process.env.AUTH_LDAP_GROUP_MEMBER_ATTRIBUTE,
    AUTH_LDAP_GROUP_MEMBER_USER_ATTRIBUTE: process.env.AUTH_LDAP_GROUP_MEMBER_USER_ATTRIBUTE,
    AUTH_LDAP_SEARCH_SCOPE: process.env.AUTH_LDAP_SEARCH_SCOPE,
    AUTH_LDAP_URI: process.env.AUTH_LDAP_URI,
    AUTH_OIDC_CLIENT_ID: process.env.AUTH_OIDC_CLIENT_ID,
    AUTH_OIDC_CLIENT_NAME: process.env.AUTH_OIDC_CLIENT_NAME,
    AUTH_OIDC_CLIENT_SECRET: process.env.AUTH_OIDC_CLIENT_SECRET,
    AUTH_OIDC_ISSUER: process.env.AUTH_OIDC_ISSUER,
    AUTH_OIDC_SCOPE_OVERWRITE: process.env.AUTH_OIDC_SCOPE_OVERWRITE,
    AUTH_OIDC_GROUPS_ATTRIBUTE: process.env.AUTH_OIDC_GROUPS_ATTRIBUTE,
    AUTH_LDAP_USERNAME_ATTRIBUTE: process.env.AUTH_LDAP_USERNAME_ATTRIBUTE,
    AUTH_LDAP_USER_MAIL_ATTRIBUTE: process.env.AUTH_LDAP_USER_MAIL_ATTRIBUTE,
    AUTH_LDAP_USERNAME_FILTER_EXTRA_ARG: process.env.AUTH_LDAP_USERNAME_FILTER_EXTRA_ARG,
    AUTH_OIDC_AUTO_LOGIN: process.env.AUTH_OIDC_AUTO_LOGIN,
    AUTH_OIDC_NAME_ATTRIBUTE_OVERWRITE: process.env.AUTH_OIDC_NAME_ATTRIBUTE_OVERWRITE,
  },
  skipValidation,
  emptyStringAsUndefined: true,
});
Initial commit 2023-12-08 22:35:15 +01:00			`import { createEnv } from "@t3-oss/env-nextjs";`
			`import { z } from "zod";`

refactor: env validation typescript and common package (#1912) 2025-01-14 19:03:38 +01:00			`import { createBooleanSchema, createDurationSchema, shouldSkipEnvValidation } from "@homarr/common/env-validation";`
			`import { supportedAuthProviders } from "@homarr/definitions";`
feat: add ldap and oidc sso (#500) * wip: sso * feat: add ldap client and provider * feat: implement login form * feat: finish sso * fix: lint and format issue * chore: address pull request feedback * fix: build not working * fix: oidc is redirected to internal docker container hostname * fix: build not working * refactor: migrate to ldapts * fix: format and frozen lock file * fix: deepsource issues * fix: unit tests for ldap authorization not working * refactor: remove unnecessary args from dockerfile * chore: address pull request feedback * fix: use console instead of logger in auth env.mjs * fix: default value for auth provider of wrong type * fix: broken lock file * fix: format issue 2024-07-20 22:23:58 +02:00
			`const authProvidersSchema = z`
			`.string()`
			`.min(1)`
			`.transform((providers) =>`
			`providers`
			`.replaceAll(" ", "")`
			`.toLowerCase()`
			`.split(",")`
			`.filter((provider) => {`
refactor: env validation typescript and common package (#1912) 2025-01-14 19:03:38 +01:00			`if (supportedAuthProviders.some((supportedProvider) => supportedProvider === provider)) return true;`
feat: add ldap and oidc sso (#500) * wip: sso * feat: add ldap client and provider * feat: implement login form * feat: finish sso * fix: lint and format issue * chore: address pull request feedback * fix: build not working * fix: oidc is redirected to internal docker container hostname * fix: build not working * refactor: migrate to ldapts * fix: format and frozen lock file * fix: deepsource issues * fix: unit tests for ldap authorization not working * refactor: remove unnecessary args from dockerfile * chore: address pull request feedback * fix: use console instead of logger in auth env.mjs * fix: default value for auth provider of wrong type * fix: broken lock file * fix: format issue 2024-07-20 22:23:58 +02:00			`else if (!provider)`
			`console.log("One or more of the entries for AUTH_PROVIDER could not be parsed and/or returned null.");`
			else console.log(`The value entered for AUTH_PROVIDER "${provider}" is incorrect.`);
			`return false;`
			`}),`
			`)`
			`.default("credentials");`

refactor: env validation typescript and common package (#1912) 2025-01-14 19:03:38 +01:00			`const skipValidation = shouldSkipEnvValidation();`
feat: add ldap and oidc sso (#500) * wip: sso * feat: add ldap client and provider * feat: implement login form * feat: finish sso * fix: lint and format issue * chore: address pull request feedback * fix: build not working * fix: oidc is redirected to internal docker container hostname * fix: build not working * refactor: migrate to ldapts * fix: format and frozen lock file * fix: deepsource issues * fix: unit tests for ldap authorization not working * refactor: remove unnecessary args from dockerfile * chore: address pull request feedback * fix: use console instead of logger in auth env.mjs * fix: default value for auth provider of wrong type * fix: broken lock file * fix: format issue 2024-07-20 22:23:58 +02:00			`const authProviders = skipValidation ? [] : authProvidersSchema.parse(process.env.AUTH_PROVIDERS);`

Initial commit 2023-12-08 22:35:15 +01:00			`export const env = createEnv({`
			`server: {`
feat: add logout redirect url (#954) * feat: add logout redirect url * fix: format issue 2024-08-09 19:24:07 +02:00			`AUTH_LOGOUT_REDIRECT_URL: z.string().url().optional(),`
feat: add session expiry (#951) 2024-08-09 15:59:00 +02:00			`AUTH_SESSION_EXPIRY_TIME: createDurationSchema("30d"),`
feat: add ldap and oidc sso (#500) * wip: sso * feat: add ldap client and provider * feat: implement login form * feat: finish sso * fix: lint and format issue * chore: address pull request feedback * fix: build not working * fix: oidc is redirected to internal docker container hostname * fix: build not working * refactor: migrate to ldapts * fix: format and frozen lock file * fix: deepsource issues * fix: unit tests for ldap authorization not working * refactor: remove unnecessary args from dockerfile * chore: address pull request feedback * fix: use console instead of logger in auth env.mjs * fix: default value for auth provider of wrong type * fix: broken lock file * fix: format issue 2024-07-20 22:23:58 +02:00			`AUTH_PROVIDERS: authProvidersSchema,`
			`...(authProviders.includes("oidc")`
			`? {`
			`AUTH_OIDC_ISSUER: z.string().url(),`
			`AUTH_OIDC_CLIENT_ID: z.string().min(1),`
			`AUTH_OIDC_CLIENT_SECRET: z.string().min(1),`
			`AUTH_OIDC_CLIENT_NAME: z.string().min(1).default("OIDC"),`
refactor: env validation typescript and common package (#1912) 2025-01-14 19:03:38 +01:00			`AUTH_OIDC_AUTO_LOGIN: createBooleanSchema(false),`
feat: add ldap and oidc sso (#500) * wip: sso * feat: add ldap client and provider * feat: implement login form * feat: finish sso * fix: lint and format issue * chore: address pull request feedback * fix: build not working * fix: oidc is redirected to internal docker container hostname * fix: build not working * refactor: migrate to ldapts * fix: format and frozen lock file * fix: deepsource issues * fix: unit tests for ldap authorization not working * refactor: remove unnecessary args from dockerfile * chore: address pull request feedback * fix: use console instead of logger in auth env.mjs * fix: default value for auth provider of wrong type * fix: broken lock file * fix: format issue 2024-07-20 22:23:58 +02:00			`AUTH_OIDC_SCOPE_OVERWRITE: z.string().min(1).default("openid email profile groups"),`
refactor: replace signIn callback with signIn event, adjust getUserByEmail in adapter to check provider (#1223) * refactor: replace signIn callback with signIn event, adjust getUserByEmail in adapter to check provider * test: adjusting tests for adapter and events * docs: add comments for unknown auth provider * fix: missing dayjs import 2024-10-07 21:13:15 +02:00			`AUTH_OIDC_GROUPS_ATTRIBUTE: z.string().default("groups"), // Is used in the signIn event to assign the correct groups, key is from object of decoded id_token`
feat(auth): add env variable for oidc-name-attribute-overwrite (#1850) 2025-01-04 21:49:33 +01:00			`AUTH_OIDC_NAME_ATTRIBUTE_OVERWRITE: z.string().optional(),`
feat: add ldap and oidc sso (#500) * wip: sso * feat: add ldap client and provider * feat: implement login form * feat: finish sso * fix: lint and format issue * chore: address pull request feedback * fix: build not working * fix: oidc is redirected to internal docker container hostname * fix: build not working * refactor: migrate to ldapts * fix: format and frozen lock file * fix: deepsource issues * fix: unit tests for ldap authorization not working * refactor: remove unnecessary args from dockerfile * chore: address pull request feedback * fix: use console instead of logger in auth env.mjs * fix: default value for auth provider of wrong type * fix: broken lock file * fix: format issue 2024-07-20 22:23:58 +02:00			`}`
			`: {}),`
			`...(authProviders.includes("ldap")`
			`? {`
			`AUTH_LDAP_URI: z.string().url(),`
			`AUTH_LDAP_BIND_DN: z.string(),`
			`AUTH_LDAP_BIND_PASSWORD: z.string(),`
			`AUTH_LDAP_BASE: z.string(),`
			`AUTH_LDAP_SEARCH_SCOPE: z.enum(["base", "one", "sub"]).default("base"),`
			`AUTH_LDAP_USERNAME_ATTRIBUTE: z.string().default("uid"),`
			`AUTH_LDAP_USER_MAIL_ATTRIBUTE: z.string().default("mail"),`
			`AUTH_LDAP_USERNAME_FILTER_EXTRA_ARG: z.string().optional(),`
			`AUTH_LDAP_GROUP_CLASS: z.string().default("groupOfUniqueNames"),`
			`AUTH_LDAP_GROUP_MEMBER_ATTRIBUTE: z.string().default("member"),`
			`AUTH_LDAP_GROUP_MEMBER_USER_ATTRIBUTE: z.string().default("dn"),`
			`AUTH_LDAP_GROUP_FILTER_EXTRA_ARG: z.string().optional(),`
			`}`
			`: {}),`
Initial commit 2023-12-08 22:35:15 +01:00			`},`
			`client: {},`
			`runtimeEnv: {`
feat: add logout redirect url (#954) * feat: add logout redirect url * fix: format issue 2024-08-09 19:24:07 +02:00			`AUTH_LOGOUT_REDIRECT_URL: process.env.AUTH_LOGOUT_REDIRECT_URL,`
feat: add session expiry (#951) 2024-08-09 15:59:00 +02:00			`AUTH_SESSION_EXPIRY_TIME: process.env.AUTH_SESSION_EXPIRY_TIME,`
feat: add ldap and oidc sso (#500) * wip: sso * feat: add ldap client and provider * feat: implement login form * feat: finish sso * fix: lint and format issue * chore: address pull request feedback * fix: build not working * fix: oidc is redirected to internal docker container hostname * fix: build not working * refactor: migrate to ldapts * fix: format and frozen lock file * fix: deepsource issues * fix: unit tests for ldap authorization not working * refactor: remove unnecessary args from dockerfile * chore: address pull request feedback * fix: use console instead of logger in auth env.mjs * fix: default value for auth provider of wrong type * fix: broken lock file * fix: format issue 2024-07-20 22:23:58 +02:00			`AUTH_PROVIDERS: process.env.AUTH_PROVIDERS,`
			`AUTH_LDAP_BASE: process.env.AUTH_LDAP_BASE,`
			`AUTH_LDAP_BIND_DN: process.env.AUTH_LDAP_BIND_DN,`
			`AUTH_LDAP_BIND_PASSWORD: process.env.AUTH_LDAP_BIND_PASSWORD,`
			`AUTH_LDAP_GROUP_CLASS: process.env.AUTH_LDAP_GROUP_CLASS,`
			`AUTH_LDAP_GROUP_FILTER_EXTRA_ARG: process.env.AUTH_LDAP_GROUP_FILTER_EXTRA_ARG,`
			`AUTH_LDAP_GROUP_MEMBER_ATTRIBUTE: process.env.AUTH_LDAP_GROUP_MEMBER_ATTRIBUTE,`
			`AUTH_LDAP_GROUP_MEMBER_USER_ATTRIBUTE: process.env.AUTH_LDAP_GROUP_MEMBER_USER_ATTRIBUTE,`
			`AUTH_LDAP_SEARCH_SCOPE: process.env.AUTH_LDAP_SEARCH_SCOPE,`
			`AUTH_LDAP_URI: process.env.AUTH_LDAP_URI,`
			`AUTH_OIDC_CLIENT_ID: process.env.AUTH_OIDC_CLIENT_ID,`
			`AUTH_OIDC_CLIENT_NAME: process.env.AUTH_OIDC_CLIENT_NAME,`
			`AUTH_OIDC_CLIENT_SECRET: process.env.AUTH_OIDC_CLIENT_SECRET,`
			`AUTH_OIDC_ISSUER: process.env.AUTH_OIDC_ISSUER,`
			`AUTH_OIDC_SCOPE_OVERWRITE: process.env.AUTH_OIDC_SCOPE_OVERWRITE,`
refactor: replace signIn callback with signIn event, adjust getUserByEmail in adapter to check provider (#1223) * refactor: replace signIn callback with signIn event, adjust getUserByEmail in adapter to check provider * test: adjusting tests for adapter and events * docs: add comments for unknown auth provider * fix: missing dayjs import 2024-10-07 21:13:15 +02:00			`AUTH_OIDC_GROUPS_ATTRIBUTE: process.env.AUTH_OIDC_GROUPS_ATTRIBUTE,`
feat: add ldap and oidc sso (#500) * wip: sso * feat: add ldap client and provider * feat: implement login form * feat: finish sso * fix: lint and format issue * chore: address pull request feedback * fix: build not working * fix: oidc is redirected to internal docker container hostname * fix: build not working * refactor: migrate to ldapts * fix: format and frozen lock file * fix: deepsource issues * fix: unit tests for ldap authorization not working * refactor: remove unnecessary args from dockerfile * chore: address pull request feedback * fix: use console instead of logger in auth env.mjs * fix: default value for auth provider of wrong type * fix: broken lock file * fix: format issue 2024-07-20 22:23:58 +02:00			`AUTH_LDAP_USERNAME_ATTRIBUTE: process.env.AUTH_LDAP_USERNAME_ATTRIBUTE,`
			`AUTH_LDAP_USER_MAIL_ATTRIBUTE: process.env.AUTH_LDAP_USER_MAIL_ATTRIBUTE,`
			`AUTH_LDAP_USERNAME_FILTER_EXTRA_ARG: process.env.AUTH_LDAP_USERNAME_FILTER_EXTRA_ARG,`
			`AUTH_OIDC_AUTO_LOGIN: process.env.AUTH_OIDC_AUTO_LOGIN,`
feat(auth): add env variable for oidc-name-attribute-overwrite (#1850) 2025-01-04 21:49:33 +01:00			`AUTH_OIDC_NAME_ATTRIBUTE_OVERWRITE: process.env.AUTH_OIDC_NAME_ATTRIBUTE_OVERWRITE,`
Initial commit 2023-12-08 22:35:15 +01:00			`},`
feat: add ldap and oidc sso (#500) * wip: sso * feat: add ldap client and provider * feat: implement login form * feat: finish sso * fix: lint and format issue * chore: address pull request feedback * fix: build not working * fix: oidc is redirected to internal docker container hostname * fix: build not working * refactor: migrate to ldapts * fix: format and frozen lock file * fix: deepsource issues * fix: unit tests for ldap authorization not working * refactor: remove unnecessary args from dockerfile * chore: address pull request feedback * fix: use console instead of logger in auth env.mjs * fix: default value for auth provider of wrong type * fix: broken lock file * fix: format issue 2024-07-20 22:23:58 +02:00			`skipValidation,`
fix: empty env variables should be ignored (#2040) * fix: empty env variables should be ignored * fix: e2e test fails because of empty env variable values 2025-01-21 13:09:49 +01:00			`emptyStringAsUndefined: true,`
Initial commit 2023-12-08 22:35:15 +01:00			`});`