mirror of
https://github.com/ajnart/homarr.git
synced 2026-02-27 17:00:54 +01:00
dc75ffb9e6
* wip: sso * feat: add ldap client and provider * feat: implement login form * feat: finish sso * fix: lint and format issue * chore: address pull request feedback * fix: build not working * fix: oidc is redirected to internal docker container hostname * fix: build not working * refactor: migrate to ldapts * fix: format and frozen lock file * fix: deepsource issues * fix: unit tests for ldap authorization not working * refactor: remove unnecessary args from dockerfile * chore: address pull request feedback * fix: use console instead of logger in auth env.mjs * fix: default value for auth provider of wrong type * fix: broken lock file * fix: format issue
63 lines
2.1 KiB
TypeScript
63 lines
2.1 KiB
TypeScript
import type { ReadonlyHeaders } from "next/dist/server/web/spec-extension/adapters/headers";
|
|
import { cookies } from "next/headers";
|
|
import NextAuth from "next-auth";
|
|
import Credentials from "next-auth/providers/credentials";
|
|
|
|
import { db } from "@homarr/db";
|
|
|
|
import { adapter } from "./adapter";
|
|
import { createSessionCallback, createSignInCallback } from "./callbacks";
|
|
import { createCredentialsConfiguration } from "./providers/credentials/credentials-provider";
|
|
import { EmptyNextAuthProvider } from "./providers/empty/empty-provider";
|
|
import { filterProviders } from "./providers/filter-providers";
|
|
import { OidcProvider } from "./providers/oidc/oidc-provider";
|
|
import { createRedirectUri } from "./redirect";
|
|
import { sessionMaxAgeInSeconds, sessionTokenCookieName } from "./session";
|
|
|
|
export const createConfiguration = (isCredentialsRequest: boolean, headers: ReadonlyHeaders | null) =>
|
|
NextAuth({
|
|
logger: {
|
|
error: (code, ...message) => {
|
|
// Remove the big error message for failed login attempts
|
|
// as it is not useful for the user.
|
|
if (code.name === "CredentialsSignin") {
|
|
console.warn("The login attempt of a user was not successful.");
|
|
return;
|
|
}
|
|
|
|
console.error(code, ...message);
|
|
},
|
|
},
|
|
trustHost: true,
|
|
adapter,
|
|
providers: filterProviders([
|
|
Credentials(createCredentialsConfiguration(db)),
|
|
EmptyNextAuthProvider(),
|
|
OidcProvider(headers),
|
|
]),
|
|
callbacks: {
|
|
session: createSessionCallback(db),
|
|
signIn: createSignInCallback(adapter, isCredentialsRequest),
|
|
},
|
|
redirectProxyUrl: createRedirectUri(headers, "/api/auth"),
|
|
secret: "secret-is-not-defined-yet", // TODO: This should be added later
|
|
session: {
|
|
strategy: "database",
|
|
maxAge: sessionMaxAgeInSeconds,
|
|
},
|
|
pages: {
|
|
signIn: "/auth/login",
|
|
error: "/auth/login",
|
|
},
|
|
jwt: {
|
|
encode() {
|
|
const cookie = cookies().get(sessionTokenCookieName)?.value;
|
|
return cookie ?? "";
|
|
},
|
|
|
|
decode() {
|
|
return null;
|
|
},
|
|
},
|
|
});
|