Add authentication from upstream providers (#107)
All checks were successful
continuous-integration/drone/push Build is passing
All checks were successful
continuous-integration/drone/push Build is passing
Let BasicOIDC delegate authentication to upstream providers (Google, GitHub, GitLab, Keycloak...) Reviewed-on: #107
This commit is contained in:
27
src/main.rs
27
src/main.rs
@ -12,6 +12,7 @@ use actix_web::{get, middleware, web, App, HttpResponse, HttpServer};
|
||||
|
||||
use basic_oidc::actors::bruteforce_actor::BruteForceActor;
|
||||
use basic_oidc::actors::openid_sessions_actor::OpenIDSessionsActor;
|
||||
use basic_oidc::actors::providers_states_actor::ProvidersStatesActor;
|
||||
use basic_oidc::actors::users_actor::{UsersActor, UsersSyncBackend};
|
||||
use basic_oidc::constants::*;
|
||||
use basic_oidc::controllers::assets_controller::assets_route;
|
||||
@ -20,6 +21,7 @@ use basic_oidc::data::app_config::AppConfig;
|
||||
use basic_oidc::data::client::ClientManager;
|
||||
use basic_oidc::data::entity_manager::EntityManager;
|
||||
use basic_oidc::data::jwt_signer::JWTSigner;
|
||||
use basic_oidc::data::provider::ProvidersManager;
|
||||
use basic_oidc::data::user::User;
|
||||
use basic_oidc::data::webauthn_manager::WebAuthManager;
|
||||
use basic_oidc::middlewares::auth_middleware::AuthMiddleware;
|
||||
@ -68,6 +70,7 @@ async fn main() -> std::io::Result<()> {
|
||||
|
||||
let users_actor = UsersActor::new(users).start();
|
||||
let bruteforce_actor = BruteForceActor::default().start();
|
||||
let providers_states_actor = ProvidersStatesActor::default().start();
|
||||
let openid_sessions_actor = OpenIDSessionsActor::default().start();
|
||||
let jwt_signer = JWTSigner::gen_from_memory().expect("Failed to generate JWKS key");
|
||||
let webauthn_manager = Arc::new(WebAuthManager::init(config));
|
||||
@ -77,6 +80,11 @@ async fn main() -> std::io::Result<()> {
|
||||
clients.apply_environment_variables();
|
||||
let clients = Arc::new(clients);
|
||||
|
||||
let mut providers = ProvidersManager::open_or_create(config.providers_file())
|
||||
.expect("Failed to load providers list!");
|
||||
providers.apply_environment_variables();
|
||||
let providers = Arc::new(providers);
|
||||
|
||||
log::info!("Server will listen on {}", config.listen_address);
|
||||
let listen_address = config.listen_address.to_string();
|
||||
|
||||
@ -99,8 +107,10 @@ async fn main() -> std::io::Result<()> {
|
||||
App::new()
|
||||
.app_data(web::Data::new(users_actor.clone()))
|
||||
.app_data(web::Data::new(bruteforce_actor.clone()))
|
||||
.app_data(web::Data::new(providers_states_actor.clone()))
|
||||
.app_data(web::Data::new(openid_sessions_actor.clone()))
|
||||
.app_data(web::Data::new(clients.clone()))
|
||||
.app_data(web::Data::new(providers.clone()))
|
||||
.app_data(web::Data::new(jwt_signer.clone()))
|
||||
.app_data(web::Data::new(webauthn_manager.clone()))
|
||||
.wrap(
|
||||
@ -110,7 +120,7 @@ async fn main() -> std::io::Result<()> {
|
||||
.wrap(AuthMiddleware {})
|
||||
.wrap(identity_middleware)
|
||||
.wrap(session_mw)
|
||||
// main route
|
||||
// Main route
|
||||
.route(
|
||||
"/",
|
||||
web::get().to(|| async {
|
||||
@ -120,7 +130,7 @@ async fn main() -> std::io::Result<()> {
|
||||
}),
|
||||
)
|
||||
.route("/robots.txt", web::get().to(assets_controller::robots_txt))
|
||||
// health route
|
||||
// Health route
|
||||
.service(health)
|
||||
// Assets serving
|
||||
.route("/assets/{path:.*}", web::get().to(assets_route))
|
||||
@ -151,6 +161,15 @@ async fn main() -> std::io::Result<()> {
|
||||
"/login/api/auth_webauthn",
|
||||
web::post().to(login_api::auth_webauthn),
|
||||
)
|
||||
// Providers controller
|
||||
.route(
|
||||
"/login_with_prov",
|
||||
web::get().to(providers_controller::start_login),
|
||||
)
|
||||
.route(
|
||||
OIDC_PROVIDER_CB_URI,
|
||||
web::get().to(providers_controller::finish_login),
|
||||
)
|
||||
// Settings routes
|
||||
.route(
|
||||
"/settings",
|
||||
@ -207,6 +226,10 @@ async fn main() -> std::io::Result<()> {
|
||||
"/admin/clients",
|
||||
web::get().to(admin_controller::clients_route),
|
||||
)
|
||||
.route(
|
||||
"/admin/providers",
|
||||
web::get().to(admin_controller::providers_route),
|
||||
)
|
||||
.route("/admin/users", web::get().to(admin_controller::users_route))
|
||||
.route(
|
||||
"/admin/users",
|
||||
|
Reference in New Issue
Block a user