Add authentication from upstream providers (#107)
All checks were successful
continuous-integration/drone/push Build is passing

Let BasicOIDC delegate authentication to upstream providers (Google, GitHub, GitLab, Keycloak...)

Reviewed-on: #107
This commit is contained in:
2023-04-27 10:10:28 +00:00
parent 4f7c56a4b8
commit 9b18b787a9
39 changed files with 1740 additions and 189 deletions

View File

@ -12,6 +12,7 @@ use actix_web::{get, middleware, web, App, HttpResponse, HttpServer};
use basic_oidc::actors::bruteforce_actor::BruteForceActor;
use basic_oidc::actors::openid_sessions_actor::OpenIDSessionsActor;
use basic_oidc::actors::providers_states_actor::ProvidersStatesActor;
use basic_oidc::actors::users_actor::{UsersActor, UsersSyncBackend};
use basic_oidc::constants::*;
use basic_oidc::controllers::assets_controller::assets_route;
@ -20,6 +21,7 @@ use basic_oidc::data::app_config::AppConfig;
use basic_oidc::data::client::ClientManager;
use basic_oidc::data::entity_manager::EntityManager;
use basic_oidc::data::jwt_signer::JWTSigner;
use basic_oidc::data::provider::ProvidersManager;
use basic_oidc::data::user::User;
use basic_oidc::data::webauthn_manager::WebAuthManager;
use basic_oidc::middlewares::auth_middleware::AuthMiddleware;
@ -68,6 +70,7 @@ async fn main() -> std::io::Result<()> {
let users_actor = UsersActor::new(users).start();
let bruteforce_actor = BruteForceActor::default().start();
let providers_states_actor = ProvidersStatesActor::default().start();
let openid_sessions_actor = OpenIDSessionsActor::default().start();
let jwt_signer = JWTSigner::gen_from_memory().expect("Failed to generate JWKS key");
let webauthn_manager = Arc::new(WebAuthManager::init(config));
@ -77,6 +80,11 @@ async fn main() -> std::io::Result<()> {
clients.apply_environment_variables();
let clients = Arc::new(clients);
let mut providers = ProvidersManager::open_or_create(config.providers_file())
.expect("Failed to load providers list!");
providers.apply_environment_variables();
let providers = Arc::new(providers);
log::info!("Server will listen on {}", config.listen_address);
let listen_address = config.listen_address.to_string();
@ -99,8 +107,10 @@ async fn main() -> std::io::Result<()> {
App::new()
.app_data(web::Data::new(users_actor.clone()))
.app_data(web::Data::new(bruteforce_actor.clone()))
.app_data(web::Data::new(providers_states_actor.clone()))
.app_data(web::Data::new(openid_sessions_actor.clone()))
.app_data(web::Data::new(clients.clone()))
.app_data(web::Data::new(providers.clone()))
.app_data(web::Data::new(jwt_signer.clone()))
.app_data(web::Data::new(webauthn_manager.clone()))
.wrap(
@ -110,7 +120,7 @@ async fn main() -> std::io::Result<()> {
.wrap(AuthMiddleware {})
.wrap(identity_middleware)
.wrap(session_mw)
// main route
// Main route
.route(
"/",
web::get().to(|| async {
@ -120,7 +130,7 @@ async fn main() -> std::io::Result<()> {
}),
)
.route("/robots.txt", web::get().to(assets_controller::robots_txt))
// health route
// Health route
.service(health)
// Assets serving
.route("/assets/{path:.*}", web::get().to(assets_route))
@ -151,6 +161,15 @@ async fn main() -> std::io::Result<()> {
"/login/api/auth_webauthn",
web::post().to(login_api::auth_webauthn),
)
// Providers controller
.route(
"/login_with_prov",
web::get().to(providers_controller::start_login),
)
.route(
OIDC_PROVIDER_CB_URI,
web::get().to(providers_controller::finish_login),
)
// Settings routes
.route(
"/settings",
@ -207,6 +226,10 @@ async fn main() -> std::io::Result<()> {
"/admin/clients",
web::get().to(admin_controller::clients_route),
)
.route(
"/admin/providers",
web::get().to(admin_controller::providers_route),
)
.route("/admin/users", web::get().to(admin_controller::users_route))
.route(
"/admin/users",