Merge pull request #770 from michael-pattern/feat/763/per-user_permissions_when_using_oauth

feat: per-user permissions when using oauth
2024-11-07 20:26:23 +00:00 · 2024-05-09 14:20:12 +02:00 · 2024-05-09 14:20:12 +02:00 · 39cdaf88f4
commit 39cdaf88f4
parent 52c77031c5 696d870c2f
3 changed files with 10 additions and 3 deletions
--- a/packages/api/src/controllers/auth.js
+++ b/packages/api/src/controllers/auth.js
@ -137,7 +137,7 @@ module.exports = {
      return { error: 'Logins not configured' };
    }
    const foundLogin = logins.find(x => x.login == login);
-    if (foundLogin && foundLogin.password == password) {
+    if (foundLogin && foundLogin.password && foundLogin.password == password) {
      return {
        accessToken: jwt.sign({ login }, tokenSecret, { expiresIn: getTokenLifetime() }),
      };
--- a/packages/api/src/main.js
+++ b/packages/api/src/main.js
@ -48,7 +48,7 @@ function start() {
  if (logins && process.env.BASIC_AUTH) {
    app.use(
      basicAuth({
-        users: _.fromPairs(logins.map(x => [x.login, x.password])),
+        users: _.fromPairs(logins.filter(x => x.password).map(x => [x.login, x.password])),
        challenge: true,
        realm: 'DbGate Web App',
      })
--- a/packages/api/src/utility/hasPermission.js
+++ b/packages/api/src/utility/hasPermission.js
@ -39,7 +39,7 @@ function getLogins() {
      permissions: process.env.PERMISSIONS,
    });
  }
-  if (process.env.LOGINS) {
+  if (process.env.LOGINS || process.env.OAUTH_PERMISSIONS) {
    const logins = _.compact(process.env.LOGINS.split(',').map(x => x.trim()));
    for (const login of logins) {
      const password = process.env[`LOGIN_PASSWORD_${login}`];
@ -51,6 +51,13 @@ function getLogins() {
          permissions,
        });
      }
+      if (process.env.OAUTH_PERMISSIONS) {
+        res.push({
+          login,
+          password: null,
+          permissions,
+        })
+      }
    }
  }