gaschz/trilium
1
0
Fork 0
mirror of https://github.com/zadam/trilium.git synced 2025-11-18 06:24:30 +01:00
Code Issues Actions 11 Packages Projects Releases Wiki Activity
trilium/apps/server/src/services/open_id.ts
Elian Doran b2af043110
chore(nx/server): move source code
2025-04-22 17:16:41 +03:00

155 lines
4.3 KiB
TypeScript
Raw Blame History

import type { NextFunction, Request, Response } from "express";
import openIDEncryption from "./encryption/open_id_encryption.js";
import sqlInit from "./sql_init.js";
import options from "./options.js";
import type { Session } from "express-openid-connect";
import sql from "./sql.js";
import config from "./config.js";
function checkOpenIDConfig() {
let missingVars: string[] = []
if (config.MultiFactorAuthentication.oauthBaseUrl === "") {
missingVars.push("oauthBaseUrl");
}
if (config.MultiFactorAuthentication.oauthClientId === "") {
missingVars.push("oauthClientId");
}
if (config.MultiFactorAuthentication.oauthClientSecret === "") {
missingVars.push("oauthClientSecret");
}
return missingVars;
}
function isOpenIDEnabled() {
return !(checkOpenIDConfig().length > 0) && options.getOptionOrNull('mfaMethod') === 'oauth';
}
function isUserSaved() {
const data = sql.getValue<string>("SELECT isSetup FROM user_data;");
return data === "true" ? true : false;
}
function getUsername() {
const username = sql.getValue<string>("SELECT username FROM user_data;");
return username;
}
function getUserEmail() {
const email = sql.getValue<string>("SELECT email FROM user_data;");
return email;
}
function clearSavedUser() {
sql.execute("DELETE FROM user_data");
options.setOption("userSubjectIdentifierSaved", false);
return {
success: true,
message: "Account data removed."
};
}
function getOAuthStatus() {
return {
success: true,
name: getUsername(),
email: getUserEmail(),
enabled: isOpenIDEnabled(),
missingVars: checkOpenIDConfig()
};
}
function isTokenValid(req: Request, res: Response, next: NextFunction) {
const userStatus = openIDEncryption.isSubjectIdentifierSaved();
if (req.oidc !== undefined) {
const result = req.oidc
.fetchUserInfo()
.then((result) => {
return {
success: true,
message: "Token is valid",
user: userStatus,
};
})
.catch((result) => {
return {
success: false,
message: "Token is not valid",
user: userStatus,
};
});
return result;
} else {
return {
success: false,
message: "Token not set up",
user: userStatus,
};
}
}
function generateOAuthConfig() {
const authRoutes = {
callback: "/callback",
login: "/authenticate",
postLogoutRedirect: "/login",
logout: "/logout",
};
const logoutParams = {
};
const authConfig = {
authRequired: false,
auth0Logout: false,
baseURL: config.MultiFactorAuthentication.oauthBaseUrl,
clientID: config.MultiFactorAuthentication.oauthClientId,
issuerBaseURL: "https://accounts.google.com",
secret: config.MultiFactorAuthentication.oauthClientSecret,
clientSecret: config.MultiFactorAuthentication.oauthClientSecret,
authorizationParams: {
response_type: "code",
scope: "openid profile email",
access_type: "offline",
prompt: "consent",
state: "random_state_" + Math.random().toString(36).substring(2)
},
routes: authRoutes,
idpLogout: true,
logoutParams: logoutParams,
afterCallback: async (req: Request, res: Response, session: Session) => {
if (!sqlInit.isDbInitialized()) return session;
if (!req.oidc.user) {
console.log("user invalid!");
return session;
}
openIDEncryption.saveUser(
req.oidc.user.sub.toString(),
req.oidc.user.name.toString(),
req.oidc.user.email.toString()
);
req.session.loggedIn = true;
req.session.lastAuthState = {
totpEnabled: false,
ssoEnabled: true
};
return session;
},
};
return authConfig;
}
export default {
generateOAuthConfig,
getOAuthStatus,
isOpenIDEnabled,
clearSavedUser,
isTokenValid,
isUserSaved,
};
Reference in New Issue View Git Blame Copy Permalink