( options: SetupForwardAuthOptions, )
| 47 | }; |
| 48 | |
| 49 | export const buildForwardAuthEnv = ( |
| 50 | options: SetupForwardAuthOptions, |
| 51 | ): string[] => { |
| 52 | const { oidc, cookieSecret, authDomain, baseDomain, authDomainHttps } = |
| 53 | options; |
| 54 | const scheme = authDomainHttps ? "https" : "http"; |
| 55 | const emailDomains = |
| 56 | options.emailDomains && options.emailDomains.length > 0 |
| 57 | ? options.emailDomains |
| 58 | : ["*"]; |
| 59 | |
| 60 | const env: string[] = [ |
| 61 | "OAUTH2_PROXY_PROVIDER=oidc", |
| 62 | `OAUTH2_PROXY_OIDC_ISSUER_URL=${oidc.issuer}`, |
| 63 | `OAUTH2_PROXY_CLIENT_ID=${oidc.clientId}`, |
| 64 | `OAUTH2_PROXY_CLIENT_SECRET=${oidc.clientSecret}`, |
| 65 | `OAUTH2_PROXY_COOKIE_SECRET=${cookieSecret}`, |
| 66 | `OAUTH2_PROXY_HTTP_ADDRESS=0.0.0.0:${FORWARD_AUTH_PORT}`, |
| 67 | "OAUTH2_PROXY_REVERSE_PROXY=true", |
| 68 | "OAUTH2_PROXY_SKIP_PROVIDER_BUTTON=true", |
| 69 | "OAUTH2_PROXY_SET_XAUTHREQUEST=true", |
| 70 | "OAUTH2_PROXY_UPSTREAMS=static://202", |
| 71 | `OAUTH2_PROXY_REDIRECT_URL=${scheme}://${authDomain}/oauth2/callback`, |
| 72 | `OAUTH2_PROXY_COOKIE_DOMAINS=${baseDomain}`, |
| 73 | `OAUTH2_PROXY_WHITELIST_DOMAINS=${baseDomain}`, |
| 74 | `OAUTH2_PROXY_COOKIE_SECURE=${authDomainHttps ? "true" : "false"}`, |
| 75 | "OAUTH2_PROXY_INSECURE_OIDC_ALLOW_UNVERIFIED_EMAIL=true", |
| 76 | `OAUTH2_PROXY_EMAIL_DOMAINS=${emailDomains.join(",")}`, |
| 77 | ]; |
| 78 | |
| 79 | const scopes = oidc.scopes?.length |
| 80 | ? oidc.scopes |
| 81 | : ["openid", "email", "profile"]; |
| 82 | env.push(`OAUTH2_PROXY_SCOPE=${scopes.join(" ")}`); |
| 83 | |
| 84 | if (oidc.skipDiscovery) { |
| 85 | env.push("OAUTH2_PROXY_SKIP_OIDC_DISCOVERY=true"); |
| 86 | } |
| 87 | |
| 88 | return env; |
| 89 | }; |
| 90 | |
| 91 | export const setupForwardAuth = async (options: SetupForwardAuthOptions) => { |
| 92 | const { serverId } = options; |
no outgoing calls
no test coverage detected