MCPcopy
hub / github.com/Dokploy/dokploy / buildForwardAuthEnv

Function buildForwardAuthEnv

packages/server/src/setup/forward-auth-setup.ts:49–89  ·  view source on GitHub ↗
(
	options: SetupForwardAuthOptions,
)

Source from the content-addressed store, hash-verified

47};
48
49export const buildForwardAuthEnv = (
50 options: SetupForwardAuthOptions,
51): string[] => {
52 const { oidc, cookieSecret, authDomain, baseDomain, authDomainHttps } =
53 options;
54 const scheme = authDomainHttps ? "https" : "http";
55 const emailDomains =
56 options.emailDomains && options.emailDomains.length > 0
57 ? options.emailDomains
58 : ["*"];
59
60 const env: string[] = [
61 "OAUTH2_PROXY_PROVIDER=oidc",
62 `OAUTH2_PROXY_OIDC_ISSUER_URL=${oidc.issuer}`,
63 `OAUTH2_PROXY_CLIENT_ID=${oidc.clientId}`,
64 `OAUTH2_PROXY_CLIENT_SECRET=${oidc.clientSecret}`,
65 `OAUTH2_PROXY_COOKIE_SECRET=${cookieSecret}`,
66 `OAUTH2_PROXY_HTTP_ADDRESS=0.0.0.0:${FORWARD_AUTH_PORT}`,
67 "OAUTH2_PROXY_REVERSE_PROXY=true",
68 "OAUTH2_PROXY_SKIP_PROVIDER_BUTTON=true",
69 "OAUTH2_PROXY_SET_XAUTHREQUEST=true",
70 "OAUTH2_PROXY_UPSTREAMS=static://202",
71 `OAUTH2_PROXY_REDIRECT_URL=${scheme}://${authDomain}/oauth2/callback`,
72 `OAUTH2_PROXY_COOKIE_DOMAINS=${baseDomain}`,
73 `OAUTH2_PROXY_WHITELIST_DOMAINS=${baseDomain}`,
74 `OAUTH2_PROXY_COOKIE_SECURE=${authDomainHttps ? "true" : "false"}`,
75 "OAUTH2_PROXY_INSECURE_OIDC_ALLOW_UNVERIFIED_EMAIL=true",
76 `OAUTH2_PROXY_EMAIL_DOMAINS=${emailDomains.join(",")}`,
77 ];
78
79 const scopes = oidc.scopes?.length
80 ? oidc.scopes
81 : ["openid", "email", "profile"];
82 env.push(`OAUTH2_PROXY_SCOPE=${scopes.join(" ")}`);
83
84 if (oidc.skipDiscovery) {
85 env.push("OAUTH2_PROXY_SKIP_OIDC_DISCOVERY=true");
86 }
87
88 return env;
89};
90
91export const setupForwardAuth = async (options: SetupForwardAuthOptions) => {
92 const { serverId } = options;

Callers 2

setupForwardAuthFunction · 0.85

Calls

no outgoing calls

Tested by

no test coverage detected