starred/unifi-voucher-site-glenndehaan-4
1
0
Fork 0
mirror of https://github.com/glenndehaan/unifi-voucher-site.git synced 2026-04-05 08:53:53 -04:00
Code Issues Packages Projects Releases Wiki Activity

Implemented the 'AUTH_INTERNAL_ENABLED' and 'AUTH_OIDC_ENABLED' environment variables. Removed complex if structures with 'AUTH_OIDC_ENABLED' checks. Updated README.md

Browse Source
This commit is contained in:
Glenn de Haan
2024-10-03 10:34:54 +02:00
parent 5c069f1c34
commit 0dc4562ad8
7 changed files with 27 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
README.md
View File

@@ -77,10 +77,14 @@ services:
UNIFI_SSID: ''
# The UniFi SSID WPA/WPA2/WPA3 Password (Can be ignored for 'Open' networks) (Used within templating and 'Scan to Connect')
UNIFI_SSID_PASSWORD: ''
# Toggle to enable/disable internal authentication
AUTH_INTERNAL_ENABLED: 'true'
# The password used to log in to the voucher portal Web UI
AUTH_INTERNAL_PASSWORD: '0000'
# The Bearer token used for the API
AUTH_TOKEN: '00000000-0000-0000-0000-000000000000'
# Toggle to enable/disable OIDC authentication
AUTH_OIDC_ENABLED: 'false'
# OIDC issuer base url provided by oauth provider. Example: https://auth.example.com/.well-known/openid-configuration
AUTH_OIDC_ISSUER_BASE_URL: ''
# OIDC UniFi Voucher base url (This application). Example: https://voucher.example.com
@@ -282,6 +286,8 @@ By default, the UniFi Voucher Site uses an internal authentication method. You c
AUTH_INTERNAL_PASSWORD: '0000'
```
> To enable/disable internal authentication use the `AUTH_INTERNAL_ENABLED` environment variable
### 2. OpenID Connect (OIDC) Authentication
The UniFi Voucher Site allows seamless integration with OpenID Connect (OIDC), enabling users to authenticate through their preferred identity provider (IdP). Configuration is easy using environment variables to align with your existing OIDC provider.
@@ -290,6 +296,9 @@ The UniFi Voucher Site allows seamless integration with OpenID Connect (OIDC), e
To enable OIDC authentication, set the following environment variables in your applications environment:
- **`AUTH_OIDC_ENABLED`**:
Toggle to enable/disable OIDC authentication. Set this value to `true` to enable OIDC authentication. (Default: `false`)
- **`AUTH_OIDC_ISSUER_BASE_URL`**:
The base URL of your OIDC provider. This is typically the URL where the well-known OIDC configuration is hosted (e.g., `https://auth.example.com/.well-known/openid-configuration`).
@@ -348,7 +357,7 @@ Below is a list of tested Identity Providers (IdPs) with detailed integration in
### 3. Disabling Authentication
If you prefer not to use authentication for the web service, you can disable it entirely by setting the `AUTH_DISABLE` environment variable.
If you prefer not to use any authentication for the web and api service, you can disable it entirely by setting the `AUTH_DISABLE` environment variable.
```env
AUTH_DISABLE: 'true'

2
docker-compose.yml
View File

@@ -12,8 +12,10 @@ services:
UNIFI_SITE_ID: 'default'
UNIFI_SSID: ''
UNIFI_SSID_PASSWORD: ''
AUTH_INTERNAL_ENABLED: 'true'
AUTH_INTERNAL_PASSWORD: '0000'
AUTH_TOKEN: '00000000-0000-0000-0000-000000000000'
AUTH_OIDC_ENABLED: 'false'
AUTH_OIDC_ISSUER_BASE_URL: ''
AUTH_OIDC_APP_BASE_URL: ''
AUTH_OIDC_CLIENT_ID: ''

4
middlewares/authorization.js
View File

@@ -25,7 +25,7 @@ module.exports = {
*/
web: async (req, res, next) => {
// Check if authentication is enabled & OIDC is disabled
if(!variables.authDisabled && (variables.authOidcIssuerBaseUrl === '' && variables.authOidcAppBaseUrl === '' && variables.authOidcClientId === '')) {
if(!variables.authDisabled && !variables.authOidcEnabled) {
// Check if user has an existing authorization cookie
if (!req.cookies.authorization) {
res.redirect(302, `${req.headers['x-ingress-path'] ? req.headers['x-ingress-path'] : ''}/login`);
@@ -46,7 +46,7 @@ module.exports = {
}
// Check if authentication is enabled & OIDC is enabled
if(!variables.authDisabled && (variables.authOidcIssuerBaseUrl !== '' && variables.authOidcAppBaseUrl !== '' && variables.authOidcClientId !== '')) {
if(!variables.authDisabled && variables.authOidcEnabled) {
const middleware = oidc.requiresAuth();
return middleware(req, res, next);
}

4
modules/info.js
View File

@@ -72,12 +72,12 @@ module.exports = () => {
/**
* Log auth status
*/
log.info(`[Auth] ${variables.authDisabled ? 'Disabled!' : `Enabled! Type: ${(variables.authOidcIssuerBaseUrl !== '' || variables.authOidcAppBaseUrl !== '' || variables.authOidcClientId !== '') ? 'OIDC' : 'Internal'}`}`);
log.info(`[Auth] ${variables.authDisabled ? 'Disabled!' : `Enabled! Type: ${variables.authOidcEnabled ? 'OIDC' : 'Internal'}`}`);
/**
* Verify OIDC configuration
*/
if(variables.authOidcIssuerBaseUrl !== '' && (variables.authOidcAppBaseUrl === '' || variables.authOidcClientId === '' || variables.authOidcClientSecret === '')) {
if(variables.authOidcEnabled && (variables.authOidcIssuerBaseUrl === '' || variables.authOidcAppBaseUrl === '' || variables.authOidcClientId === '' || variables.authOidcClientSecret === '')) {
log.error(`[OIDC] Incorrect Configuration Detected!. Verify 'AUTH_OIDC_ISSUER_BASE_URL', 'AUTH_OIDC_APP_BASE_URL', 'AUTH_OIDC_CLIENT_ID' and 'AUTH_OIDC_CLIENT_SECRET' are set! Authentication will be unstable or disabled until issue is resolved!`);
}

2
modules/variables.js
View File

@@ -18,8 +18,10 @@ module.exports = {
voucherCustom: config('voucher_custom') !== null ? config('voucher_custom') : process.env.VOUCHER_CUSTOM ? process.env.VOUCHER_CUSTOM !== 'false' : true,
serviceWeb: config('service_web') || process.env.SERVICE_WEB ? process.env.SERVICE_WEB !== 'false' : true,
serviceApi: config('service_api') || (process.env.SERVICE_API === 'true') || false,
authInternalEnabled: config('auth_internal_enabled') || process.env.AUTH_INTERNAL_ENABLED ? process.env.AUTH_INTERNAL_ENABLED !== 'false' : true,
authInternalPassword: config('auth_internal_password') || process.env.AUTH_INTERNAL_PASSWORD || '0000',
authToken: config('auth_token') || process.env.AUTH_TOKEN || '00000000-0000-0000-0000-000000000000',
authOidcEnabled: config('auth_oidc_enabled') || (process.env.AUTH_OIDC_ENABLED === 'true') || false,
authOidcIssuerBaseUrl: config('auth_oidc_issuer_base_url') || process.env.AUTH_OIDC_ISSUER_BASE_URL || '',
authOidcAppBaseUrl: config('auth_oidc_app_base_url') || process.env.AUTH_OIDC_APP_BASE_URL || '',
authOidcClientId: config('auth_oidc_client_id') || process.env.AUTH_OIDC_CLIENT_ID || '',

6
server.js
View File

@@ -48,7 +48,7 @@ info();
/**
* Initialize JWT
*/
if(!variables.authDisabled && (variables.authOidcIssuerBaseUrl === '' && variables.authOidcAppBaseUrl === '' && variables.authOidcClientId === '')) {
if(!variables.authDisabled && !variables.authOidcEnabled) {
jwt.init();
}
@@ -87,7 +87,7 @@ app.use((req, res, next) => {
/**
* Initialize OIDC
*/
if(!variables.authDisabled && (variables.authOidcIssuerBaseUrl !== '' && variables.authOidcAppBaseUrl !== '' && variables.authOidcClientId !== '')) {
if(!variables.authDisabled && variables.authOidcEnabled) {
oidc.init(app);
}
@@ -124,7 +124,7 @@ app.get('/', (req, res) => {
// Check if web service is enabled
if(variables.serviceWeb) {
if(variables.authOidcIssuerBaseUrl === '' && variables.authOidcAppBaseUrl === '' && variables.authOidcClientId === '') {
if(!variables.authOidcEnabled) {
app.get('/login', (req, res) => {
// Check if authentication is disabled
if (variables.authDisabled) {

12
utils/status.js
View File

@@ -90,18 +90,18 @@ module.exports = () => {
modules: {
internal: {
status: {
text: (!variables.authDisabled && variables.authOidcIssuerBaseUrl === '' && variables.authOidcAppBaseUrl === '' && variables.authOidcClientId === '') ? 'Enabled' : 'Disabled',
state: (!variables.authDisabled && variables.authOidcIssuerBaseUrl === '' && variables.authOidcAppBaseUrl === '' && variables.authOidcClientId === '') ? 'green' : 'red'
text: (!variables.authDisabled && !variables.authOidcEnabled) ? 'Enabled' : 'Disabled',
state: (!variables.authDisabled && !variables.authOidcEnabled) ? 'green' : 'red'
},
details: (!variables.authDisabled && variables.authOidcIssuerBaseUrl === '' && variables.authOidcAppBaseUrl === '' && variables.authOidcClientId === '') ? 'Internal Authentication enabled.' : 'Internal Authentication not enabled.',
details: (!variables.authDisabled && !variables.authOidcEnabled) ? 'Internal Authentication enabled.' : 'Internal Authentication not enabled.',
info: 'https://github.com/glenndehaan/unifi-voucher-site#1-internal-authentication-default'
},
oidc: {
status: {
text: (!variables.authDisabled && variables.authOidcIssuerBaseUrl !== '' && variables.authOidcAppBaseUrl !== '' && variables.authOidcClientId !== '') ? 'Enabled' : 'Disabled',
state: (!variables.authDisabled && variables.authOidcIssuerBaseUrl !== '' && variables.authOidcAppBaseUrl !== '' && variables.authOidcClientId !== '') ? 'green' : 'red'
text: (!variables.authDisabled && variables.authOidcEnabled) ? 'Enabled' : 'Disabled',
state: (!variables.authDisabled && variables.authOidcEnabled) ? 'green' : 'red'
},
details: (!variables.authDisabled && variables.authOidcIssuerBaseUrl !== '' && variables.authOidcAppBaseUrl !== '' && variables.authOidcClientId !== '') ? `OIDC Authentication via ${variables.authOidcIssuerBaseUrl}.` : 'OIDC Authentication not enabled.',
details: (!variables.authDisabled && variables.authOidcEnabled) ? `OIDC Authentication via ${variables.authOidcIssuerBaseUrl}.` : 'OIDC Authentication not enabled.',
info: 'https://github.com/glenndehaan/unifi-voucher-site#2-openid-connect-oidc-authentication'
}
}