0
0
mirror of https://github.com/vx3r/wg-gen-web.git synced 2025-04-01 16:36:52 +00:00

chore: restore default behavior when OAUTH2_ORG is not set

This commit is contained in:
nick lynch-jonely 2024-05-06 22:40:49 -07:00
parent 1c077e3dc0
commit 088da51ada
4 changed files with 17 additions and 4653 deletions

View File

@ -4,16 +4,14 @@ FROM golang:alpine AS build-back
WORKDIR /app
ARG COMMIT
COPY . .
RUN go build -o wg-gen-web-linux github.com/vx3r/wg-gen-web/cmd/wg-gen-web
RUN go build -o wg-gen-web-linux -ldflags="-X 'github.com/vx3r/wg-gen-web/version.Version=${COMMIT}'" github.com/vx3r/wg-gen-web/cmd/wg-gen-web

FROM node:18.13.0-alpine AS build-front
WORKDIR /app
COPY ui/package*.json ./
COPY ui/yarn.lock ./
RUN npm install
COPY ui/ ./
#RUN yarn build --frozen-lockfile --verbose
RUN npm ci
RUN npm run build

FROM alpine
WORKDIR /app

View File

@ -99,17 +99,21 @@ func oauth2Exchange(c *gin.Context) {

cacheDb.Delete(loginVals.ClientId)

// check if user is in org
teamsEnv := os.Getenv("OAUTH2_TEAMS")
var teams []string
if teamsEnv != "" {
teams = strings.Split(teamsEnv, ",")
}
// This is primarily used for github, but can be used for other oauth2 providers where it makes sense.
// Check if user is in org, use OAUTH2_TEAMS if you want to further restrict access within an org. This is optional.
if os.Getenv("OAUTH2_ORG") != "" {

inOrg, err := oauth2Client.CheckMembership(oauth2Token, os.Getenv("OAUTH2_ORG"), teams)
if err != nil || !inOrg {
c.AbortWithStatus(http.StatusForbidden)
return
teamsEnv := os.Getenv("OAUTH2_TEAMS")
var teams []string
if teamsEnv != "" {
teams = strings.Split(teamsEnv, ",")
}

inOrg, err := oauth2Client.CheckMembership(oauth2Token, os.Getenv("OAUTH2_ORG"), teams)
if err != nil || !inOrg {
c.AbortWithStatus(http.StatusForbidden)
return
}
}

cacheDb.Set(oauth2Token.AccessToken, oauth2Token, cache.DefaultExpiration)

View File

@ -51,6 +51,7 @@ func (o *Oauth2idc) CodeUrl(state string) string {

// Check if current user is in given org
func (o *Oauth2idc) CheckMembership(oauth2Token *oauth2.Token, org string, teams []string) (bool, error) {
// TODO: Add real implementation
return false, nil
}


File diff suppressed because it is too large Load Diff