dennii/dbgate
1
0
Fork 0
mirror of https://github.com/DeNNiiInc/dbgate.git synced 2026-04-29 12:14:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #779 from Shah-Panam/Oauth-Allowed-Groups

Browse Source 
Added OAuth Allowed Groups Option
This commit is contained in:
Jan Prochazka
2024-05-20 15:08:58 +02:00
committed by GitHub
parent 781ee15304 9839dc795b
commit 2678daab4d
1 changed files with 18 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
packages/api/src/controllers/auth.js
View File

@@ -90,6 +90,24 @@ module.exports = {
) { ) {
return { error: `Username ${login} not allowed to log in` }; return { error: `Username ${login} not allowed to log in` };
} }
const groups =
process.env.OAUTH_GROUP_FIELD && payload && payload[process.env.OAUTH_GROUP_FIELD]
? payload[process.env.OAUTH_GROUP_FIELD]
: [];
const allowedGroups =
process.env.OAUTH_ALLOWED_GROUPS
? process.env.OAUTH_ALLOWED_GROUPS.split(',').map(group => group.toLowerCase().trim())
: [];
if (
process.env.OAUTH_ALLOWED_GROUPS &&
!groups.some(group => allowedGroups.includes(group.toLowerCase().trim()))
) {
return { error: `Username ${login} does not belong to an allowed group` };
}
if (access_token) { if (access_token) {
return { return {
accessToken: jwt.sign({ login }, tokenSecret, { expiresIn: getTokenLifetime() }), accessToken: jwt.sign({ login }, tokenSecret, { expiresIn: getTokenLifetime() }),