Merge pull request #770 from michael-pattern/feat/763/per-user_permissions_when_using_oauth

feat: per-user permissions when using oauth

packages/api/src/controllers/auth.js

@@ -137,7 +137,7 @@ module.exports = {
       return { error: 'Logins not configured' };
     }
     const foundLogin = logins.find(x => x.login == login);
-    if (foundLogin && foundLogin.password == password) {
+    if (foundLogin && foundLogin.password && foundLogin.password == password) {
       return {
         accessToken: jwt.sign({ login }, tokenSecret, { expiresIn: getTokenLifetime() }),
       };

packages/api/src/main.js

@@ -48,7 +48,7 @@ function start() {
   if (logins && process.env.BASIC_AUTH) {
     app.use(
       basicAuth({
-        users: _.fromPairs(logins.map(x => [x.login, x.password])),
+        users: _.fromPairs(logins.filter(x => x.password).map(x => [x.login, x.password])),
         challenge: true,
         realm: 'DbGate Web App',
       })

packages/api/src/utility/hasPermission.js

@@ -39,7 +39,7 @@ function getLogins() {
       permissions: process.env.PERMISSIONS,
     });
   }
-  if (process.env.LOGINS) {
+  if (process.env.LOGINS || process.env.OAUTH_PERMISSIONS) {
     const logins = _.compact(process.env.LOGINS.split(',').map(x => x.trim()));
     for (const login of logins) {
       const password = process.env[`LOGIN_PASSWORD_${login}`];
@@ -51,6 +51,13 @@ function getLogins() {
           permissions,
         });
       }
+      if (process.env.OAUTH_PERMISSIONS) {
+        res.push({
+          login,
+          password: null,
+          permissions,
+        })
+      }
     }
   }