feat(oidc-auth) Add initOidcAuthMiddleware and avoid mutating environment variables #980
+140
−40
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
🦋 Changeset detectedLatest commit: 0ae0742 The changes in this PR will be included in the next version bump. This PR includes changesets to release 1 package
Not sure what this means? Click here to learn what changesets are. Click here if you're a maintainer who wants to add another changeset to this PR |
|
@hnw would appreciate your review of this PR when you have a chance 🙂 |
rajsite
commented
Mar 5, 2025
|
Merged vitest changes. Would still appreciate a review / feedback @hnw (fyi previous reviewers for oidc-auth @yusukebe @maemaemae3 ) |
BarryThePenguin
approved these changes
Mar 10, 2025
rajsite
changed the title
rajsite
changed the title
maemaemae3
reviewed
Mar 12, 2025
rajsite
changed the title
rajsite
commented
Mar 12, 2025
Comment on lines
+97
to
+130
| if (oidcAuthEnv.OIDC_AUTH_SECRET === undefined) { | ||
| throw new HTTPException(500, { message: 'Session secret is not provided' }) | ||
| } | ||
| if (oidcAuthEnv.OIDC_AUTH_SECRET.length < 32) { | ||
| throw new HTTPException(500, { | ||
| message: 'Session secrets must be at least 32 characters long', | ||
| }) | ||
| } | ||
| if (oidcAuthEnv.OIDC_ISSUER === undefined) { | ||
| throw new HTTPException(500, { message: 'OIDC issuer is not provided' }) | ||
| } | ||
| if (oidcAuthEnv.OIDC_CLIENT_ID === undefined) { | ||
| throw new HTTPException(500, { message: 'OIDC client ID is not provided' }) | ||
| } | ||
| if (oidcAuthEnv.OIDC_CLIENT_SECRET === undefined) { | ||
| throw new HTTPException(500, { message: 'OIDC client secret is not provided' }) | ||
| } | ||
| oidcAuthEnv.OIDC_REDIRECT_URI = oidcAuthEnv.OIDC_REDIRECT_URI ?? defaultOidcRedirectUri | ||
| if (!oidcAuthEnv.OIDC_REDIRECT_URI.startsWith('/')) { | ||
| try { | ||
| new URL(oidcAuthEnv.OIDC_REDIRECT_URI) | ||
| } catch (e) { | ||
| throw new HTTPException(500, { | ||
| message: 'The OIDC redirect URI is invalid. It must be a full URL or an absolute path', | ||
| }) | ||
| } | ||
| } | ||
| oidcAuthEnv.OIDC_COOKIE_PATH = oidcAuthEnv.OIDC_COOKIE_PATH ?? defaultOidcAuthCookiePath | ||
| oidcAuthEnv.OIDC_COOKIE_NAME = oidcAuthEnv.OIDC_COOKIE_NAME ?? defaultOidcAuthCookieName | ||
| oidcAuthEnv.OIDC_AUTH_REFRESH_INTERVAL = | ||
| oidcAuthEnv.OIDC_AUTH_REFRESH_INTERVAL ?? `${defaultRefreshInterval}` | ||
| oidcAuthEnv.OIDC_AUTH_EXPIRES = oidcAuthEnv.OIDC_AUTH_EXPIRES ?? `${defaultExpirationInterval}` | ||
| oidcAuthEnv.OIDC_SCOPES = oidcAuthEnv.OIDC_SCOPES ?? '' | ||
| c.set('oidcAuthEnv', oidcAuthEnv) |
There was a problem hiding this comment.
This logic is unchanged, just moved
rajsite
commented
Mar 12, 2025
| if (currentOidcAuthEnv !== undefined) { | ||
| throw new HTTPException(500, { message: 'OIDC Auth env is already configured' }) | ||
| } | ||
| const ev = env<Readonly<OidcAuthEnv>>(c) |
There was a problem hiding this comment.
Changed to take a Readonly reference to the environment variables to avoid accidental mutation
rajsite
commented
Mar 12, 2025
Comment on lines
+84
to
+96
| const oidcAuthEnv = { | ||
| OIDC_AUTH_SECRET: config?.OIDC_AUTH_SECRET ?? ev.OIDC_AUTH_SECRET, | ||
| OIDC_AUTH_REFRESH_INTERVAL: config?.OIDC_AUTH_REFRESH_INTERVAL ?? ev.OIDC_AUTH_REFRESH_INTERVAL, | ||
| OIDC_AUTH_EXPIRES: config?.OIDC_AUTH_EXPIRES ?? ev.OIDC_AUTH_EXPIRES, | ||
| OIDC_ISSUER: config?.OIDC_ISSUER ?? ev.OIDC_ISSUER, | ||
| OIDC_CLIENT_ID: config?.OIDC_CLIENT_ID ?? ev.OIDC_CLIENT_ID, | ||
| OIDC_CLIENT_SECRET: config?.OIDC_CLIENT_SECRET ?? ev.OIDC_CLIENT_SECRET, | ||
| OIDC_REDIRECT_URI: config?.OIDC_REDIRECT_URI ?? ev.OIDC_REDIRECT_URI, | ||
| OIDC_SCOPES: config?.OIDC_SCOPES ?? ev.OIDC_SCOPES, | ||
| OIDC_COOKIE_PATH: config?.OIDC_COOKIE_PATH ?? ev.OIDC_COOKIE_PATH, | ||
| OIDC_COOKIE_NAME: config?.OIDC_COOKIE_NAME ?? ev.OIDC_COOKIE_NAME, | ||
| OIDC_COOKIE_DOMAIN: config?.OIDC_COOKIE_DOMAIN ?? ev.OIDC_COOKIE_DOMAIN, | ||
| } |
There was a problem hiding this comment.
fallback to env variables when not provided in config
|
@hnw Sorry for the repeated mentions but I added some comments to help review. Please let me know if you have any concerns with the direction, etc an I can address them quickly! I appreciate your time and for sharing the plugin! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Resolves #979 and resolves #978
The author should do the following, if applicable
yarn changesetat the top of this repo and push the changeset