feat: update AuthProvider interface and improve user role handling

2025-05-28 05:55:10 +03:00
parent ead3eb030c
commit b573ba8022
3 changed files with 200 additions and 37 deletions
--- a/src/external-jwt/authProvider/get-auth-providers.ts
+++ b/src/external-jwt/authProvider/get-auth-providers.ts
@@ -29,7 +29,7 @@ export interface AuthProvider {
  JWKSClient?: JwksClient;
  use_database?: boolean;

-  initial_role?: string;
+  default_role_id?: string;
 }


@@ -37,26 +37,31 @@ export interface AuthProvider {
 export async function getAuthProviders(): Promise<AuthProvider[]> {
 	console.log("calling auth providers _")
 	return new Promise((resolve, reject) => {
-		const authProviders: AuthProvider[] = toArray(env['AUTH_PROVIDERS'])
-			.filter((provider) => provider && env[`AUTH_${provider.toUpperCase()}_DRIVER`] === ('openid' || 'oauth2'))
-			.map((provider) => ({
-				name: provider,
-				label: env[`AUTH_${provider.toUpperCase()}_LABEL`],
-				driver: env[`AUTH_${provider.toUpperCase()}_DRIVER`],
-				icon: env[`AUTH_${provider.toUpperCase()}_ICON`],
-				trusted: env[`AUTH_${provider.toUpperCase()}_TRUSTED`],
-				jwks_url: env[`AUTH_${provider.toUpperCase()}_JWKS_URL`],
-				jwks_keys: env[`AUTH_${provider.toUpperCase()}_JWKS_KEYS`],
-				issuer_url: env[`AUTH_${provider.toUpperCase()}_ISSUER_URL`],
-				admin_key: env[`AUTH_${provider.toUpperCase()}_JWT_ADMIN_KEY`],
-				app_key: env[`AUTH_${provider.toUpperCase()}_JWT_APP_KEY`],
-				role_key: env[`AUTH_${provider.toUpperCase()}_JWT_ROLE_KEY`],
-				client_id: env[`AUTH_${provider.toUpperCase()}_CLIENT_ID`],
-				client_secret: env[`AUTH_${provider.toUpperCase()}_CLIENT_SECRET`],
-				use_database: env[`AUTH_${provider.toUpperCase()}_JWT_USEDB`],
+		const authProviders: AuthProvider[] = toArray(env["AUTH_PROVIDERS"])
+      .filter(
+        (provider) =>
+          provider &&
+          env[`AUTH_${provider.toUpperCase()}_DRIVER`] ===
+            ("openid" || "oauth2")
+      )
+      .map((provider) => ({
+        name: provider,
+        label: env[`AUTH_${provider.toUpperCase()}_LABEL`],
+        driver: env[`AUTH_${provider.toUpperCase()}_DRIVER`],
+        icon: env[`AUTH_${provider.toUpperCase()}_ICON`],
+        trusted: env[`AUTH_${provider.toUpperCase()}_TRUSTED`],
+        jwks_url: env[`AUTH_${provider.toUpperCase()}_JWKS_URL`],
+        jwks_keys: env[`AUTH_${provider.toUpperCase()}_JWKS_KEYS`],
+        issuer_url: env[`AUTH_${provider.toUpperCase()}_ISSUER_URL`],
+        admin_key: env[`AUTH_${provider.toUpperCase()}_JWT_ADMIN_KEY`],
+        app_key: env[`AUTH_${provider.toUpperCase()}_JWT_APP_KEY`],
+        role_key: env[`AUTH_${provider.toUpperCase()}_JWT_ROLE_KEY`],
+        client_id: env[`AUTH_${provider.toUpperCase()}_CLIENT_ID`],
+        client_secret: env[`AUTH_${provider.toUpperCase()}_CLIENT_SECRET`],
+        use_database: env[`AUTH_${provider.toUpperCase()}_JWT_USEDB`],

-				initial_role: env[`AUTH_${provider.toUpperCase()}_INITIAL_ROLE`]
-			}));
+        default_role_id: env[`AUTH_${provider.toUpperCase()}_DEFAULT_ROLE_ID`],
+      }));

 		
 		if(authProviders.length === 0) return resolve([]);
--- a/src/external-jwt/get-accountability-for-token.ts
+++ b/src/external-jwt/get-accountability-for-token.ts
@@ -40,8 +40,8 @@ const getUser = async (
    .first();
 };

-const insertUser = async (database: Knex, user: Record<string, any>) => {
-  return database("directus_users").insert(user).returning("*");
+const insertUser = async (database: Knex, user: Record<string, any>): Promise<any> => {
+  return database("directus_users").insert(user);
 };

 // TODO: optimize this function, reduce the amount of loops
@@ -51,14 +51,6 @@ export async function getAccountabilityForToken(
  accountability: Accountability | null,
  database: Knex
 ): Promise<Accountability> {
-  console.log(
-    "getAccountabilityForToken called with token",
-    token,
-    "and iss",
-    iss,
-    "and accountability",
-    accountability
-  );
  if (accountability == null) {
    accountability = {
      user: null,
@@ -103,10 +95,9 @@ export async function getAccountabilityForToken(
        console.debug("User found in database:", user);

        if (!user) {
-          const role = provider.initial_role
          user = await insertUser(database, {
            id: uuid.v4(),
-            role: role,
+            role: provider.default_role_id,
            provider: provider.name,
            external_identifier: result.sub,
          });
@@ -126,11 +117,6 @@ export async function getAccountabilityForToken(
            CacheSet(result.sub, accountability);
          }

-          console.log(
-            "Returning accountability from database:",
-            accountability
-          );
-
          return accountability;
        }
      } catch (error) {