TFNS
diff --git a/‎api/.yarn/cache/jose-npm-6.1.0-b52bb87803-d111bc11fd.zip‎
95 KB b/‎api/.yarn/cache/jose-npm-6.1.0-b52bb87803-d111bc11fd.zip‎
95 KB
diff --git a/‎api/.yarn/cache/oauth4webapi-npm-3.8.2-251c3d9d97-5f96b50dd5.zip‎
55.9 KB b/‎api/.yarn/cache/oauth4webapi-npm-3.8.2-251c3d9d97-5f96b50dd5.zip‎
55.9 KB
diff --git a/‎api/.yarn/cache/openid-client-npm-6.8.1-616ccc5934-94d18d39f8.zip‎
43.8 KB b/‎api/.yarn/cache/openid-client-npm-6.8.1-616ccc5934-94d18d39f8.zip‎
43.8 KB
diff --git a/‎api/Dockerfile‎
Lines changed: 1 addition & 1 deletion b/‎api/Dockerfile‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎api/migrations/57-external-login.sql‎
Lines changed: 25 additions & 0 deletions b/‎api/migrations/57-external-login.sql‎
Lines changed: 25 additions & 0 deletions
diff --git a/‎api/migrations/58-oauth2-login.sql‎
Lines changed: 5 additions & 0 deletions b/‎api/migrations/58-oauth2-login.sql‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎api/package.json‎
Lines changed: 1 addition & 0 deletions b/‎api/package.json‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎api/src/config.ts‎
Lines changed: 33 additions & 0 deletions b/‎api/src/config.ts‎
Lines changed: 33 additions & 0 deletions
diff --git a/‎api/src/discord/agile/commands/register.ts‎
Lines changed: 1 addition & 1 deletion b/‎api/src/discord/agile/commands/register.ts‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎api/src/discord/database/users.ts‎
Lines changed: 1 addition & 9 deletions b/‎api/src/discord/database/users.ts‎
Lines changed: 1 addition & 9 deletions
@@ -2,7 +2,7 @@
 
 # Global args, set before the first FROM, shared by all stages
 ARG NODE_ENV="production"
-ARG NODE_IMAGE="18.19.1-alpine"
+ARG NODE_IMAGE="20.19.5-alpine"
 
 ################################################################################
 # Build stage 1 - `yarn build`
 
@@ -0,0 +1,25 @@
+-- Login with external identity and register/migrate user if not present/externally managed
+CREATE FUNCTION ctfnote_private.login_with_extern("name" text, "role" ctfnote.role)
+RETURNS ctfnote.jwt
+AS $$
+DECLARE
+ log_user ctfnote_private.user;
+BEGIN
+ INSERT INTO ctfnote_private.user ("login", "password", "role")
+ VALUES (login_with_extern.name, 'external', login_with_extern.role)
+ ON CONFLICT ("login") DO UPDATE
+ SET login = login_with_extern.name, password = 'external'
+ RETURNING
+ * INTO log_user;
+ INSERT INTO ctfnote.profile ("id", "username")
+ VALUES (log_user.id, login_with_extern.name)
+ ON CONFLICT (id) DO UPDATE
+ SET username = login_with_extern.name;
+ RETURN (ctfnote_private.new_token (log_user.id))::ctfnote.jwt;
+END;
+$$
+LANGUAGE plpgsql
+STRICT
+SECURITY DEFINER;
+
+GRANT EXECUTE ON FUNCTION ctfnote_private.login_with_extern TO user_anonymous;
@@ -0,0 +1,5 @@
+ALTER TABLE ctfnote.settings
+ ADD COLUMN "oauth2_enabled" boolean NOT NULL DEFAULT FALSE;
+
+GRANT SELECT ("oauth2_enabled") ON ctfnote.settings TO user_anonymous;
+GRANT UPDATE ("oauth2_enabled") ON ctfnote.settings TO user_postgraphile;
@@ -30,6 +30,7 @@
  "graphql": "^16.9.0",
  "graphql-upload-ts": "^2.1.2",
  "ical-generator": "^7.0.0",
+ "openid-client": "6.8.1",
  "postgraphile": "4.13.0",
  "postgraphile-plugin-connection-filter": "^2.3.0",
  "postgres-migrations": "^5.3.0",
 
@@ -51,6 +51,21 @@ export type CTFNoteConfig = DeepReadOnly<{
  registrationRoleId: string;
  channelHandleStyle: DiscordChannelHandleStyle;
  };
+ oauth2: {
+ enabled: string;
+ clientId: string;
+ clientSecret: string;
+ scope: string;
+ usernameAttr: string;
+ roleAttr: string;
+ roleMapping: string;
+ discoveryUrl: string;
+ authorizationEndpoint: string;
+ tokenEndpoint: string;
+ userinfoEndpoint: string;
+ tokenEndpointAuthMethod: string;
+ issuer: string;
+ };
 }>;
 
 function getEnv(
@@ -112,6 +127,24 @@ const config: CTFNoteConfig = {
  "agile"
  ) as DiscordChannelHandleStyle,
  },
+ oauth2: {
+ enabled: getEnv("OAUTH2_ENABLED", "false"),
+ clientId: getEnv("OAUTH2_CLIENT_ID", ""),
+ clientSecret: getEnv("OAUTH2_CLIENT_SECRET", ""),
+ scope: getEnv("OAUTH2_SCOPE", "openid profile roles"),
+ usernameAttr: getEnv("OAUTH2_USERNAME_ATTR", ""),
+ roleAttr: getEnv("OAUTH2_ROLE_ATTR", ""),
+ roleMapping: getEnv("OAUTH2_ROLE_MAPPING", ""),
+ discoveryUrl: getEnv("OAUTH2_DISCOVERY_URL", ""),
+ authorizationEndpoint: getEnv("OAUTH2_AUTHORIZATION_ENDPOINT", ""),
+ tokenEndpoint: getEnv("OAUTH2_TOKEN_ENDPOINT", ""),
+ userinfoEndpoint: getEnv("OAUTH2_USERINFO_ENDPOINT", ""),
+ tokenEndpointAuthMethod: getEnv(
+ "OAUTH2_TOKEN_ENDPOINT_AUTH_METHOD",
+ "client_secret_basic"
+ ),
+ issuer: getEnv("OAUTH2_ISSUER", ""),
+ },
 };
 
 export default config;
@@ -6,11 +6,11 @@ import {
 } from "discord.js";
 import { Command } from "../../interfaces/command";
 import {
- AllowedRoles,
  createInvitationTokenForDiscordId,
  getInvitationTokenForDiscordId,
  getUserByDiscordId,
 } from "../../database/users";
+import { AllowedRoles } from "../../../utils/role";
 import config from "../../../config";
 
 async function getInvitationUrl(invitationCode: string | null = null) {
 
@@ -1,5 +1,6 @@
 import { connectToDatabase } from "../../utils/database";
 import { PoolClient } from "pg";
+import { AllowedRoles } from "../../utils/role";
 
 /*
  * Only returns users that have not linked their discord account yet.
@@ -45,15 +46,6 @@ export async function setDiscordIdForUser(
  }
 }
 
-// refactor above to an enum
-export enum AllowedRoles {
- user_guest = "user_guest",
- user_friend = "user_friend",
- user_member = "user_member",
- user_manager = "user_manager",
- user_admin = "user_admin",
-}
-
 export async function getInvitationTokenForDiscordId(
  discordId: string,
  pgClient: PoolClient | null = null