liaohui
/
fenghuo
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
fenghuo/apps/backend/src/oidc/config.ts

87 lines
2.8 KiB
TypeScript
Raw Normal View History

add
2025-05-26 19:56:34 +08:00
import { Configuration } from 'oidc-provider';
05262157
2025-05-26 21:57:05 +08:00
import { RedisAdapter } from './redis-adapter';
05262225
2025-05-26 22:25:28 +08:00
import { prisma } from '@repo/db';
add
2025-05-26 19:56:34 +08:00
05262225
2025-05-26 22:25:28 +08:00
async function getClients() {
const dbClients = await prisma.oidcClient.findMany?.();
05262311
2025-05-26 23:11:24 +08:00
const dbClientList = (dbClients && dbClients.length > 0)
? dbClients.map(c => ({
05262225
2025-05-26 22:25:28 +08:00
client_id: c.clientId,
client_secret: c.clientSecret,
grant_types: JSON.parse(c.grantTypes), // string -> string[]
redirect_uris: JSON.parse(c.redirectUris), // string -> string[]
response_types: JSON.parse(c.responseTypes), // string -> string[]
scope: c.scope,
05262311
2025-05-26 23:11:24 +08:00
}))
: [];
// 管理后台client通过环境变量读取
const adminClient = {
client_id: process.env.OIDC_CLIENT_ID || 'admin-client',
client_secret: process.env.OIDC_CLIENT_SECRET || 'admin-secret',
grant_types: ['authorization_code', 'refresh_token'],
redirect_uris: [process.env.OIDC_REDIRECT_URI || 'http://localhost:3000/admin/callback'],
response_types: ['code'],
scope: 'openid email profile',
};
// 检查是否与数据库client_id重复
const allClients = [adminClient, ...dbClientList.filter(c => c.client_id !== adminClient.client_id)];
return allClients;
05262225
2025-05-26 22:25:28 +08:00
}
05262311
2025-05-26 23:11:24 +08:00
const OIDC_COOKIE_KEY = process.env.OIDC_COOKIE_KEY || 'HrbEPlzByV0CcjFJhl2pjKV2iG8FgQIc';
05262225
2025-05-26 22:25:28 +08:00
const config: Configuration = {
adapter: RedisAdapter,
// 注意clients字段现在是Promise需在Provider初始化时await
clients: await getClients(),
aadd
2025-05-26 19:56:40 +08:00
pkce: {
05262225
2025-05-26 22:25:28 +08:00
required: () => true,
aadd
2025-05-26 19:56:40 +08:00
},
features: {
05262225
2025-05-26 22:25:28 +08:00
devInteractions: { enabled: false },
resourceIndicators: { enabled: true },
revocation: { enabled: true },
userinfo: { enabled: true },
registration: { enabled: true },
aadd
2025-05-26 19:56:40 +08:00
},
cookies: {
05262225
2025-05-26 22:25:28 +08:00
keys: [OIDC_COOKIE_KEY],
aadd
2025-05-26 19:56:40 +08:00
},
05262311
2025-05-26 23:11:24 +08:00
jwks: [],
aadd
2025-05-26 19:56:40 +08:00
ttl: {
05262225
2025-05-26 22:25:28 +08:00
AccessToken: 3600,
AuthorizationCode: 600,
IdToken: 3600,
RefreshToken: 1209600,
BackchannelAuthenticationRequest: 600,
ClientCredentials: 600,
DeviceCode: 600,
Grant: 1209600,
Interaction: 3600,
Session: 1209600,
RegistrationAccessToken: 3600,
DPoPProof: 300,
PushedAuthorizationRequest: 600,
ReplayDetection: 3600,
LogoutToken: 600,
},
findAccount: async (ctx, id) => {
const user = await prisma.user.findUnique({ where: { id } });
if (!user) return undefined;
return {
accountId: user.id,
async claims() {
return {
sub: user.id,
email: user.email,
name: user.name,
};
},
};
aadd
2025-05-26 19:56:40 +08:00
},
add
2025-05-26 19:56:34 +08:00
};
export default config;