feat: add oidc to admin panel

server/internal/clients/ca-store.ts

@@ -80,6 +80,7 @@ export const dbCertificateStore = () => {
           },
         });
       } finally {
+        /* empty */
       }
     },
     async checkBlacklistCertificate(name: string): Promise<boolean> {

server/internal/config/application-configuration.ts

@@ -1,5 +1,4 @@
 import type { ApplicationSettings } from "@prisma/client";
-import { AuthMec } from "@prisma/client";
 import prisma from "../db/database";
 
 class ApplicationConfiguration {
@@ -38,7 +37,6 @@ class ApplicationConfiguration {
   async initialiseConfiguration() {
     const initialState = await prisma.applicationSettings.create({
       data: {
-        enabledAuthencationMechanisms: [AuthMec.Simple],
         metadataProviders: [],
       },
     });

server/internal/notifications/index.ts

@@ -57,9 +57,11 @@ class NotificationSystem {
   }
 
   async push(userId: string, notificationCreateArgs: NotificationCreateArgs) {
+    if (!notificationCreateArgs.nonce)
+      throw new Error("No nonce in notificationCreateArgs");
     const notification = await prisma.notification.upsert({
       where: {
-        nonce: notificationCreateArgs.nonce!!
+        nonce: notificationCreateArgs.nonce,
       },
       update: {
         userId: userId,

server/internal/oidc/index.ts

@@ -1,8 +1,8 @@
 import { randomUUID } from "crypto";
 import prisma from "../db/database";
-import { AuthMec, Prisma } from "@prisma/client";
+import { AuthMec } from "@prisma/client";
 import objectHandler from "../objects";
-import { Readable } from "stream";
+import type { Readable } from "stream";
 import * as jdenticon from "jdenticon";
 
 interface OIDCWellKnown {
@@ -39,7 +39,8 @@ export class OIDCManager {
 
   private adminGroup?: string = process.env.OIDC_ADMIN_GROUP;
   private usernameClaim: keyof OIDCUserInfo =
-    (process.env.OIDC_USERNAME_CLAIM as any) ?? "preferred_username";
+    (process.env.OIDC_USERNAME_CLAIM as keyof OIDCUserInfo) ??
+    "preferred_username";
 
   private signinStateTable: { [key: string]: OIDCAuthSession } = {};
 
@@ -121,6 +122,16 @@ export class OIDCManager {
     return new OIDCManager(configuration, clientId, clientSecret, externalUrl);
   }
 
+  generateConfiguration() {
+    return {
+      authorizationUrl: this.oidcConfiguration.authorization_endpoint,
+      scopes: this.oidcConfiguration.scopes_supported.join(", "),
+      adminGroup: this.adminGroup,
+      usernameClaim: this.usernameClaim,
+      externalUrl: this.externalUrl,
+    };
+  }
+
   generateAuthSession(): OIDCAuthSession {
     const stateKey = randomUUID();
 
@@ -226,11 +237,12 @@ export class OIDCManager {
     const userId = randomUUID();
     const profilePictureId = randomUUID();
 
-    if (userinfo.picture) {
+    const picture = userinfo.picture;
+    if (picture) {
       await objectHandler.createFromSource(
         profilePictureId,
         async () =>
-          await $fetch<Readable>(userinfo.picture!!, {
+          await $fetch<Readable>(picture, {
             responseType: "stream",
           }),
         {},
@@ -269,6 +281,7 @@ export class OIDCManager {
             },
           },
         },
+        // eslint-disable-next-line @typescript-eslint/no-explicit-any
         credentials: creds as any, // Prisma converts this to the Json type for us
       },
       include: {