mirror of
https://github.com/danny-avila/LibreChat.git
synced 2025-12-16 16:30:15 +01:00
939b4ce659
* feat: add SAML authentication * refactor: change SAML icon * refactor: resolve SAML metadata paths using paths.js * test: add samlStrategy tests * fix: update setupSaml import * test: add SAML settings tests in config.spec.js * test: add client tests * refactor: improve SAML button label and fallback localization * feat: allow only one authentication method OpenID or SAML at a time * doc: add SAML configuration sample to docker-compose.override * fix: require SAML_SESSION_SECRET to enable SAML * feat: update samlStrategy * test: update samle tests * feat: add SAML login button label to translations and remove default value * fix: update SAML cert file binding * chore: update override example with SAML cert volume * fix: update SAML session handling with Redis backend --------- Co-authored-by: Ruben Talstra <RubenTalstra1211@outlook.com>
104 lines
3.2 KiB
JavaScript
104 lines
3.2 KiB
JavaScript
const { Keyv } = require('keyv');
|
|
const passport = require('passport');
|
|
const session = require('express-session');
|
|
const MemoryStore = require('memorystore')(session);
|
|
const RedisStore = require('connect-redis').default;
|
|
const {
|
|
setupOpenId,
|
|
googleLogin,
|
|
githubLogin,
|
|
discordLogin,
|
|
facebookLogin,
|
|
appleLogin,
|
|
setupSaml,
|
|
openIdJwtLogin,
|
|
} = require('~/strategies');
|
|
const { isEnabled } = require('~/server/utils');
|
|
const keyvRedis = require('~/cache/keyvRedis');
|
|
const { logger } = require('~/config');
|
|
|
|
/**
|
|
*
|
|
* @param {Express.Application} app
|
|
*/
|
|
const configureSocialLogins = async (app) => {
|
|
logger.info('Configuring social logins...');
|
|
|
|
if (process.env.GOOGLE_CLIENT_ID && process.env.GOOGLE_CLIENT_SECRET) {
|
|
passport.use(googleLogin());
|
|
}
|
|
if (process.env.FACEBOOK_CLIENT_ID && process.env.FACEBOOK_CLIENT_SECRET) {
|
|
passport.use(facebookLogin());
|
|
}
|
|
if (process.env.GITHUB_CLIENT_ID && process.env.GITHUB_CLIENT_SECRET) {
|
|
passport.use(githubLogin());
|
|
}
|
|
if (process.env.DISCORD_CLIENT_ID && process.env.DISCORD_CLIENT_SECRET) {
|
|
passport.use(discordLogin());
|
|
}
|
|
if (process.env.APPLE_CLIENT_ID && process.env.APPLE_PRIVATE_KEY_PATH) {
|
|
passport.use(appleLogin());
|
|
}
|
|
if (
|
|
process.env.OPENID_CLIENT_ID &&
|
|
process.env.OPENID_CLIENT_SECRET &&
|
|
process.env.OPENID_ISSUER &&
|
|
process.env.OPENID_SCOPE &&
|
|
process.env.OPENID_SESSION_SECRET
|
|
) {
|
|
logger.info('Configuring OpenID Connect...');
|
|
const sessionOptions = {
|
|
secret: process.env.OPENID_SESSION_SECRET,
|
|
resave: false,
|
|
saveUninitialized: false,
|
|
};
|
|
if (isEnabled(process.env.USE_REDIS)) {
|
|
logger.debug('Using Redis for session storage in OpenID...');
|
|
const keyv = new Keyv({ store: keyvRedis });
|
|
const client = keyv.opts.store.client;
|
|
sessionOptions.store = new RedisStore({ client, prefix: 'openid_session' });
|
|
} else {
|
|
sessionOptions.store = new MemoryStore({
|
|
checkPeriod: 86400000, // prune expired entries every 24h
|
|
});
|
|
}
|
|
app.use(session(sessionOptions));
|
|
app.use(passport.session());
|
|
const config = await setupOpenId();
|
|
if (isEnabled(process.env.OPENID_REUSE_TOKENS)) {
|
|
logger.info('OpenID token reuse is enabled.');
|
|
passport.use('openidJwt', openIdJwtLogin(config));
|
|
}
|
|
logger.info('OpenID Connect configured.');
|
|
}
|
|
if (
|
|
process.env.SAML_ENTRY_POINT &&
|
|
process.env.SAML_ISSUER &&
|
|
process.env.SAML_CERT &&
|
|
process.env.SAML_SESSION_SECRET
|
|
) {
|
|
logger.info('Configuring SAML Connect...');
|
|
const sessionOptions = {
|
|
secret: process.env.SAML_SESSION_SECRET,
|
|
resave: false,
|
|
saveUninitialized: false,
|
|
};
|
|
if (isEnabled(process.env.USE_REDIS)) {
|
|
logger.debug('Using Redis for session storage in SAML...');
|
|
const keyv = new Keyv({ store: keyvRedis });
|
|
const client = keyv.opts.store.client;
|
|
sessionOptions.store = new RedisStore({ client, prefix: 'saml_session' });
|
|
} else {
|
|
sessionOptions.store = new MemoryStore({
|
|
checkPeriod: 86400000, // prune expired entries every 24h
|
|
});
|
|
}
|
|
app.use(session(sessionOptions));
|
|
app.use(passport.session());
|
|
setupSaml();
|
|
|
|
logger.info('SAML Connect configured.');
|
|
}
|
|
};
|
|
|
|
module.exports = configureSocialLogins;
|