Inicio Explorar Axuda
Iniciar sesión
golang
/
netmaker
réplica de https://github.com/gravitl/netmaker
2
0
Fork 0
Ficheiros Incidencias 0 Wiki
Explorar o código

add allowed emails domains for oauth singup to config

abhishek9686 hai 1 ano
pai
62f4c4c99f
achega
cf0ff52d7f
Modificáronse 4 ficheiros con 16 adicións e 2 borrados
Dividir vista Mostrar estatísticas de Diff
  1. 1 0
      config/config.go
  2. 3 1
      scripts/netmaker.default.env
  3. 1 1
      scripts/nm-quick.sh
  4. 11 0
      servercfg/serverconf.go

+ 1 - 0
config/config.go
Ver ficheiro 

@@ -92,6 +92,7 @@ type ServerConfig struct {
 
 	JwtValidityDuration        time.Duration `yaml:"jwt_validity_duration"`
 
 	RacAutoDisable             bool          `yaml:"rac_auto_disable"`
 
 	CacheEnabled               string        `yaml:"caching_enabled"`
 
+	AllowedEmailDomains        string        `yaml:"allowed_email_domains"`
 
 }
 
 
 // SQLConfig - Generic SQL Config

+ 3 - 1
scripts/netmaker.default.env
Ver ficheiro 

@@ -53,6 +53,8 @@ TELEMETRY=on
 
 # OAuth section
 
 #
 
 ###
 
+# only mentioned domains will be allowded to signup using oauth, by default all domains are allowed
 
+ALLOWED_EMAIL_DOMAINS=*
 
 # "<azure-ad|github|google|oidc>"
 
 AUTH_PROVIDER=
 
 # "<client id of your oauth provider>"
 
@@ -70,4 +72,4 @@ JWT_VALIDITY_DURATION=43200
 
 # Auto disable a user's connecteds clients bassed on JWT token expiration
 
 RAC_AUTO_DISABLE=true
 
 # if turned on data will be cached on to improve performance significantly (IMPORTANT: If HA set to `false` )
 
-CACHING_ENABLED=true
 
+CACHING_ENABLED=true

+ 1 - 1
scripts/nm-quick.sh
Ver ficheiro 

@@ -248,7 +248,7 @@ save_config() { (
 
 	local toCopy=("SERVER_HOST" "MASTER_KEY" "MQ_USERNAME" "MQ_PASSWORD"
 
 		"INSTALL_TYPE" "NODE_ID" "DNS_MODE" "NETCLIENT_AUTO_UPDATE" "API_PORT"
 
 		"CORS_ALLOWED_ORIGIN" "DISPLAY_KEYS" "DATABASE" "SERVER_BROKER_ENDPOINT" "VERBOSITY"
 
-		"DEBUG_MODE"  "REST_BACKEND" "DISABLE_REMOTE_IP_CHECK" "TELEMETRY" "AUTH_PROVIDER" "CLIENT_ID" "CLIENT_SECRET"
 
+		"DEBUG_MODE"  "REST_BACKEND" "DISABLE_REMOTE_IP_CHECK" "TELEMETRY" "ALLOWED_EMAIL_DOMAINS" "AUTH_PROVIDER" "CLIENT_ID" "CLIENT_SECRET"
 
 		"FRONTEND_URL" "AZURE_TENANT" "OIDC_ISSUER" "EXPORTER_API_PORT" "JWT_VALIDITY_DURATION" "RAC_AUTO_DISABLE" "CACHING_ENABLED")
 
 	for name in "${toCopy[@]}"; do
 
 		save_config_item $name "${!name}"

+ 11 - 0
servercfg/serverconf.go
Ver ficheiro 

@@ -703,3 +703,14 @@ func GetEmqxAppID() string {
 
 func GetEmqxAppSecret() string {
 
 	return os.Getenv("EMQX_APP_SECRET")
 
 }
 
+
 
+// GetAllowedEmailDomains - gets the allowed email domains for oauth signup
 
+func GetAllowedEmailDomains() string {
 
+	allowedDomains := "*"
 
+	if os.Getenv("ALLOWED_EMAIL_DOMAINS") != "" {
 
+		allowedDomains = os.Getenv("ALLOWED_EMAIL_DOMAINS")
 
+	} else if config.Config.Server.AllowedEmailDomains != "" {
 
+		allowedDomains = config.Config.Server.AllowedEmailDomains
 
+	}
 
+	return allowedDomains
 
+}