diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml index dc42e76d..9a2db205 100644 --- a/docker/docker-compose.yml +++ b/docker/docker-compose.yml @@ -1,4 +1,3 @@ -services: services: termix: image: ghcr.io/lukegus/termix:latest diff --git a/electron/main.cjs b/electron/main.cjs index ce8602de..aceef2c9 100644 --- a/electron/main.cjs +++ b/electron/main.cjs @@ -563,12 +563,21 @@ async function clearElectronJwtCookiesAtStartup() { function getBackendPaths() { if (isDev) { const backendDir = path.join(appRoot, "dist", "backend", "backend"); - return { entryPath: path.join(backendDir, "starter.js"), backendCwd: backendDir }; + return { + entryPath: path.join(backendDir, "starter.js"), + backendCwd: backendDir, + }; } // fork() does not go through Electron's asar redirector — use the unpacked path - const unpackedRoot = appRoot.replace(/app\.asar(?!\.unpacked)/, "app.asar.unpacked"); + const unpackedRoot = appRoot.replace( + /app\.asar(?!\.unpacked)/, + "app.asar.unpacked", + ); const backendDir = path.join(unpackedRoot, "dist", "backend", "backend"); - return { entryPath: path.join(backendDir, "starter.js"), backendCwd: backendDir }; + return { + entryPath: path.join(backendDir, "starter.js"), + backendCwd: backendDir, + }; } function getBackendDataDir() { @@ -606,9 +615,10 @@ function startBackendServer() { logToFile(" backendCwd exists:", fs.existsSync(backendCwd)); backendProcess = fork(entryPath, [], { - cwd: fs.existsSync(backendCwd) && fs.statSync(backendCwd).isDirectory() - ? backendCwd - : dataDir, + cwd: + fs.existsSync(backendCwd) && fs.statSync(backendCwd).isDirectory() + ? backendCwd + : dataDir, env: { ...process.env, DATA_DIR: dataDir, @@ -1089,40 +1099,51 @@ ipcMain.handle("get-embedded-server-status", () => { }); // OIDC System Browser Authentication (RFC 8252) -ipcMain.handle("oidc-system-browser-auth", async (_event, authUrl, callbackPort) => { - const http = require("http"); +ipcMain.handle( + "oidc-system-browser-auth", + async (_event, authUrl, callbackPort) => { + const http = require("http"); - return new Promise((resolve, reject) => { - const server = http.createServer((req, res) => { - const url = new URL(req.url, `http://localhost:${callbackPort}`); - if (url.pathname === "/oidc-callback") { - const success = url.searchParams.get("success"); - const error = url.searchParams.get("error"); - const token = url.searchParams.get("token"); + return new Promise((resolve, reject) => { + const server = http.createServer((req, res) => { + const url = new URL(req.url, `http://localhost:${callbackPort}`); + if (url.pathname === "/oidc-callback") { + const success = url.searchParams.get("success"); + const error = url.searchParams.get("error"); + const token = url.searchParams.get("token"); - res.writeHead(200, { "Content-Type": "text/html" }); - res.end(`
You can close this tab and return to Termix.
`); + res.writeHead(200, { "Content-Type": "text/html" }); + res.end( + `You can close this tab and return to Termix.
`, + ); - server.close(); - if (success === "true") { - resolve({ success: true, token }); - } else { - resolve({ success: false, error: error || "Authentication failed" }); + server.close(); + if (success === "true") { + resolve({ success: true, token }); + } else { + resolve({ + success: false, + error: error || "Authentication failed", + }); + } } - } - }); + }); - server.listen(callbackPort, "127.0.0.1", () => { - shell.openExternal(authUrl); - }); + server.listen(callbackPort, "127.0.0.1", () => { + shell.openExternal(authUrl); + }); - // Timeout after 5 minutes - setTimeout(() => { - server.close(); - reject(new Error("OIDC authentication timed out")); - }, 5 * 60 * 1000); - }); -}); + // Timeout after 5 minutes + setTimeout( + () => { + server.close(); + reject(new Error("OIDC authentication timed out")); + }, + 5 * 60 * 1000, + ); + }); + }, +); ipcMain.handle("get-server-config", () => { try { diff --git a/index.html b/index.html index f774a2b1..94725365 100644 --- a/index.html +++ b/index.html @@ -47,7 +47,9 @@ - + diff --git a/src/backend/database/routes/users.ts b/src/backend/database/routes/users.ts index d3fb4642..5c14cf72 100644 --- a/src/backend/database/routes/users.ts +++ b/src/backend/database/routes/users.ts @@ -1166,11 +1166,28 @@ router.get("/oidc/callback", async (req, res) => { } } - const oidcAllowRegistration = - (process.env.OIDC_ALLOW_REGISTRATION || "").trim().toLowerCase() === - "true"; + let oidcAutoProvision = false; + try { + const oidcProvRow = db.$client + .prepare( + "SELECT value FROM settings WHERE key = 'oidc_auto_provision'", + ) + .get(); + if (oidcProvRow) { + oidcAutoProvision = + (oidcProvRow as Record