Commit Graph

28 Commits

Author SHA1 Message Date
liuyi 71be1d424a fix(server): oidc registration (#12723) 2025-06-05 09:16:21 +00:00
forehalo ee931d546e fix(server): oauth should follow sign up restriction (#12683)
<!-- This is an auto-generated comment: release notes by coderabbit.ai -->

## Summary by CodeRabbit

- **New Features**
	- Enforced signup restrictions for OAuth login based on configuration settings. Users will not be able to sign up via OAuth if signup is disabled by the administrator.
- **Bug Fixes**
	- Improved error handling during OAuth login when signup is not permitted.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2025-06-03 08:53:00 +00:00
forehalo 88eec2cdfb chore(server): disable version check for oauth callback (#12640)
<!-- This is an auto-generated comment: release notes by coderabbit.ai -->

## Summary by CodeRabbit

- **Bug Fixes**
  - Improved Apple OAuth login reliability by ensuring client version checks do not block the callback process.

- **New Features**
  - Enhanced OAuth account information by including an optional display name field.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2025-05-30 03:05:38 +00:00
liuyi 41781902f6 feat(core): support apple sign in (#12424) 2025-05-23 15:27:27 +08:00
forehalo 0ea38680fa refactor(server): config system (#11081) 2025-03-27 12:32:28 +00:00
fengmk2 867ae7933f refactor(server): improve oauth login flow (#10648)
close CLOUD-145
2025-03-12 15:27:36 +08:00
fengmk2 b88113a2d1 feat(server): add invalid oauth callback code error handling (#10603)
close CLOUD-130
2025-03-05 06:16:59 +00:00
DarkSky fa86f71853 feat(server): client version check (#9205)
Co-authored-by: forehalo <forehalo@gmail.com>
2025-02-20 15:50:22 +08:00
fengmk2 67b6c28d67 refactor(server): use user model on oauth plugin (#10031)
close CLOUD-117
2025-02-10 20:26:34 +08:00
forehalo 44de4474c3 feat(server): use user model (#9710) 2025-01-17 07:06:12 +00:00
liuyi 64827f771c fix(server): end_session_endpoint is not required for oidc (#9381) 2024-12-27 19:11:54 +08:00
Brooooooklyn aaaea8918f chore: upgrade to eslint9 (#9163) 2024-12-14 10:29:04 +00:00
forehalo 4c23991047 chore: rename fundamentals to base (#9119) 2024-12-13 06:27:13 +00:00
js os e2f281ac18 fix(server): make scope field optional in access token response (#8753)
Co-authored-by: DarkSky <25152247+darkskygit@users.noreply.github.com>
2024-11-09 20:01:33 +08:00
pengx17 8f694aceb7 fix(core): redirect to old page after login via 404 page (#8588)
fix AF-1487

When visit a cloud worskapce page without login, we should allow the user to redirect back to that page after login.

The logic is only added for this case, including login with email magin link + google login. Login with password is already working without changes.
2024-10-25 03:43:00 +00:00
forehalo 64d2b926a2 fix(server): remove default auth redirect url (#8140) 2024-09-06 06:26:59 +00:00
forehalo 8b0afd6eeb refactor(server): auth (#7994) 2024-09-03 09:03:39 +00:00
forehalo 624f3514fc feat(server): make permission a standalone module (#7880) 2024-08-15 10:01:52 +00:00
forehalo 0ec1995add fix(admin): organize admin panel (#7840) 2024-08-13 14:51:54 +08:00
liuyi 54fc1197ad feat(server): introduce user friendly server errors (#7111) 2024-06-17 11:30:58 +08:00
Tao Chen e417c4cd44 fix(server): OIDC bug (#7061) 2024-05-28 18:19:37 +08:00
forehalo 638fc62601 feat(server): runtime setting support (#5602)
---

<details open="true"><summary>Generated summary (powered by <a href="https://app.graphite.dev">Graphite</a>)</summary>

> ## TL;DR
> This pull request adds a new migration file, a new model, and new modules related to runtime settings. It also introduces a new `Runtime` service that allows getting, setting, and updating runtime configurations.
>
> ## What changed
> - Added a new migration file `migration.sql` that creates a table called `application_settings` with columns `key` and `value`.
> - Added a new model `ApplicationSetting` with properties `key` and `value`.
> - Added a new module `RuntimeSettingModule` that exports the `Runtime` service.
> - Added a new service `Runtime` that provides methods for getting, setting, and updating runtime configurations.
> - Modified the `app.module.ts` file to import the `RuntimeSettingModule`.
> - Modified the `index.ts` file in the `fundamentals` directory to export the `Runtime` service.
> - Added a new file `def.ts` in the `runtime` directory that defines the runtime configurations and provides a default implementation.
> - Added a new file `service.ts` in the `runtime` directory that implements the `Runtime` service.
>
> ## How to test
> 1. Run the migration script to create the `application_settings` table.
> 2. Use the `Runtime` service to get, set, and update runtime configurations.
> 3. Verify that the runtime configurations are stored correctly in the database and can be retrieved and modified using the `Runtime` service.
>
> ## Why make this change
> This change introduces a new feature related to runtime settings. The `Runtime` service allows the application to dynamically manage and modify runtime configurations without requiring a restart. This provides flexibility and allows for easier customization and configuration of the application.
</details>
2024-05-28 06:43:53 +00:00
Tao Chen 22a8a2663e feat(server): add OIDC for AFFiNE (#6991)
Co-authored-by: LongYinan <lynweklm@gmail.com>
Co-authored-by: DarkSky <darksky2048@gmail.com>
2024-05-24 00:35:30 +08:00
forehalo 1a1af83375 test(server): auth tests (#6135) 2024-03-26 02:24:17 +00:00
liuyi 06a5b2e5a5 fix(server): wrong google oauth param (#6227) 2024-03-20 17:45:22 +08:00
liuyi f2ec81b2d0 feat(server): user connected accounts migration (#6103) 2024-03-13 09:28:52 +00:00
liuyi 573528be41 fix(server): user can not signup through oauth if ever invited (#6101) 2024-03-13 07:50:11 +00:00
liuyi fb3a0e7b8f refactor(server): auth (#5895)
Remove `next-auth` and implement our own Authorization/Authentication system from scratch.

## Server

- [x] tokens
  - [x] function
  - [x] encryption

- [x] AuthController
  - [x] /api/auth/sign-in
  - [x] /api/auth/sign-out
  - [x] /api/auth/session
  - [x] /api/auth/session (WE SUPPORT MULTI-ACCOUNT!)

- [x] OAuthPlugin
  - [x] OAuthController
  - [x] /oauth/login
  - [x] /oauth/callback
  - [x] Providers
    - [x] Google
    - [x] GitHub

## Client

- [x] useSession
- [x] cloudSignIn
- [x] cloudSignOut

## NOTE:

Tests will be adding in the future
2024-03-12 10:00:09 +00:00