@typekcz-nocobase-plugins/plugin-oidc-plus 1.0.3 → 1.0.5

package/src/client/Options.tsx

@@ -0,0 +1,359 @@
+import { CopyOutlined } from '@ant-design/icons';
+import { ArrayItems, FormTab } from '@formily/antd-v5';
+import { observer } from '@formily/react';
+import { FormItem, Input, SchemaComponent, useApp } from '@nocobase/client';
+import { Card, Space, message } from 'antd';
+import React, { useMemo } from 'react';
+import { lang, useOidcTranslation } from './locale';
+
+const schema = {
+  type: 'object',
+  properties: {
+    public: {
+      type: 'object',
+      properties: {
+        autoSignup: {
+          'x-decorator': 'FormItem',
+          type: 'boolean',
+          title: '{{t("Sign up automatically when the user does not exist")}}',
+          'x-component': 'Checkbox',
+          default: true,
+        },
+      },
+    },
+    oidc: {
+      type: 'object',
+      properties: {
+        collapse: {
+          type: 'void',
+          'x-component': 'FormTab',
+          properties: {
+            basic: {
+              type: 'void',
+              'x-component': 'FormTab.TabPane',
+              'x-component-props': {
+                tab: lang('Basic configuration'),
+              },
+              properties: {
+                issuer: {
+                  type: 'string',
+                  title: '{{t("Issuer")}}',
+                  'x-component': 'Input',
+                  'x-decorator': 'FormItem',
+                  required: true,
+                },
+                clientId: {
+                  type: 'string',
+                  title: '{{t("Client ID")}}',
+                  'x-component': 'Input',
+                  'x-decorator': 'FormItem',
+                  required: true,
+                },
+                clientSecret: {
+                  type: 'string',
+                  title: '{{t("Client Secret")}}',
+                  'x-component': 'Input',
+                  'x-decorator': 'FormItem',
+                  required: true,
+                },
+                scope: {
+                  type: 'string',
+                  title: '{{t("scope")}}',
+                  'x-component': 'Input',
+                  'x-decorator': 'FormItem',
+                  'x-decorator-props': {
+                    tooltip: '{{t("Default: openid profile email")}}',
+                  },
+                },
+                idTokenSignedResponseAlg: {
+                  type: 'string',
+                  title: '{{t("id_token signed response algorithm")}}',
+                  'x-component': 'Select',
+                  'x-decorator': 'FormItem',
+                  enum: [
+                    { label: 'HS256', value: 'HS256' },
+                    { label: 'HS384', value: 'HS384' },
+                    { label: 'HS512', value: 'HS512' },
+                    { label: 'RS256', value: 'RS256' },
+                    { label: 'RS384', value: 'RS384' },
+                    { label: 'RS512', value: 'RS512' },
+                    { label: 'ES256', value: 'ES256' },
+                    { label: 'ES384', value: 'ES384' },
+                    { label: 'ES512', value: 'ES512' },
+                    { label: 'PS256', value: 'PS256' },
+                    { label: 'PS384', value: 'PS384' },
+                    { label: 'PS512', value: 'PS512' },
+                  ],
+                },
+              },
+            },
+            mapping: {
+              type: 'void',
+              'x-component': 'FormTab.TabPane',
+              'x-component-props': {
+                tab: lang('Field mapping'),
+              },
+              properties: {
+                fieldMap: {
+                  title: '{{t("Field Map")}}',
+                  type: 'array',
+                  'x-decorator': 'FormItem',
+                  'x-component': 'ArrayItems',
+                  items: {
+                    type: 'object',
+                    'x-decorator': 'ArrayItems.Item',
+                    properties: {
+                      space: {
+                        type: 'void',
+                        'x-component': 'Space',
+                        properties: {
+                          source: {
+                            type: 'string',
+                            'x-decorator': 'FormItem',
+                            'x-component': 'Input',
+                            'x-component-props': {
+                              placeholder: '{{t("source")}}',
+                            },
+                          },
+                          target: {
+                            type: 'string',
+                            'x-decorator': 'FormItem',
+                            'x-component': 'Input',
+                            'x-component-props': {
+                              placeholder: '{{t("target")}}',
+                            },
+                          },
+                          remove: {
+                            type: 'void',
+                            'x-decorator': 'FormItem',
+                            'x-component': 'ArrayItems.Remove',
+                          },
+                        },
+                      },
+                    },
+                  },
+                  properties: {
+                    add: {
+                      type: 'void',
+                      title: 'Add',
+                      'x-component': 'ArrayItems.Addition',
+                    },
+                  },
+                },
+                userBindField: {
+                  type: 'string',
+                  title: '{{t("Use this field to bind the user")}}',
+                  'x-component': 'Select',
+                  'x-decorator': 'FormItem',
+                  default: 'email',
+                  enum: [
+                    { label: lang('Email'), value: 'email' },
+                    { label: lang('Username'), value: 'username' },
+                  ],
+                  required: true,
+                },
+              },
+            },
+            advanced: {
+              type: 'void',
+              'x-component': 'FormTab.TabPane',
+              'x-component-props': {
+                tab: lang('Advanced configuration'),
+              },
+              properties: {
+                logout: {
+                  type: 'boolean',
+                  title: '{{t("RP-initiated logout")}}',
+                  'x-component': 'Checkbox',
+                  'x-decorator': 'FormItem',
+                  'x-decorator-props': {
+                    tooltip:
+                      '{{t("Performs logout on the issuer (uses end_session_endpoint in the issuer configuration)")}}',
+                  },
+                },
+                http: {
+                  type: 'boolean',
+                  title: '{{t("HTTP")}}',
+                  'x-component': 'Checkbox',
+                  'x-decorator': 'FormItem',
+                  'x-decorator-props': {
+                    tooltip: '{{t("Check if NocoBase is running on HTTP protocol")}}',
+                  },
+                },
+                port: {
+                  type: 'number',
+                  title: '{{t("Port")}}',
+                  'x-component': 'InputNumber',
+                  'x-decorator': 'FormItem',
+                  'x-decorator-props': {
+                    tooltip: '{{t("The port number of the NocoBase service if it is not 80 or 443")}}',
+                  },
+                  'x-component-props': {
+                    style: {
+                      width: '15%',
+                      minWidth: '100px',
+                    },
+                  },
+                },
+                stateToken: {
+                  type: 'string',
+                  title: '{{t("State token")}}',
+                  'x-component': 'Input',
+                  'x-decorator': 'FormItem',
+                  description: lang(
+                    "The state token helps prevent CSRF attacks. It's recommended to leave it blank for automatic random generation.",
+                  ),
+                },
+                exchangeBodyKeys: {
+                  type: 'array',
+                  title: '{{t("Pass parameters in the authorization code grant exchange")}}',
+                  'x-decorator': 'FormItem',
+                  'x-component': 'ArrayItems',
+                  default: [
+                    { paramName: '', optionsKey: 'clientId' },
+                    {
+                      paramName: '',
+                      optionsKey: 'clientSecret',
+                    },
+                  ],
+                  items: {
+                    type: 'object',
+                    'x-decorator': 'ArrayItems.Item',
+                    properties: {
+                      space: {
+                        type: 'void',
+                        'x-component': 'Space',
+                        properties: {
+                          enabled: {
+                            type: 'boolean',
+                            'x-decorator': 'FormItem',
+                            'x-component': 'Checkbox',
+                          },
+                          optionsKey: {
+                            type: 'string',
+                            'x-decorator': 'FormItem',
+                            'x-decorator-props': {
+                              style: {
+                                width: '100px',
+                              },
+                            },
+                            'x-component': 'Select',
+                            'x-read-pretty': true,
+                            enum: [
+                              { label: lang('Client ID'), value: 'clientId' },
+                              { label: lang('Client Secret'), value: 'clientSecret' },
+                            ],
+                          },
+                          paramName: {
+                            type: 'string',
+                            'x-decorator': 'FormItem',
+                            'x-component': 'Input',
+                            'x-component-props': {
+                              placeholder: '{{t("Parameter name")}}',
+                            },
+                          },
+                        },
+                      },
+                    },
+                  },
+                },
+                userInfoMethod: {
+                  type: 'string',
+                  title: '{{t("Method to call the user info endpoint")}}',
+                  'x- decorator': 'FormItem',
+                  'x-component': 'Radio.Group',
+                  default: 'GET',
+                  enum: [
+                    {
+                      label: 'GET',
+                      value: 'GET',
+                    },
+                    {
+                      label: 'POST',
+                      value: 'POST',
+                    },
+                  ],
+                  'x-reactions': [
+                    {
+                      dependencies: ['.accessTokenVia'],
+                      when: '{{$deps[0] === "query"}}',
+                      fulfill: {
+                        state: {
+                          value: 'GET',
+                        },
+                      },
+                    },
+                    {
+                      dependencies: ['.accessTokenVia'],
+                      when: '{{$deps[0] === "body"}}',
+                      fulfill: {
+                        state: {
+                          value: 'POST',
+                        },
+                      },
+                    },
+                  ],
+                },
+                accessTokenVia: {
+                  type: 'string',
+                  title: '{{t("Where to put the access token when calling the user info endpoint")}}',
+                  'x- decorator': 'FormItem',
+                  'x-component': 'Radio.Group',
+                  default: 'header',
+                  enum: [
+                    {
+                      label: lang('Header'),
+                      value: 'header',
+                    },
+                    {
+                      label: lang('Body (Use with POST method)'),
+                      value: 'body',
+                    },
+                    {
+                      label: lang('Query parameters (Use with GET method)'),
+                      value: 'query',
+                    },
+                  ],
+                },
+              },
+            },
+          },
+        },
+      },
+    },
+    usage: {
+      type: 'void',
+      'x-component': 'Usage',
+    },
+  },
+};
+
+const Usage = observer(
+  () => {
+    const { t } = useOidcTranslation();
+    const app = useApp();
+
+    const url = useMemo(() => {
+      return app.getApiUrl('oidc:redirect');
+    }, [app]);
+
+    const copy = (text: string) => {
+      navigator.clipboard.writeText(text);
+      message.success(t('Copied'));
+    };
+
+    return (
+      <Card title={t('Usage')} type="inner">
+        <FormItem label={t('Redirect URL')}>
+          <Input value={url} disabled={true} addonBefore={<CopyOutlined onClick={() => copy(url)} />} />
+        </FormItem>
+      </Card>
+    );
+  },
+  { displayName: 'Usage' },
+);
+
+export const Options = () => {
+  const { t } = useOidcTranslation();
+  return <SchemaComponent scope={{ t }} components={{ Usage, ArrayItems, Space, FormTab }} schema={schema} />;
+};

package/src/client/index.tsx

@@ -0,0 +1,19 @@
+import { Plugin } from '@nocobase/client';
+import AuthPlugin from '@nocobase/plugin-auth/client';
+import { authType } from '../constants';
+import { OIDCButton } from './OIDCButton';
+import { Options } from './Options';
+
+export class PluginOIDCClient extends Plugin {
+  async load() {
+    const auth = this.app.pm.get(AuthPlugin);
+    auth.registerType(authType, {
+      components: {
+        SignInButton: OIDCButton,
+        AdminSettingsForm: Options,
+      },
+    });
+  }
+}
+
+export default PluginOIDCClient;

package/src/client/locale/index.ts

@@ -0,0 +1,18 @@
+import { i18n } from '@nocobase/client';
+import { useTranslation } from 'react-i18next';
+
+export const NAMESPACE = 'oidc';
+
+// i18n.addResources('zh-CN', NAMESPACE, zhCN);
+// i18n.addResources('en-US', NAMESPACE, enUS);
+// i18n.addResources('ja-JP', NAMESPACE, jaJP);
+// i18n.addResources('ru-RU', NAMESPACE, ruRU);
+// i18n.addResources('tr-TR', NAMESPACE, trTR);
+
+export function lang(key: string) {
+  return i18n.t(key, { ns: NAMESPACE });
+}
+
+export function useOidcTranslation() {
+  return useTranslation(NAMESPACE);
+}

package/src/constants.ts

@@ -0,0 +1,7 @@
+// @ts-ignore
+import { name } from '../package.json';
+
+export const authType = 'OIDC+';
+export const cookieName = 'tnp_oidc_plus';
+export const logoutCookieName = 'tnp_oidc_plus_logout';
+export const namespace = name;

package/src/index.ts

@@ -0,0 +1,2 @@
+export * from './server';
+export { default } from './server';

package/src/locale/en-US.json

@@ -0,0 +1,40 @@
+{
+  "Enable": "Enable",
+  "Issuer": "Issuer",
+  "OIDC manager": "OIDC manager",
+  "OIDC Providers": "OIDC Providers",
+  "Provider name": "Name",
+  "Client id": "Client id",
+  "Client secret": "Client secret",
+  "Openid configuration": "Openid configuration",
+  "Authorization endpoint": "Authorization endpoint",
+  "Access token endpoint": "Access token endpoint",
+  "JWKS endpoint": "JWKS endpoint",
+  "Userinfo endpoint": "Userinfo endpoint",
+  "Redirect url": "Redirect url",
+  "Logout endpoint": "Logout endpoint",
+  "Id token sign alg": "Id token sign alg",
+  "Add provider": "Add",
+  "Edit provider": "Edit",
+  "Delete provider": "Delete",
+  "Sign in button name, which will be displayed on the sign in page": "Sign in button name, which will be displayed on the sign in page",
+  "Use this field to bind the user": "Use this field to bind the user",
+  "Sign up automatically when the user does not exist": "Sign up automatically when the user does not exist",
+  "Username must be 2-16 characters in length (excluding @.<>\"'/)": "Username must be 2-16 characters in length (excluding @.<>\"'/)",
+  "User not found": "User not found",
+  "Basic configuration": "Basic configuration",
+  "Field mapping": "Field mapping",
+  "Advanced configuration": "Advanced configuration",
+  "Usage": "Usage",
+  "Redirect URL": "Redirect URL",
+  "Check if NocoBase is running on HTTP protocol": "Check if NocoBase is running on HTTP protocol",
+  "The port number of the NocoBase service if it is not 80 or 443": "The port number of the NocoBase service if it is not 80 or 443",
+  "Pass parameters in the authorization code grant exchange": "Pass parameters in the authorization code grant exchange",
+  "Method to call the user info endpoint": "Method to call the user info endpoint",
+  "Where to put the access token when calling the user info endpoint": "Where to put the access token when calling the user info endpoint",
+  "Header": "Header",
+  "Body (Use with POST method)": "Body (Use with POST method)",
+  "Query parameters (Use with GET method)": "Query parameters (Use with GET method)",
+  "Parameter name": "Parameter name",
+  "The state token helps prevent CSRF attacks. It's recommended to leave it blank for automatic random generation.": "The state token helps prevent CSRF attacks. It's recommended to leave it blank for automatic random generation."
+}

package/src/locale/es-ES.json

@@ -0,0 +1,25 @@
+{
+  "Enable": "Activar",
+  "Issuer": "Emisor",
+  "Actions": "Acciones",
+  "Delete": "Borrar",
+  "Edit": "Editar",
+  "Button title": "Título del botón",
+  "OIDC manager": "Gestor OIDC",
+  "OIDC Providers": "Proveedores OIDC",
+  "Provider name": "Nombre",
+  "Client id": "Id de cliente",
+  "Client secret": "Secreto del cliente",
+  "Openid configuration": "Configuración Openid",
+  "Authorization endpoint": "Endpoint de autorización ",
+  "Access token endpoint": "Endpoint de token de acceso",
+  "JWKS endpoint": "Endpoint de JWKS",
+  "Userinfo endpoint": "Userinfo endpoint",
+  "Redirect url": "Redirect url",
+  "Logout endpoint": "Endpoint de cierre de sesión",
+  "Id token sign alg": "Id token sign alg",
+  "Add provider": "Añadir Proveedor",
+  "Edit provider": "Editar Proveedor",
+  "Delete provider": "Borrar Proveedor",
+  "Sign in button name, which will be displayed on the sign in page": "Nombre del botón de inicio de sesión, que se mostrará en la página de inicio de sesión"
+}

package/src/locale/fr-FR.json

@@ -0,0 +1,21 @@
+{
+  "Enable": "Activer",
+  "Issuer": "Issuer",
+  "OIDC manager": "OIDC manager",
+  "OIDC Providers": "OIDC Providers",
+  "Provider name": "Nom",
+  "Client id": "Client id",
+  "Client secret": "Client secret",
+  "Openid configuration": "Openid configuration",
+  "Authorization endpoint": "Authorization endpoint",
+  "Access token endpoint": "Access token endpoint",
+  "JWKS endpoint": "JWKS endpoint",
+  "Userinfo endpoint": "Userinfo endpoint",
+  "Redirect url": "Redirect url",
+  "Logout endpoint": "Logout endpoint",
+  "Id token sign alg": "Id token sign alg",
+  "Add provider": "Ajouter",
+  "Edit provider": "Modifier",
+  "Delete provider": "Supprimer",
+  "Sign in button name, which will be displayed on the sign in page": "Nom du bouton de connexion, qui sera affiché sur la page de connexion"
+}

package/src/locale/ko_KR.json

@@ -0,0 +1,28 @@
+{
+  "Enable": "활성화",
+  "Actions": "작업",
+  "Delete": "삭제",
+  "Edit": "편집",
+  "Copied": "복사됨",
+  "Field Map": "필드 매핑",
+  "id_token signed response algorithm": "id_token 서명 응답 알고리즘",
+  "Use this field to bind the user": "이 필드를 사용하여 사용자를 바인딩합니다",
+  "Sign up automatically when the user does not exist": "사용자가 존재하지 않을 때 자동으로 가입",
+  "Username must be 2-16 characters in length (excluding @.<>\"'/)": "사용자 이름은 2-16 자여야합니다 (@.<>\"'/ 제외)",
+  "User not found": "사용자를 찾을 수 없음",
+  "Basic configuration": "기본 설정",
+  "Field mapping": "필드 매핑",
+  "Advanced configuration": "고급 설정",
+  "Usage": "사용 방법",
+  "Redirect URL": "리디렉션 URL",
+  "Check if NocoBase is running on HTTP protocol": "NocoBase가 HTTP 프로토콜에서 실행 중인지 확인",
+  "The port number of the NocoBase service if it is not 80 or 443": "NocoBase 서비스의 포트 번호, 기본값은 443/80",
+  "Pass parameters in the authorization code grant exchange": "권한 부여 코드 교환 중에 매개 변수를 전달",
+  "Method to call the user info endpoint": "사용자 정보 엔드포인트를 호출하는 방법",
+  "Where to put the access token when calling the user info endpoint": "사용자 정보 엔드포인트를 호출할 때 access_token을 어디에 두어야 하는지",
+  "Header": "헤더 (기본값)",
+  "Body (Use with POST method)": "바디 (POST 방식과 함께 사용)",
+  "Query parameters (Use with GET method)": "쿼리 매개 변수 (GET 방식과 함께 사용)",
+  "Parameter name": "매개 변수 이름",
+  "The state token helps prevent CSRF attacks. It's recommended to leave it blank for automatic random generation.": "상태 토큰은 CSRF 공격을 방지하는 데 도움이 됩니다. 자동으로 무작위로 생성하려면 비워 두는 것이 좋습니다."
+  }

package/src/locale/pt-BR.json

@@ -0,0 +1,21 @@
+{
+  "Enable": "Habilitar",
+  "Issuer": "Emissor",
+  "OIDC manager": "Gerenciador OIDC",
+  "OIDC Providers": "Provedores OIDC",
+  "Provider name": "Nome do provedor",
+  "Client id": "ID do cliente",
+  "Client secret": "Segredo do cliente",
+  "Openid configuration": "Configuração OpenID",
+  "Authorization endpoint": "Endpoint de autorização",
+  "Access token endpoint": "Endpoint de token de acesso",
+  "JWKS endpoint": "Endpoint JWKS",
+  "Userinfo endpoint": "Endpoint de informações do usuário",
+  "Redirect url": "URL de redirecionamento",
+  "Logout endpoint": "Endpoint de logout",
+  "Id token sign alg": "Algoritmo de assinatura do token de ID",
+  "Add provider": "Adicionar",
+  "Edit provider": "Editar",
+  "Delete provider": "Excluir",
+  "Sign in button name, which will be displayed on the sign in page": "Nome do botão de login, que será exibido na página de login"
+}

package/src/locale/zh-CN.json

@@ -0,0 +1,28 @@
+{
+  "Enable": "启用",
+  "Actions": "操作",
+  "Delete": "删除",
+  "Edit": "编辑",
+  "Copied": "已复制",
+  "Field Map": "字段映射",
+  "id_token signed response algorithm": "id_token签名算法",
+  "Use this field to bind the user": "使用此字段绑定用户",
+  "Sign up automatically when the user does not exist": "用户不存在时自动注册",
+  "Username must be 2-16 characters in length (excluding @.<>\"'/)": "用户名必须为2-16个字符并且不包含@.<>\"'/）",
+  "User not found": "用户不存在",
+  "Basic configuration": "基础配置",
+  "Field mapping": "字段映射",
+  "Advanced configuration": "高级配置",
+  "Usage": "使用",
+  "Redirect URL": "回调 URL",
+  "Check if NocoBase is running on HTTP protocol": "NocoBase 应用为HTTP协议时勾选",
+  "The port number of the NocoBase service if it is not 80 or 443": "NocoBase 应用端口，默认 443/80",
+  "Pass parameters in the authorization code grant exchange": "使用 code 交换 token 时需要传递的参数",
+  "Method to call the user info endpoint": "访问获取用户信息的 API 的 HTTP 方法",
+  "Where to put the access token when calling the user info endpoint": "访问获取用户信息的 API 时 access_token 的传递方式",
+  "Header": "请求头 (Header, 默认)",
+  "Body (Use with POST method)": "请求体（Body, 配合 POST 方法使用）",
+  "Query parameters (Use with GET method)": "请求 URL 参数（Query, 配合 GET 方法使用）",
+  "Parameter name": "参数名",
+  "The state token helps prevent CSRF attacks. It's recommended to leave it blank for automatic random generation.": "state token 用于防止 CSRF 攻击，建议留空使用自动生成的随机值。"
+}