mirror of
https://github.com/OpenHands/OpenHands.git
synced 2025-12-26 05:48:36 +08:00
Get auth URL from config if it is supplied. (#10111)
This commit is contained in:
chuckbutkus
GitHub
parent
1c66347803
commit
ff2cfb7bce
@ -51,6 +51,7 @@ export interface GetConfigResponse {
|
||||
POSTHOG_CLIENT_KEY: string;
|
||||
STRIPE_PUBLISHABLE_KEY?: string;
|
||||
PROVIDERS_CONFIGURED?: Provider[];
|
||||
AUTH_URL?: string;
|
||||
FEATURE_FLAGS: {
|
||||
ENABLE_BILLING: boolean;
|
||||
HIDE_LLM_SETTINGS: boolean;
|
||||
|
||||
@ -15,12 +15,14 @@ import { Provider } from "#/types/settings";
|
||||
interface AuthModalProps {
|
||||
githubAuthUrl: string | null;
|
||||
appMode?: GetConfigResponse["APP_MODE"] | null;
|
||||
authUrl?: GetConfigResponse["AUTH_URL"];
|
||||
providersConfigured?: Provider[];
|
||||
}
|
||||
|
||||
export function AuthModal({
|
||||
githubAuthUrl,
|
||||
appMode,
|
||||
authUrl,
|
||||
providersConfigured,
|
||||
}: AuthModalProps) {
|
||||
const { t } = useTranslation();
|
||||
@ -28,16 +30,19 @@ export function AuthModal({
|
||||
const gitlabAuthUrl = useAuthUrl({
|
||||
appMode: appMode || null,
|
||||
identityProvider: "gitlab",
|
||||
authUrl,
|
||||
});
|
||||
|
||||
const bitbucketAuthUrl = useAuthUrl({
|
||||
appMode: appMode || null,
|
||||
identityProvider: "bitbucket",
|
||||
authUrl,
|
||||
});
|
||||
|
||||
const enterpriseSsoUrl = useAuthUrl({
|
||||
appMode: appMode || null,
|
||||
identityProvider: "enterprise_sso",
|
||||
authUrl,
|
||||
});
|
||||
|
||||
const handleGitHubAuth = () => {
|
||||
|
||||
@ -4,6 +4,7 @@ import { GetConfigResponse } from "#/api/open-hands.types";
|
||||
interface UseAuthUrlConfig {
|
||||
appMode: GetConfigResponse["APP_MODE"] | null;
|
||||
identityProvider: string;
|
||||
authUrl?: GetConfigResponse["AUTH_URL"];
|
||||
}
|
||||
|
||||
export const useAuthUrl = (config: UseAuthUrlConfig) => {
|
||||
@ -11,6 +12,7 @@ export const useAuthUrl = (config: UseAuthUrlConfig) => {
|
||||
return generateAuthUrl(
|
||||
config.identityProvider,
|
||||
new URL(window.location.href),
|
||||
config.authUrl,
|
||||
);
|
||||
}
|
||||
|
||||
|
||||
@ -19,21 +19,25 @@ export const useAutoLogin = () => {
|
||||
const githubAuthUrl = useAuthUrl({
|
||||
appMode: config?.APP_MODE || null,
|
||||
identityProvider: "github",
|
||||
authUrl: config?.AUTH_URL,
|
||||
});
|
||||
|
||||
const gitlabAuthUrl = useAuthUrl({
|
||||
appMode: config?.APP_MODE || null,
|
||||
identityProvider: "gitlab",
|
||||
authUrl: config?.AUTH_URL,
|
||||
});
|
||||
|
||||
const bitbucketAuthUrl = useAuthUrl({
|
||||
appMode: config?.APP_MODE || null,
|
||||
identityProvider: "bitbucket",
|
||||
authUrl: config?.AUTH_URL,
|
||||
});
|
||||
|
||||
const enterpriseSsoUrl = useAuthUrl({
|
||||
appMode: config?.APP_MODE || null,
|
||||
identityProvider: "enterprise_sso",
|
||||
authUrl: config?.AUTH_URL,
|
||||
});
|
||||
|
||||
useEffect(() => {
|
||||
|
||||
@ -4,10 +4,12 @@ import { GetConfigResponse } from "#/api/open-hands.types";
|
||||
interface UseGitHubAuthUrlConfig {
|
||||
appMode: GetConfigResponse["APP_MODE"] | null;
|
||||
gitHubClientId: GetConfigResponse["GITHUB_CLIENT_ID"] | null;
|
||||
authUrl?: GetConfigResponse["AUTH_URL"];
|
||||
}
|
||||
|
||||
export const useGitHubAuthUrl = (config: UseGitHubAuthUrlConfig) =>
|
||||
useAuthUrl({
|
||||
appMode: config.appMode,
|
||||
identityProvider: "github",
|
||||
authUrl: config.authUrl,
|
||||
});
|
||||
|
||||
@ -81,6 +81,7 @@ export default function MainApp() {
|
||||
const gitHubAuthUrl = useGitHubAuthUrl({
|
||||
appMode: config.data?.APP_MODE || null,
|
||||
gitHubClientId: config.data?.GITHUB_CLIENT_ID || null,
|
||||
authUrl: config.data?.AUTH_URL,
|
||||
});
|
||||
|
||||
// When on TOS page, we don't use the GitHub auth URL
|
||||
@ -219,6 +220,7 @@ export default function MainApp() {
|
||||
githubAuthUrl={effectiveGitHubAuthUrl}
|
||||
appMode={config.data?.APP_MODE}
|
||||
providersConfigured={config.data?.PROVIDERS_CONFIGURED}
|
||||
authUrl={config.data?.AUTH_URL}
|
||||
/>
|
||||
)}
|
||||
{renderReAuthModal && <ReauthModal />}
|
||||
|
||||
@ -4,23 +4,41 @@
|
||||
* @param requestUrl The URL of the request
|
||||
* @returns The URL to redirect to for OAuth
|
||||
*/
|
||||
export const generateAuthUrl = (identityProvider: string, requestUrl: URL) => {
|
||||
export const generateAuthUrl = (
|
||||
identityProvider: string,
|
||||
requestUrl: URL,
|
||||
authUrl?: string,
|
||||
) => {
|
||||
// Use HTTPS protocol unless the host is localhost
|
||||
const protocol =
|
||||
requestUrl.hostname === "localhost" ? requestUrl.protocol : "https:";
|
||||
const redirectUri = `${protocol}//${requestUrl.host}/oauth/keycloak/callback`;
|
||||
let authUrl = requestUrl.hostname
|
||||
.replace(/(^|\.)staging\.all-hands\.dev$/, "$1auth.staging.all-hands.dev")
|
||||
.replace(/(^|\.)app\.all-hands\.dev$/, "auth.app.all-hands.dev")
|
||||
.replace(/(^|\.)localhost$/, "auth.staging.all-hands.dev");
|
||||
|
||||
// If no replacements matched, prepend "auth." (excluding localhost)
|
||||
if (authUrl === requestUrl.hostname && requestUrl.hostname !== "localhost") {
|
||||
authUrl = `auth.${requestUrl.hostname}`;
|
||||
let finalAuthUrl: string;
|
||||
|
||||
if (authUrl) {
|
||||
// Ensure https:// is prepended and remove any accidental duplicate slashes
|
||||
finalAuthUrl = `https://${authUrl.replace(/^https?:\/\//, "")}`;
|
||||
} else {
|
||||
finalAuthUrl = requestUrl.hostname
|
||||
.replace(/(^|\.)staging\.all-hands\.dev$/, "$1auth.staging.all-hands.dev")
|
||||
.replace(/(^|\.)app\.all-hands\.dev$/, "auth.app.all-hands.dev")
|
||||
.replace(/(^|\.)localhost$/, "auth.staging.all-hands.dev");
|
||||
|
||||
// If no replacements matched, prepend "auth." (excluding localhost)
|
||||
if (
|
||||
finalAuthUrl === requestUrl.hostname &&
|
||||
requestUrl.hostname !== "localhost"
|
||||
) {
|
||||
finalAuthUrl = `auth.${requestUrl.hostname}`;
|
||||
}
|
||||
|
||||
finalAuthUrl = `https://${finalAuthUrl}`;
|
||||
}
|
||||
|
||||
const scope = "openid email profile"; // OAuth scope - not user-facing
|
||||
const separator = requestUrl.search ? "&" : "?";
|
||||
const cleanHref = requestUrl.href.replace(/\/$/, "");
|
||||
const state = `${cleanHref}${separator}login_method=${identityProvider}`;
|
||||
return `https://${authUrl}/realms/allhands/protocol/openid-connect/auth?client_id=allhands&kc_idp_hint=${identityProvider}&response_type=code&redirect_uri=${encodeURIComponent(redirectUri)}&scope=${encodeURIComponent(scope)}&state=${encodeURIComponent(state)}`;
|
||||
return `${finalAuthUrl}/realms/allhands/protocol/openid-connect/auth?client_id=allhands&kc_idp_hint=${identityProvider}&response_type=code&redirect_uri=${encodeURIComponent(redirectUri)}&scope=${encodeURIComponent(scope)}&state=${encodeURIComponent(state)}`;
|
||||
};
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user