feat(server): allow to use ssl on server (#8722)
This commit is contained in:
Antoine Moreaux
@ -103,8 +103,9 @@ export class SSOAuthController {
|
||||
);
|
||||
} catch (err) {
|
||||
// TODO: improve error management
|
||||
res.status(403).send(err.message);
|
||||
res.redirect(`${this.environmentService.get('FRONT_BASE_URL')}/verify`);
|
||||
res
|
||||
.status(403)
|
||||
.redirect(`${this.environmentService.get('FRONT_BASE_URL')}/verify`);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@ -127,13 +127,12 @@ export class EnvironmentVariables {
|
||||
PG_SSL_ALLOW_SELF_SIGNED = false;
|
||||
|
||||
// Frontend URL
|
||||
@IsUrl({ require_tld: false })
|
||||
@IsUrl({ require_tld: false, require_protocol: true })
|
||||
FRONT_BASE_URL: string;
|
||||
|
||||
// Server URL
|
||||
@IsUrl({ require_tld: false })
|
||||
@IsUrl({ require_tld: false, require_protocol: true })
|
||||
@IsOptional()
|
||||
SERVER_URL: string;
|
||||
SERVER_URL = 'http://localhost:3000';
|
||||
|
||||
@IsString()
|
||||
APP_SECRET: string;
|
||||
@ -166,10 +165,6 @@ export class EnvironmentVariables {
|
||||
INVITATION_TOKEN_EXPIRES_IN = '30d';
|
||||
|
||||
// Auth
|
||||
@IsUrl({ require_tld: false })
|
||||
@IsOptional()
|
||||
FRONT_AUTH_CALLBACK_URL: string;
|
||||
|
||||
@CastToBoolean()
|
||||
@IsOptional()
|
||||
@IsBoolean()
|
||||
@ -198,11 +193,11 @@ export class EnvironmentVariables {
|
||||
@ValidateIf((env) => env.AUTH_MICROSOFT_ENABLED)
|
||||
AUTH_MICROSOFT_CLIENT_SECRET: string;
|
||||
|
||||
@IsUrl({ require_tld: false })
|
||||
@IsUrl({ require_tld: false, require_protocol: true })
|
||||
@ValidateIf((env) => env.AUTH_MICROSOFT_ENABLED)
|
||||
AUTH_MICROSOFT_CALLBACK_URL: string;
|
||||
|
||||
@IsUrl({ require_tld: false })
|
||||
@IsUrl({ require_tld: false, require_protocol: true })
|
||||
@ValidateIf((env) => env.AUTH_MICROSOFT_ENABLED)
|
||||
AUTH_MICROSOFT_APIS_CALLBACK_URL: string;
|
||||
|
||||
@ -219,7 +214,7 @@ export class EnvironmentVariables {
|
||||
@ValidateIf((env) => env.AUTH_GOOGLE_ENABLED)
|
||||
AUTH_GOOGLE_CLIENT_SECRET: string;
|
||||
|
||||
@IsUrl({ require_tld: false })
|
||||
@IsUrl({ require_tld: false, require_protocol: true })
|
||||
@ValidateIf((env) => env.AUTH_GOOGLE_ENABLED)
|
||||
AUTH_GOOGLE_CALLBACK_URL: string;
|
||||
|
||||
@ -475,6 +470,15 @@ export class EnvironmentVariables {
|
||||
// milliseconds
|
||||
@CastToPositiveNumber()
|
||||
SERVERLESS_FUNCTION_EXEC_THROTTLE_TTL = 1000;
|
||||
|
||||
// SSL
|
||||
@IsString()
|
||||
@ValidateIf((env) => env.SERVER_URL.startsWith('https'))
|
||||
SSL_KEY_PATH: string;
|
||||
|
||||
@IsString()
|
||||
@ValidateIf((env) => env.SERVER_URL.startsWith('https'))
|
||||
SSL_CERT_PATH: string;
|
||||
}
|
||||
|
||||
export const validate = (
|
||||
|
||||
@ -209,7 +209,11 @@ export class SSOService {
|
||||
buildIssuerURL(
|
||||
identityProvider: Pick<WorkspaceSSOIdentityProvider, 'id' | 'type'>,
|
||||
) {
|
||||
return `${this.environmentService.get('SERVER_URL')}/auth/${identityProvider.type.toLowerCase()}/login/${identityProvider.id}`;
|
||||
const authorizationUrl = new URL(this.environmentService.get('SERVER_URL'));
|
||||
|
||||
authorizationUrl.pathname = `/auth/${identityProvider.type.toLowerCase()}/login/${identityProvider.id}`;
|
||||
|
||||
return authorizationUrl.toString();
|
||||
}
|
||||
|
||||
private isOIDCIdentityProvider(
|
||||
|
||||
@ -2,6 +2,8 @@ import { ValidationPipe } from '@nestjs/common';
|
||||
import { NestFactory } from '@nestjs/core';
|
||||
import { NestExpressApplication } from '@nestjs/platform-express';
|
||||
|
||||
import fs from 'fs';
|
||||
|
||||
import session from 'express-session';
|
||||
import bytes from 'bytes';
|
||||
import { useContainer } from 'class-validator';
|
||||
@ -24,6 +26,14 @@ const bootstrap = async () => {
|
||||
bufferLogs: process.env.LOGGER_IS_BUFFER_ENABLED === 'true',
|
||||
rawBody: true,
|
||||
snapshot: process.env.DEBUG_MODE === 'true',
|
||||
...(process.env.SSL_KEY_PATH && process.env.SSL_CERT_PATH
|
||||
? {
|
||||
httpsOptions: {
|
||||
key: fs.readFileSync(process.env.SSL_KEY_PATH),
|
||||
cert: fs.readFileSync(process.env.SSL_CERT_PATH),
|
||||
},
|
||||
}
|
||||
: {}),
|
||||
});
|
||||
const logger = app.get(LoggerService);
|
||||
const environmentService = app.get(EnvironmentService);
|
||||
@ -68,7 +78,7 @@ const bootstrap = async () => {
|
||||
app.use(session(getSessionStorageOptions(environmentService)));
|
||||
}
|
||||
|
||||
await app.listen(process.env.PORT ?? 3000);
|
||||
await app.listen(environmentService.get('PORT'));
|
||||
};
|
||||
|
||||
bootstrap();
|
||||
|
||||
Reference in New Issue
Block a user