From 5883dff4cf0abe99b3ac8f0b56fdc9d04e80b51c Mon Sep 17 00:00:00 2001 From: COMPLEX <167404873+COMPLEXWASTAKEN@users.noreply.github.com> Date: Mon, 30 Sep 2024 02:53:58 -0400 Subject: [PATCH] feat(oauth): add ability to limit user IDs for Discord authentication (#621) --- backend/package-lock.json | 212 +----------------- backend/prisma/seed/config.seed.ts | 4 + .../src/oauth/provider/discord.provider.ts | 12 +- .../src/pages/admin/config/[category].tsx | 2 + 4 files changed, 22 insertions(+), 208 deletions(-) diff --git a/backend/package-lock.json b/backend/package-lock.json index 8b18c6f3..c20a9d4d 100644 --- a/backend/package-lock.json +++ b/backend/package-lock.json @@ -20,7 +20,6 @@ "@nestjs/throttler": "^6.2.1", "@prisma/client": "^5.19.1", "@types/jmespath": "^0.15.2", - "@types/ldapjs": "^3.0.6", "archiver": "^7.0.1", "argon2": "^0.41.1", "body-parser": "^1.20.3", @@ -31,7 +30,6 @@ "content-disposition": "^0.5.4", "cookie-parser": "^1.4.6", "jmespath": "^0.16.0", - "ldapjs": "^3.0.7", "ldapts": "^7.2.0", "mime-types": "^2.1.35", "moment": "^2.30.1", @@ -1028,101 +1026,6 @@ "@jridgewell/sourcemap-codec": "^1.4.14" } }, - "node_modules/@ldapjs/asn1": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/@ldapjs/asn1/-/asn1-2.0.0.tgz", - "integrity": "sha512-G9+DkEOirNgdPmD0I8nu57ygQJKOOgFEMKknEuQvIHbGLwP3ny1mY+OTUYLCbCaGJP4sox5eYgBJRuSUpnAddA==", - "deprecated": "This package has been decomissioned. See https://github.com/ldapjs/node-ldapjs/blob/8ffd0bc9c149088a10ec4c1ec6a18450f76ad05d/README.md", - "license": "MIT" - }, - "node_modules/@ldapjs/attribute": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/@ldapjs/attribute/-/attribute-1.0.0.tgz", - "integrity": "sha512-ptMl2d/5xJ0q+RgmnqOi3Zgwk/TMJYG7dYMC0Keko+yZU6n+oFM59MjQOUht5pxJeS4FWrImhu/LebX24vJNRQ==", - "deprecated": "This package has been decomissioned. See https://github.com/ldapjs/node-ldapjs/blob/8ffd0bc9c149088a10ec4c1ec6a18450f76ad05d/README.md", - "license": "MIT", - "dependencies": { - "@ldapjs/asn1": "2.0.0", - "@ldapjs/protocol": "^1.2.1", - "process-warning": "^2.1.0" - } - }, - "node_modules/@ldapjs/change": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/@ldapjs/change/-/change-1.0.0.tgz", - "integrity": "sha512-EOQNFH1RIku3M1s0OAJOzGfAohuFYXFY4s73wOhRm4KFGhmQQ7MChOh2YtYu9Kwgvuq1B0xKciXVzHCGkB5V+Q==", - "deprecated": "This package has been decomissioned. See https://github.com/ldapjs/node-ldapjs/blob/8ffd0bc9c149088a10ec4c1ec6a18450f76ad05d/README.md", - "license": "MIT", - "dependencies": { - "@ldapjs/asn1": "2.0.0", - "@ldapjs/attribute": "1.0.0" - } - }, - "node_modules/@ldapjs/controls": { - "version": "2.1.0", - "resolved": "https://registry.npmjs.org/@ldapjs/controls/-/controls-2.1.0.tgz", - "integrity": "sha512-2pFdD1yRC9V9hXfAWvCCO2RRWK9OdIEcJIos/9cCVP9O4k72BY1bLDQQ4KpUoJnl4y/JoD4iFgM+YWT3IfITWw==", - "deprecated": "This package has been decomissioned. See https://github.com/ldapjs/node-ldapjs/blob/8ffd0bc9c149088a10ec4c1ec6a18450f76ad05d/README.md", - "license": "MIT", - "dependencies": { - "@ldapjs/asn1": "^1.2.0", - "@ldapjs/protocol": "^1.2.1" - } - }, - "node_modules/@ldapjs/controls/node_modules/@ldapjs/asn1": { - "version": "1.2.0", - "resolved": "https://registry.npmjs.org/@ldapjs/asn1/-/asn1-1.2.0.tgz", - "integrity": "sha512-KX/qQJ2xxzvO2/WOvr1UdQ+8P5dVvuOLk/C9b1bIkXxZss8BaR28njXdPgFCpj5aHaf1t8PmuVnea+N9YG9YMw==", - "deprecated": "This package has been decomissioned. See https://github.com/ldapjs/node-ldapjs/blob/8ffd0bc9c149088a10ec4c1ec6a18450f76ad05d/README.md", - "license": "MIT" - }, - "node_modules/@ldapjs/dn": { - "version": "1.1.0", - "resolved": "https://registry.npmjs.org/@ldapjs/dn/-/dn-1.1.0.tgz", - "integrity": "sha512-R72zH5ZeBj/Fujf/yBu78YzpJjJXG46YHFo5E4W1EqfNpo1UsVPqdLrRMXeKIsJT3x9dJVIfR6OpzgINlKpi0A==", - "deprecated": "This package has been decomissioned. See https://github.com/ldapjs/node-ldapjs/blob/8ffd0bc9c149088a10ec4c1ec6a18450f76ad05d/README.md", - "license": "MIT", - "dependencies": { - "@ldapjs/asn1": "2.0.0", - "process-warning": "^2.1.0" - } - }, - "node_modules/@ldapjs/filter": { - "version": "2.1.1", - "resolved": "https://registry.npmjs.org/@ldapjs/filter/-/filter-2.1.1.tgz", - "integrity": "sha512-TwPK5eEgNdUO1ABPBUQabcZ+h9heDORE4V9WNZqCtYLKc06+6+UAJ3IAbr0L0bYTnkkWC/JEQD2F+zAFsuikNw==", - "deprecated": "This package has been decomissioned. See https://github.com/ldapjs/node-ldapjs/blob/8ffd0bc9c149088a10ec4c1ec6a18450f76ad05d/README.md", - "license": "MIT", - "dependencies": { - "@ldapjs/asn1": "2.0.0", - "@ldapjs/protocol": "^1.2.1", - "process-warning": "^2.1.0" - } - }, - "node_modules/@ldapjs/messages": { - "version": "1.3.0", - "resolved": "https://registry.npmjs.org/@ldapjs/messages/-/messages-1.3.0.tgz", - "integrity": "sha512-K7xZpXJ21bj92jS35wtRbdcNrwmxAtPwy4myeh9duy/eR3xQKvikVycbdWVzkYEAVE5Ce520VXNOwCHjomjCZw==", - "deprecated": "This package has been decomissioned. See https://github.com/ldapjs/node-ldapjs/blob/8ffd0bc9c149088a10ec4c1ec6a18450f76ad05d/README.md", - "license": "MIT", - "dependencies": { - "@ldapjs/asn1": "^2.0.0", - "@ldapjs/attribute": "^1.0.0", - "@ldapjs/change": "^1.0.0", - "@ldapjs/controls": "^2.1.0", - "@ldapjs/dn": "^1.1.0", - "@ldapjs/filter": "^2.1.1", - "@ldapjs/protocol": "^1.2.1", - "process-warning": "^2.2.0" - } - }, - "node_modules/@ldapjs/protocol": { - "version": "1.2.1", - "resolved": "https://registry.npmjs.org/@ldapjs/protocol/-/protocol-1.2.1.tgz", - "integrity": "sha512-O89xFDLW2gBoZWNXuXpBSM32/KealKCTb3JGtJdtUQc7RjAk8XzrRgyz02cPAwGKwKPxy0ivuC7UP9bmN87egQ==", - "deprecated": "This package has been decomissioned. See https://github.com/ldapjs/node-ldapjs/blob/8ffd0bc9c149088a10ec4c1ec6a18450f76ad05d/README.md", - "license": "MIT" - }, "node_modules/@ljharb/through": { "version": "2.3.13", "resolved": "https://registry.npmjs.org/@ljharb/through/-/through-2.3.13.tgz", @@ -1903,15 +1806,6 @@ "@types/node": "*" } }, - "node_modules/@types/ldapjs": { - "version": "3.0.6", - "resolved": "https://registry.npmjs.org/@types/ldapjs/-/ldapjs-3.0.6.tgz", - "integrity": "sha512-E2Tn1ltJDYBsidOT9QG4engaQeQzRQ9aYNxVmjCkD33F7cIeLPgrRDXAYs0O35mK2YDU20c/+ZkNjeAPRGLM0Q==", - "license": "MIT", - "dependencies": { - "@types/node": "*" - } - }, "node_modules/@types/luxon": { "version": "3.4.2", "resolved": "https://registry.npmjs.org/@types/luxon/-/luxon-3.4.2.tgz", @@ -2438,12 +2332,6 @@ "node": ">=6.5" } }, - "node_modules/abstract-logging": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/abstract-logging/-/abstract-logging-2.0.1.tgz", - "integrity": "sha512-2BjRTZxTPvheOvGbBslFSYOUkr+SjPtOnrLP33f+VIWLzezQpZcqVg7ja3L4dBXmzzgwT+a029jRx5PCi3JuiA==", - "license": "MIT" - }, "node_modules/accepts": { "version": "1.3.8", "resolved": "https://registry.npmjs.org/accepts/-/accepts-1.3.8.tgz", @@ -2775,6 +2663,7 @@ "version": "1.0.0", "resolved": "https://registry.npmjs.org/assert-plus/-/assert-plus-1.0.0.tgz", "integrity": "sha512-NfJ4UzBCcQGLDlQq7nHxH+tv3kyZ0hHQqF5BO6J7tNJeP5do1llPr8dZ8zHonfhAu0PHAdMkSo+8o0wxg9lZWw==", + "dev": true, "engines": { "node": ">=0.8" } @@ -2821,18 +2710,6 @@ "resolved": "https://registry.npmjs.org/b4a/-/b4a-1.6.6.tgz", "integrity": "sha512-5Tk1HLk6b6ctmjIkAcU/Ujv/1WqiDl0F0JdRCR80VsOcUlHcu7pWeWRlOqQLHfDEsVx9YH/aif5AG4ehoCtTmg==" }, - "node_modules/backoff": { - "version": "2.5.0", - "resolved": "https://registry.npmjs.org/backoff/-/backoff-2.5.0.tgz", - "integrity": "sha512-wC5ihrnUXmR2douXmXLCe5O3zg3GKIyvRi/hi58a/XyRxVI+3/yM0PYueQOZXPXQ9pxBislYkw+sF9b7C/RuMA==", - "license": "MIT", - "dependencies": { - "precond": "0.2" - }, - "engines": { - "node": ">= 0.6" - } - }, "node_modules/balanced-match": { "version": "1.0.2", "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.2.tgz", @@ -4362,6 +4239,7 @@ "version": "1.3.0", "resolved": "https://registry.npmjs.org/extsprintf/-/extsprintf-1.3.0.tgz", "integrity": "sha512-11Ndz7Nv+mvAC1j0ktTa7fAb0vLyGGX+rMHNBYQviQDGU0Hw7lhctJANqbPhu9nV9/izT/IntTgZ7Im/9LJs9g==", + "dev": true, "engines": [ "node >=0.6.0" ] @@ -5519,49 +5397,6 @@ "node": ">= 0.6.3" } }, - "node_modules/ldapjs": { - "version": "3.0.7", - "resolved": "https://registry.npmjs.org/ldapjs/-/ldapjs-3.0.7.tgz", - "integrity": "sha512-1ky+WrN+4CFMuoekUOv7Y1037XWdjKpu0xAPwSP+9KdvmV9PG+qOKlssDV6a+U32apwxdD3is/BZcWOYzN30cg==", - "deprecated": "This package has been decomissioned. See https://github.com/ldapjs/node-ldapjs/blob/8ffd0bc9c149088a10ec4c1ec6a18450f76ad05d/README.md", - "license": "MIT", - "dependencies": { - "@ldapjs/asn1": "^2.0.0", - "@ldapjs/attribute": "^1.0.0", - "@ldapjs/change": "^1.0.0", - "@ldapjs/controls": "^2.1.0", - "@ldapjs/dn": "^1.1.0", - "@ldapjs/filter": "^2.1.1", - "@ldapjs/messages": "^1.3.0", - "@ldapjs/protocol": "^1.2.1", - "abstract-logging": "^2.0.1", - "assert-plus": "^1.0.0", - "backoff": "^2.5.0", - "once": "^1.4.0", - "vasync": "^2.2.1", - "verror": "^1.10.1" - } - }, - "node_modules/ldapjs/node_modules/core-util-is": { - "version": "1.0.2", - "resolved": "https://registry.npmjs.org/core-util-is/-/core-util-is-1.0.2.tgz", - "integrity": "sha512-3lqz5YjWTYnW6dlDa5TLaTCcShfar1e40rmcJVwCBJC6mWlFuj0eCHIElmG1g5kyuJ/GD+8Wn4FFCcz4gJPfaQ==", - "license": "MIT" - }, - "node_modules/ldapjs/node_modules/verror": { - "version": "1.10.1", - "resolved": "https://registry.npmjs.org/verror/-/verror-1.10.1.tgz", - "integrity": "sha512-veufcmxri4e3XSrT0xwfUR7kguIkaxBeosDg00yDWhk49wdwkSUrvvsm7nc75e1PUyvIeZj6nS8VQRYz2/S4Xg==", - "license": "MIT", - "dependencies": { - "assert-plus": "^1.0.0", - "core-util-is": "1.0.2", - "extsprintf": "^1.2.0" - }, - "engines": { - "node": ">=0.6.0" - } - }, "node_modules/ldapts": { "version": "7.2.0", "resolved": "https://registry.npmjs.org/ldapts/-/ldapts-7.2.0.tgz", @@ -6166,14 +6001,6 @@ "node": ">= 0.8" } }, - "node_modules/once": { - "version": "1.4.0", - "resolved": "https://registry.npmjs.org/once/-/once-1.4.0.tgz", - "integrity": "sha512-lNaJgI+2Q5URQBkccEKHTQOPaXdUxnZZElQTZY0MFUAuaEqe1E+Nyvgdz/aIyNi6Z9MzO5dv1H8n58/GELp3+w==", - "dependencies": { - "wrappy": "1" - } - }, "node_modules/onetime": { "version": "5.1.2", "resolved": "https://registry.npmjs.org/onetime/-/onetime-5.1.2.tgz", @@ -6691,14 +6518,6 @@ "node": ">=10" } }, - "node_modules/precond": { - "version": "0.2.3", - "resolved": "https://registry.npmjs.org/precond/-/precond-0.2.3.tgz", - "integrity": "sha512-QCYG84SgGyGzqJ/vlMsxeXd/pgL/I94ixdNFyh1PusWmTCyVfPJjZ1K1jvHtsbfnXQs2TSkEP2fR7QiMZAnKFQ==", - "engines": { - "node": ">= 0.6" - } - }, "node_modules/prelude-ls": { "version": "1.2.1", "resolved": "https://registry.npmjs.org/prelude-ls/-/prelude-ls-1.2.1.tgz", @@ -6782,12 +6601,6 @@ "resolved": "https://registry.npmjs.org/process-nextick-args/-/process-nextick-args-2.0.1.tgz", "integrity": "sha512-3ouUOpQhtgrbOa17J7+uxOTpITYWaGP7/AhoR3+A+/1e9skrzelGi/dXzEYyvbxubEF6Wn2ypscTKiKJFFn1ag==" }, - "node_modules/process-warning": { - "version": "2.3.2", - "resolved": "https://registry.npmjs.org/process-warning/-/process-warning-2.3.2.tgz", - "integrity": "sha512-n9wh8tvBe5sFmsqlg+XQhaQLumwpqoAUruLwjCopgTmUBjJ/fjtBsJzKleCaIGBOMXYEhp1YfKl4d7rJ5ZKJGA==", - "license": "MIT" - }, "node_modules/promise-coalesce": { "version": "1.1.2", "resolved": "https://registry.npmjs.org/promise-coalesce/-/promise-coalesce-1.1.2.tgz", @@ -8165,22 +7978,11 @@ "node": ">= 0.8" } }, - "node_modules/vasync": { - "version": "2.2.1", - "resolved": "https://registry.npmjs.org/vasync/-/vasync-2.2.1.tgz", - "integrity": "sha512-Hq72JaTpcTFdWiNA4Y22Amej2GH3BFmBaKPPlDZ4/oC8HNn2ISHLkFrJU4Ds8R3jcUi7oo5Y9jcMHKjES+N9wQ==", - "engines": [ - "node >=0.6.0" - ], - "license": "MIT", - "dependencies": { - "verror": "1.10.0" - } - }, "node_modules/verror": { "version": "1.10.0", "resolved": "https://registry.npmjs.org/verror/-/verror-1.10.0.tgz", "integrity": "sha512-ZZKSmDAEFOijERBLkmYfJ+vmk3w+7hOLYDNkRCuRuMJGEmqYNCNLyBBFwWKVMhfwaEF3WOd0Zlw86U/WC/+nYw==", + "dev": true, "engines": [ "node >=0.6.0" ], @@ -8193,7 +7995,8 @@ "node_modules/verror/node_modules/core-util-is": { "version": "1.0.2", "resolved": "https://registry.npmjs.org/core-util-is/-/core-util-is-1.0.2.tgz", - "integrity": "sha512-3lqz5YjWTYnW6dlDa5TLaTCcShfar1e40rmcJVwCBJC6mWlFuj0eCHIElmG1g5kyuJ/GD+8Wn4FFCcz4gJPfaQ==" + "integrity": "sha512-3lqz5YjWTYnW6dlDa5TLaTCcShfar1e40rmcJVwCBJC6mWlFuj0eCHIElmG1g5kyuJ/GD+8Wn4FFCcz4gJPfaQ==", + "dev": true }, "node_modules/wait-on": { "version": "8.0.1", @@ -8374,11 +8177,6 @@ "url": "https://github.com/chalk/wrap-ansi?sponsor=1" } }, - "node_modules/wrappy": { - "version": "1.0.2", - "resolved": "https://registry.npmjs.org/wrappy/-/wrappy-1.0.2.tgz", - "integrity": "sha512-l4Sp/DRseor9wL6EvV2+TuQn63dMkPjZ/sp9XkghTEbV9KlPS1xUsZ3u7/IQO4wxtcFB4bgpQPRcR3QCvezPcQ==" - }, "node_modules/xmlbuilder": { "version": "15.1.1", "resolved": "https://registry.npmjs.org/xmlbuilder/-/xmlbuilder-15.1.1.tgz", diff --git a/backend/prisma/seed/config.seed.ts b/backend/prisma/seed/config.seed.ts index 161c7415..c4de5dfa 100644 --- a/backend/prisma/seed/config.seed.ts +++ b/backend/prisma/seed/config.seed.ts @@ -254,6 +254,10 @@ const configVariables: ConfigVariables = { type: "string", defaultValue: "", }, + "discord-limitedUsers": { + type: "string", + defaultValue: "", + }, "discord-clientId": { type: "string", defaultValue: "", diff --git a/backend/src/oauth/provider/discord.provider.ts b/backend/src/oauth/provider/discord.provider.ts index 717cd8e7..7391b17f 100644 --- a/backend/src/oauth/provider/discord.provider.ts +++ b/backend/src/oauth/provider/discord.provider.ts @@ -81,7 +81,11 @@ export class DiscordProvider implements OAuthProvider { if (guild) { await this.checkLimitedGuild(token, guild); } - + const limitedUsers = this.config.get("oauth.discord-limitedUsers"); + if (limitedUsers) { + await this.checkLimitedUsers(user, limitedUsers); + } + return { provider: "discord", providerId: user.id, @@ -107,6 +111,12 @@ export class DiscordProvider implements OAuthProvider { throw new ErrorPageException("user_not_allowed"); } } + + async checkLimitedUsers(user: DiscordUser, userIds: string) { + if (!userIds.split(",").includes(user.id)) { + throw new ErrorPageException("user_not_allowed"); + } + } } export interface DiscordToken { diff --git a/frontend/src/pages/admin/config/[category].tsx b/frontend/src/pages/admin/config/[category].tsx index 25dad082..22cd61d8 100644 --- a/frontend/src/pages/admin/config/[category].tsx +++ b/frontend/src/pages/admin/config/[category].tsx @@ -68,6 +68,8 @@ export default function AppShellDemo() { }) .catch(toast.axiosError); void config.refresh(); + } else { + toast.success("No changes to save"); } };