mirror of
https://github.com/sysadminsmedia/homebox.git
synced 2025-12-28 16:06:37 +01:00
f36756d98e
* ent re-generation
* add oidc integration
* document oidc integration
* go fmt
* address backend linter findings
* run prettier on index.vue
* State cookie domain can mismatch when Hostname override is used (breaks CSRF check). Add SameSite.
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
* Delete state cookie with matching domain and MaxAge; add SameSite.
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
* Fix endpoint path in comments and error to include /api/v1.
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
* Also use request context when verifying the ID token.
* Do not return raw auth errors to clients (user-enumeration risk).
* consistently set cookie the same way across function
* remove baseURL after declaration
* only enable OIDC routes if OIDC is enabled
* swagger doc for failure
* Only block when provider=local; move the check after parsing provider
* fix extended session comment
* reduce pii logging
* futher reduce pii logging
* remove unused DiscoveryDocument
* remove unused offline_access from default oidc scopes
* remove offline access from AuthCodeURL
* support host from X-Forwarded-Host
* set sane default claim names if unset
* error strings should not be capitalized
* Revert "run prettier on index.vue"
This reverts commit aa22330a23.
* Add timeout to provider discovery
* Split scopes robustly
* refactor hostname calculation
* address frontend prettier findings
* add property oidc on type APISummary
* LoginOIDC: Normalize inputs, only create if not found
* add oidc email verification
* oidc handleCallback: clear state cookie before each return
* add support for oidc nonce parameter
* Harden first-login race: handle concurrent creates gracefully and fix log key.
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
* support email verified claim as bool or string
* fail fast on empty email
* PKCE verifier
* fix: add timing delay to attachment test to resolve CI race condition
The attachment test was failing intermittently in CI due to a race condition
between attachment creation and retrieval. Adding a small 100ms delay after
attachment creation ensures the file system and database operations complete
before the test attempts to verify the attachment exists.
* Revert "fix: add timing delay to attachment test to resolve CI race condition"
This reverts commit 4aa8b2a0d829753e8d2dd1ba76f4b1e04e28c45e.
* oidc error state, use ref
* rename oidc.force to oidc.authRedirect
* remove hardcoded oidc error timeout
* feat: sub/iss based identity matching and userinfo endpoint collection
---------
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
Co-authored-by: Matthew Kilgore <matthew@kilgore.dev>
110 lines
2.0 KiB
Go
110 lines
2.0 KiB
Go
package schema
|
|
|
|
import (
|
|
"entgo.io/ent"
|
|
"entgo.io/ent/dialect/entsql"
|
|
"entgo.io/ent/schema/edge"
|
|
"entgo.io/ent/schema/field"
|
|
"entgo.io/ent/schema/index"
|
|
"entgo.io/ent/schema/mixin"
|
|
"github.com/google/uuid"
|
|
"github.com/sysadminsmedia/homebox/backend/internal/data/ent/schema/mixins"
|
|
)
|
|
|
|
// User holds the schema definition for the User entity.
|
|
type User struct {
|
|
ent.Schema
|
|
}
|
|
|
|
func (User) Mixin() []ent.Mixin {
|
|
return []ent.Mixin{
|
|
mixins.BaseMixin{},
|
|
GroupMixin{ref: "users"},
|
|
}
|
|
}
|
|
|
|
// Fields of the User.
|
|
func (User) Fields() []ent.Field {
|
|
return []ent.Field{
|
|
field.String("name").
|
|
MaxLen(255).
|
|
NotEmpty(),
|
|
field.String("email").
|
|
MaxLen(255).
|
|
NotEmpty().
|
|
Unique(),
|
|
field.String("password").
|
|
MaxLen(255).
|
|
Nillable().
|
|
Optional().
|
|
Sensitive(),
|
|
field.Bool("is_superuser").
|
|
Default(false),
|
|
field.Bool("superuser").
|
|
Default(false),
|
|
field.Enum("role").
|
|
Default("user").
|
|
Values("user", "owner"),
|
|
field.Time("activated_on").
|
|
Optional(),
|
|
// OIDC identity mapping fields (issuer + subject)
|
|
field.String("oidc_issuer").
|
|
Optional().
|
|
Nillable(),
|
|
field.String("oidc_subject").
|
|
Optional().
|
|
Nillable(),
|
|
}
|
|
}
|
|
|
|
func (User) Indexes() []ent.Index {
|
|
return []ent.Index{
|
|
index.Fields("oidc_issuer", "oidc_subject").Unique(),
|
|
}
|
|
}
|
|
|
|
// Edges of the User.
|
|
func (User) Edges() []ent.Edge {
|
|
return []ent.Edge{
|
|
edge.To("auth_tokens", AuthTokens.Type).
|
|
Annotations(entsql.Annotation{
|
|
OnDelete: entsql.Cascade,
|
|
}),
|
|
edge.To("notifiers", Notifier.Type).
|
|
Annotations(entsql.Annotation{
|
|
OnDelete: entsql.Cascade,
|
|
}),
|
|
}
|
|
}
|
|
|
|
// UserMixin when embedded in an ent.Schema, adds a reference to
|
|
// the Group entity.
|
|
type UserMixin struct {
|
|
ref string
|
|
field string
|
|
mixin.Schema
|
|
}
|
|
|
|
func (g UserMixin) Fields() []ent.Field {
|
|
if g.field != "" {
|
|
return []ent.Field{
|
|
field.UUID(g.field, uuid.UUID{}),
|
|
}
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func (g UserMixin) Edges() []ent.Edge {
|
|
e := edge.From("user", User.Type).
|
|
Ref(g.ref).
|
|
Unique().
|
|
Required()
|
|
|
|
if g.field != "" {
|
|
e = e.Field(g.field)
|
|
}
|
|
|
|
return []ent.Edge{e}
|
|
}
|