Compare commits
No commits in common. "6969252a9c582e5e6416eb747ed186f35766e6cb" and "9f1b765e06c92efa7187e84555d400db2ef0c847" have entirely different histories.
6969252a9c
...
9f1b765e06
37
README.md
37
README.md
@ -1,37 +0,0 @@
|
||||
# frontpage (name pending)
|
||||
|
||||
The front page of your self-hosted server.
|
||||
|
||||
This app fits the use case of having multiple applications with access gated by
|
||||
an OIDC provider, and showing a user what applications they have access to.
|
||||
|
||||
## Usage
|
||||
|
||||
```sh
|
||||
frontpage -c CONFIG.TOML
|
||||
```
|
||||
|
||||
where a minimal config file looks like:
|
||||
|
||||
```toml
|
||||
[oidc]
|
||||
client_id = "some_id"
|
||||
client_secret = "some_secret"
|
||||
issuer = "https://auth.example.com/oauth"
|
||||
scopes = [ "groups" ]
|
||||
```
|
||||
|
||||
Applications are defined using the `apps` keys:
|
||||
|
||||
```toml
|
||||
[apps.login]
|
||||
name = "Login portal"
|
||||
url = "https://auth.example.com"
|
||||
description = "Update your user details"
|
||||
groups = [ "users" ]
|
||||
```
|
||||
|
||||
In this example, only users whose OIDC groups claim includes `users` will be
|
||||
allowed to see a link to the login portal. Protection of the link, should a user
|
||||
gain access to it otherwise, is expected to be done externall (e.g., via an
|
||||
ingress controller).
|
@ -15,7 +15,6 @@ class CoreConfig:
|
||||
|
||||
debug: bool = False
|
||||
port: int = 5000
|
||||
name: str = "Front page"
|
||||
|
||||
|
||||
@dataclass
|
||||
@ -44,8 +43,8 @@ class AppConfig:
|
||||
class Config:
|
||||
"""Top-level configuration."""
|
||||
|
||||
core: CoreConfig = field(default_factory=CoreConfig)
|
||||
oidc: OidcConfig = field(default_factory=OidcConfig)
|
||||
core: CoreConfig
|
||||
oidc: OidcConfig
|
||||
apps: Dict[str, AppConfig] = field(default_factory=dict)
|
||||
|
||||
|
||||
|
@ -7,7 +7,7 @@ from flask import Blueprint, current_app, render_template
|
||||
from flask_pyoidc import OIDCAuthentication
|
||||
from flask_pyoidc.user_session import UserSession
|
||||
|
||||
from frontpage.config import AppConfig, Config, current_config
|
||||
from frontpage.config import AppConfig, current_config
|
||||
|
||||
|
||||
def _allowed(items_from: Iterable[Any], items_in: Iterable[Any]) -> bool:
|
||||
@ -31,14 +31,10 @@ def register(auth: OIDCAuthentication, auth_provider: str) -> Blueprint:
|
||||
user_session = UserSession(flask.session)
|
||||
groups: List[str] = user_session.userinfo["groups"]
|
||||
|
||||
config: Config = current_config()
|
||||
name = config.core.name
|
||||
apps = config.apps
|
||||
apps: AppConfig = current_config().apps
|
||||
allowed_apps = {
|
||||
ident: a for ident, a in apps.items() if _allowed(a.groups, groups)
|
||||
}
|
||||
return render_template(
|
||||
"home.html", brand_name=name, apps=allowed_apps, groups=groups
|
||||
)
|
||||
return render_template("home.html", apps=allowed_apps, groups=groups)
|
||||
|
||||
return routes
|
||||
|
@ -8,7 +8,7 @@
|
||||
<body>
|
||||
<nav class="nav">
|
||||
<div class="nav-left">
|
||||
<a class="brand" href="/">{{ brand_name }}</a>
|
||||
<a class="brand" href="/">Front page</a>
|
||||
</div>
|
||||
</nav>
|
||||
<main class="container">
|
||||
|
Loading…
Reference in New Issue
Block a user