Compare commits
No commits in common. "6969252a9c582e5e6416eb747ed186f35766e6cb" and "9f1b765e06c92efa7187e84555d400db2ef0c847" have entirely different histories.
6969252a9c
...
9f1b765e06
37
README.md
37
README.md
@ -1,37 +0,0 @@
|
|||||||
# frontpage (name pending)
|
|
||||||
|
|
||||||
The front page of your self-hosted server.
|
|
||||||
|
|
||||||
This app fits the use case of having multiple applications with access gated by
|
|
||||||
an OIDC provider, and showing a user what applications they have access to.
|
|
||||||
|
|
||||||
## Usage
|
|
||||||
|
|
||||||
```sh
|
|
||||||
frontpage -c CONFIG.TOML
|
|
||||||
```
|
|
||||||
|
|
||||||
where a minimal config file looks like:
|
|
||||||
|
|
||||||
```toml
|
|
||||||
[oidc]
|
|
||||||
client_id = "some_id"
|
|
||||||
client_secret = "some_secret"
|
|
||||||
issuer = "https://auth.example.com/oauth"
|
|
||||||
scopes = [ "groups" ]
|
|
||||||
```
|
|
||||||
|
|
||||||
Applications are defined using the `apps` keys:
|
|
||||||
|
|
||||||
```toml
|
|
||||||
[apps.login]
|
|
||||||
name = "Login portal"
|
|
||||||
url = "https://auth.example.com"
|
|
||||||
description = "Update your user details"
|
|
||||||
groups = [ "users" ]
|
|
||||||
```
|
|
||||||
|
|
||||||
In this example, only users whose OIDC groups claim includes `users` will be
|
|
||||||
allowed to see a link to the login portal. Protection of the link, should a user
|
|
||||||
gain access to it otherwise, is expected to be done externall (e.g., via an
|
|
||||||
ingress controller).
|
|
@ -15,7 +15,6 @@ class CoreConfig:
|
|||||||
|
|
||||||
debug: bool = False
|
debug: bool = False
|
||||||
port: int = 5000
|
port: int = 5000
|
||||||
name: str = "Front page"
|
|
||||||
|
|
||||||
|
|
||||||
@dataclass
|
@dataclass
|
||||||
@ -44,8 +43,8 @@ class AppConfig:
|
|||||||
class Config:
|
class Config:
|
||||||
"""Top-level configuration."""
|
"""Top-level configuration."""
|
||||||
|
|
||||||
core: CoreConfig = field(default_factory=CoreConfig)
|
core: CoreConfig
|
||||||
oidc: OidcConfig = field(default_factory=OidcConfig)
|
oidc: OidcConfig
|
||||||
apps: Dict[str, AppConfig] = field(default_factory=dict)
|
apps: Dict[str, AppConfig] = field(default_factory=dict)
|
||||||
|
|
||||||
|
|
||||||
|
@ -7,7 +7,7 @@ from flask import Blueprint, current_app, render_template
|
|||||||
from flask_pyoidc import OIDCAuthentication
|
from flask_pyoidc import OIDCAuthentication
|
||||||
from flask_pyoidc.user_session import UserSession
|
from flask_pyoidc.user_session import UserSession
|
||||||
|
|
||||||
from frontpage.config import AppConfig, Config, current_config
|
from frontpage.config import AppConfig, current_config
|
||||||
|
|
||||||
|
|
||||||
def _allowed(items_from: Iterable[Any], items_in: Iterable[Any]) -> bool:
|
def _allowed(items_from: Iterable[Any], items_in: Iterable[Any]) -> bool:
|
||||||
@ -31,14 +31,10 @@ def register(auth: OIDCAuthentication, auth_provider: str) -> Blueprint:
|
|||||||
user_session = UserSession(flask.session)
|
user_session = UserSession(flask.session)
|
||||||
groups: List[str] = user_session.userinfo["groups"]
|
groups: List[str] = user_session.userinfo["groups"]
|
||||||
|
|
||||||
config: Config = current_config()
|
apps: AppConfig = current_config().apps
|
||||||
name = config.core.name
|
|
||||||
apps = config.apps
|
|
||||||
allowed_apps = {
|
allowed_apps = {
|
||||||
ident: a for ident, a in apps.items() if _allowed(a.groups, groups)
|
ident: a for ident, a in apps.items() if _allowed(a.groups, groups)
|
||||||
}
|
}
|
||||||
return render_template(
|
return render_template("home.html", apps=allowed_apps, groups=groups)
|
||||||
"home.html", brand_name=name, apps=allowed_apps, groups=groups
|
|
||||||
)
|
|
||||||
|
|
||||||
return routes
|
return routes
|
||||||
|
@ -8,7 +8,7 @@
|
|||||||
<body>
|
<body>
|
||||||
<nav class="nav">
|
<nav class="nav">
|
||||||
<div class="nav-left">
|
<div class="nav-left">
|
||||||
<a class="brand" href="/">{{ brand_name }}</a>
|
<a class="brand" href="/">Front page</a>
|
||||||
</div>
|
</div>
|
||||||
</nav>
|
</nav>
|
||||||
<main class="container">
|
<main class="container">
|
||||||
|
Loading…
Reference in New Issue
Block a user