Compare commits
2 Commits
c3831e9efe
...
6969252a9c
Author | SHA1 | Date | |
---|---|---|---|
6969252a9c | |||
4e4f663e1b |
37
README.md
Normal file
37
README.md
Normal file
@ -0,0 +1,37 @@
|
|||||||
|
# frontpage (name pending)
|
||||||
|
|
||||||
|
The front page of your self-hosted server.
|
||||||
|
|
||||||
|
This app fits the use case of having multiple applications with access gated by
|
||||||
|
an OIDC provider, and showing a user what applications they have access to.
|
||||||
|
|
||||||
|
## Usage
|
||||||
|
|
||||||
|
```sh
|
||||||
|
frontpage -c CONFIG.TOML
|
||||||
|
```
|
||||||
|
|
||||||
|
where a minimal config file looks like:
|
||||||
|
|
||||||
|
```toml
|
||||||
|
[oidc]
|
||||||
|
client_id = "some_id"
|
||||||
|
client_secret = "some_secret"
|
||||||
|
issuer = "https://auth.example.com/oauth"
|
||||||
|
scopes = [ "groups" ]
|
||||||
|
```
|
||||||
|
|
||||||
|
Applications are defined using the `apps` keys:
|
||||||
|
|
||||||
|
```toml
|
||||||
|
[apps.login]
|
||||||
|
name = "Login portal"
|
||||||
|
url = "https://auth.example.com"
|
||||||
|
description = "Update your user details"
|
||||||
|
groups = [ "users" ]
|
||||||
|
```
|
||||||
|
|
||||||
|
In this example, only users whose OIDC groups claim includes `users` will be
|
||||||
|
allowed to see a link to the login portal. Protection of the link, should a user
|
||||||
|
gain access to it otherwise, is expected to be done externall (e.g., via an
|
||||||
|
ingress controller).
|
@ -15,6 +15,7 @@ class CoreConfig:
|
|||||||
|
|
||||||
debug: bool = False
|
debug: bool = False
|
||||||
port: int = 5000
|
port: int = 5000
|
||||||
|
name: str = "Front page"
|
||||||
|
|
||||||
|
|
||||||
@dataclass
|
@dataclass
|
||||||
@ -43,8 +44,8 @@ class AppConfig:
|
|||||||
class Config:
|
class Config:
|
||||||
"""Top-level configuration."""
|
"""Top-level configuration."""
|
||||||
|
|
||||||
core: CoreConfig
|
core: CoreConfig = field(default_factory=CoreConfig)
|
||||||
oidc: OidcConfig
|
oidc: OidcConfig = field(default_factory=OidcConfig)
|
||||||
apps: Dict[str, AppConfig] = field(default_factory=dict)
|
apps: Dict[str, AppConfig] = field(default_factory=dict)
|
||||||
|
|
||||||
|
|
||||||
|
@ -7,7 +7,7 @@ from flask import Blueprint, current_app, render_template
|
|||||||
from flask_pyoidc import OIDCAuthentication
|
from flask_pyoidc import OIDCAuthentication
|
||||||
from flask_pyoidc.user_session import UserSession
|
from flask_pyoidc.user_session import UserSession
|
||||||
|
|
||||||
from frontpage.config import AppConfig, current_config
|
from frontpage.config import AppConfig, Config, current_config
|
||||||
|
|
||||||
|
|
||||||
def _allowed(items_from: Iterable[Any], items_in: Iterable[Any]) -> bool:
|
def _allowed(items_from: Iterable[Any], items_in: Iterable[Any]) -> bool:
|
||||||
@ -31,10 +31,14 @@ def register(auth: OIDCAuthentication, auth_provider: str) -> Blueprint:
|
|||||||
user_session = UserSession(flask.session)
|
user_session = UserSession(flask.session)
|
||||||
groups: List[str] = user_session.userinfo["groups"]
|
groups: List[str] = user_session.userinfo["groups"]
|
||||||
|
|
||||||
apps: AppConfig = current_config().apps
|
config: Config = current_config()
|
||||||
|
name = config.core.name
|
||||||
|
apps = config.apps
|
||||||
allowed_apps = {
|
allowed_apps = {
|
||||||
ident: a for ident, a in apps.items() if _allowed(a.groups, groups)
|
ident: a for ident, a in apps.items() if _allowed(a.groups, groups)
|
||||||
}
|
}
|
||||||
return render_template("home.html", apps=allowed_apps, groups=groups)
|
return render_template(
|
||||||
|
"home.html", brand_name=name, apps=allowed_apps, groups=groups
|
||||||
|
)
|
||||||
|
|
||||||
return routes
|
return routes
|
||||||
|
@ -8,7 +8,7 @@
|
|||||||
<body>
|
<body>
|
||||||
<nav class="nav">
|
<nav class="nav">
|
||||||
<div class="nav-left">
|
<div class="nav-left">
|
||||||
<a class="brand" href="/">Front page</a>
|
<a class="brand" href="/">{{ brand_name }}</a>
|
||||||
</div>
|
</div>
|
||||||
</nav>
|
</nav>
|
||||||
<main class="container">
|
<main class="container">
|
||||||
|
Loading…
Reference in New Issue
Block a user