diff --git a/example.env b/.env.example similarity index 54% rename from example.env rename to .env.example index 893d1dc..43c2b83 100644 --- a/example.env +++ b/.env.example @@ -1,6 +1,9 @@ +# Environment variables to configure the application +# Copy this file to .env and edit the configuration if necessary DATABASE_URL=postgresql://postgres:1234@localhost:5432/visitenbuch?schema=public AUTH_SECRET=ptfg+yUj3mQfdPh+5d1ooIkiB7KLO6J2q3jiBhILzE/eabiL # generate with openssl rand -base64 36 KEYCLOAK_CLIENT_ID=visitenbuch KEYCLOAK_CLIENT_SECRET=supersecret -KEYCLOAK_ISSUER=https://example.com/realms/master +KEYCLOAK_ISSUER=http://localhost:9090 +KEYCLOAK_LOGOUT=http://localhost:9090/session/end diff --git a/.env.test b/.env.test new file mode 100644 index 0000000..0f5af92 --- /dev/null +++ b/.env.test @@ -0,0 +1,8 @@ +# Environment variables for E2E testing +DATABASE_URL=postgresql://postgres:1234@localhost:5432/test?schema=public + +AUTH_SECRET=ptfg+yUj3mQfdPh+5d1ooIkiB7KLO6J2q3jiBhILzE/eabiL # generate with openssl rand -base64 36 +KEYCLOAK_CLIENT_ID=visitenbuch +KEYCLOAK_CLIENT_SECRET=supersecret +KEYCLOAK_ISSUER=http://localhost:9090 +KEYCLOAK_LOGOUT=http://localhost:9090/session/end diff --git a/.forgejo/workflows/ci.yaml b/.forgejo/workflows/ci.yaml index bcbb182..4c334fb 100644 --- a/.forgejo/workflows/ci.yaml +++ b/.forgejo/workflows/ci.yaml @@ -23,7 +23,9 @@ jobs: - name: ๐Ÿ‘๏ธ Checkout repository uses: actions/checkout@v4 - name: ๐Ÿ“ฆ pnpm install - run: pnpm install + run: | + pnpm install + cp .env.test .env - name: ๐Ÿง lint run: | npm run check diff --git a/.gitignore b/.gitignore index 6635cf5..cdc9c6b 100644 --- a/.gitignore +++ b/.gitignore @@ -4,7 +4,5 @@ node_modules /.svelte-kit /package .env -.env.* -!.env.example vite.config.js.timestamp-* vite.config.ts.timestamp-* diff --git a/CHANGELOG.md b/CHANGELOG.md index 8253b3a..f556d50 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,17 @@ All notable changes to this project will be documented in this file. +## [v0.3.1](https://code.thetadev.de/HSA/Visitenbuch/compare/v0.3.0..v0.3.1) - 2024-05-13 + +### ๐Ÿš€ Features + +- Logout user from OIDC provider - ([8316d40](https://code.thetadev.de/HSA/Visitenbuch/commit/8316d4078c1ccaf40e9d026c559be2d0c03f92fb)) + +### ๐Ÿงช Testing + +- Fix environment files - ([f01fb6f](https://code.thetadev.de/HSA/Visitenbuch/commit/f01fb6f191cf6978252b89656b09144d7fc1cde6)) + + ## [v0.3.0](https://code.thetadev.de/HSA/Visitenbuch/compare/v0.2.1..v0.3.0) - 2024-05-12 ### ๐Ÿš€ Features diff --git a/package.json b/package.json index 25d3d52..1f69a82 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "visitenbuch", - "version": "0.3.0", + "version": "0.3.1", "private": true, "license": "AGPL-3.0", "scripts": { diff --git a/run/docker-compose.yml b/run/docker-compose.yml index 052e139..27e2bc4 100644 --- a/run/docker-compose.yml +++ b/run/docker-compose.yml @@ -13,3 +13,15 @@ services: POSTGRES_PASSWORD: "1234" volumes: - ./postgres:/var/lib/postgresql/data + + oidc: + image: thetadev256/oidc-mock-server + restart: unless-stopped + ports: + - 9090:3000 + environment: + CLIENT_ID: visitenbuch + CLIENT_SECRET: supersecret + CLIENT_REDIRECT_URIS: http://localhost:5173/auth/callback/keycloak;http://localhost:4173/auth/callback/keycloak + CLIENT_LOGOUT_REDIRECT_URIS: http://localhost:5173/login?noAuto=1;http://localhost:4173/login?noAuto=1 + ISSUER_HOST: localhost:9090 diff --git a/src/lib/server/auth.ts b/src/lib/server/auth.ts index cee1579..122c1f6 100644 --- a/src/lib/server/auth.ts +++ b/src/lib/server/auth.ts @@ -71,7 +71,8 @@ export async function makeAuthjsRequest( event: RequestEvent, authjsEndpoint: string, params: Record, -): Promise { + noRedirect = false, +): Promise { const headers = new Headers(event.request.headers); headers.set("Content-Type", "application/x-www-form-urlencoded"); @@ -85,7 +86,7 @@ export async function makeAuthjsRequest( for (const c of res?.cookies ?? []) { event.cookies.set(c.name, c.value, { path: "/", ...c.options }); } - return redirect(302, res.redirect ?? ""); + if (!noRedirect) return redirect(302, res.redirect ?? ""); } export async function auth(event: RequestEvent): Promise { diff --git a/src/routes/(app)/logout/+page.server.ts b/src/routes/(app)/logout/+page.server.ts index 1760100..45d9a4c 100644 --- a/src/routes/(app)/logout/+page.server.ts +++ b/src/routes/(app)/logout/+page.server.ts @@ -1,13 +1,22 @@ import type { Actions } from "./$types"; +import { redirect } from "@sveltejs/kit"; + import { baseUrl } from "$lib/shared/util"; +import { env } from "$env/dynamic/private"; import { makeAuthjsRequest } from "$lib/server/auth"; export const actions: Actions = { default: async (event) => { - const callbackUrl = `${baseUrl(event.url)}/login?noAuto=1`; + let callbackUrl = `${baseUrl(event.url)}/login?noAuto=1`; - return makeAuthjsRequest(event, "signout", { callbackUrl }); + const cburl = new URL(env.KEYCLOAK_LOGOUT ?? env.KEYCLOAK_ISSUER + "/protocol/openid-connect/logout"); + cburl.searchParams.append("post_logout_redirect_uri", callbackUrl); + cburl.searchParams.append("client_id", env.KEYCLOAK_CLIENT_ID); + callbackUrl = cburl.toString(); + + await makeAuthjsRequest(event, "signout", { }, true); + return redirect(302, callbackUrl); }, }; diff --git a/src/routes/login/+page.server.ts b/src/routes/login/+page.server.ts index b5212e1..1637772 100644 --- a/src/routes/login/+page.server.ts +++ b/src/routes/login/+page.server.ts @@ -10,7 +10,7 @@ import { makeAuthjsRequest } from "$lib/server/auth"; */ const COOKIE_NAME = "autoLoginTs"; -async function doLogin(event: RequestEvent): Promise { +async function doLogin(event: RequestEvent): Promise { const callbackUrl = event.url.searchParams.get("returnURL") ?? baseUrl(event.url); return makeAuthjsRequest(event, "signin/keycloak", { callbackUrl });