github/hedgedoc
1
0
Fork 0
mirror of https://github.com/hedgedoc/hedgedoc.git synced 2025-04-16 08:09:03 +00:00
Code Issues Projects Releases Packages Wiki Activity

enhancement(oidc): refetch discovery documents regularly

Browse source 
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
This commit is contained in:
Erik Michelson 2024-10-09 00:23:07 +02:00 committed by Philip Molares
parent 19f4baf79b
commit f71bf7a974
1 changed files with 11 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
backend/src/identity/oidc/oidc.service.ts
View file

@ -9,6 +9,7 @@ import {
InternalServerErrorException,
NotFoundException,
} from '@nestjs/common';
import { Cron } from '@nestjs/schedule';
import { Client, generators, Issuer, UserinfoResponse } from 'openid-client';
import appConfiguration, { AppConfig } from '../../config/app.config';
@ -43,10 +44,7 @@ export class OidcService {
@Inject(appConfiguration.KEY)
private appConfig: AppConfig,
) {
this.initializeAllClients();
// TODO The previous line should be regularly called again (@nestjs/cron?).
// If the HedgeDoc instance is running for a long time,
// the OIDC metadata or keys might change and the client needs to be reinitialized.
this.updateClientConfigs();
this.logger.setContext(OidcService.name);
this.logger.debug('OIDC service initialized', 'constructor');
}
@ -54,7 +52,7 @@ export class OidcService {
/**
* Initializes clients for all OIDC configurations by fetching their metadata and storing them in the clientConfigs map.
*/
private initializeAllClients(): void {
private updateClientConfigs(): void {
this.authConfig.oidc.forEach((oidcConfig) => {
this.fetchClientConfig(oidcConfig)
.then((config) => {
@ -62,9 +60,9 @@ export class OidcService {
})
.catch((error) => {
this.logger.error(
`Failed to initialize OIDC client "${oidcConfig.identifier}": ${String(error)}`,
`Failed to update OIDC client config "${oidcConfig.identifier}": ${String(error)}`,
undefined,
'initializeClient',
'updateClientConfigs',
);
});
});
@ -110,6 +108,12 @@ export class OidcService {
};
}
// Update all client configs every sunday on 3:30 AM
@Cron('30 3 * * 0')
handleCronUpdateClientConfigs(): void {
this.updateClientConfigs();
}
/**
* Generates a secure code verifier for the OIDC login.
*