oscar-surf/misskey
oscar-surf/misskey
0
0
Fork 0
Code Issues Activity

feat(SSO): JWTやSAMLでのSingle Sign-Onの実装 (MisskeyIO#519)

Browse source
This commit is contained in:
まっちゃとーにゅ 2024-03-15 01:30:56 +09:00 committed by GitHub
parent d300a6829f
commit 8c1db331e7
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
45 changed files with 4094 additions and 1725 deletions
Download patch file Download diff file Expand all files Collapse all files

179
packages/frontend/src/pages/admin/security.vue
View file

@ -137,7 +137,7 @@ SPDX-License-Identifier: AGPL-3.0-only
<div class="_gaps">
<MkButton primary full @click="indieAuthAddNew"><i class="ti ti-plus"></i> New</MkButton>
<MkFolder v-for="(client, index) in indieAuthClients" :key="`${index}-${client.createdAt}`" :defaultOpen="!client.createdAt">
<MkFolder v-for="(client, index) in indieAuthClients" :key="`${indieAuthTimestamp}-${index}-${client.createdAt ? client.id : 'new'}`" :defaultOpen="!client.createdAt">
<template #label>{{ client.name || client.id }}</template>
<template #icon>
<i v-if="client.id" class="ti ti-key"></i>
@ -166,6 +166,72 @@ SPDX-License-Identifier: AGPL-3.0-only
</MkButton>
</div>
</MkFolder>
<MkFolder>
<template #label>Single Sign-On Service Providers</template>
<div class="_gaps">
<MkButton primary full @click="ssoServiceAddNew"><i class="ti ti-plus"></i> New</MkButton>
<MkFolder v-for="(service, index) in ssoServices" :key="`${ssoServiceTimestamp}-${index}-${service.createdAt ? service.id : 'new'}`" :defaultOpen="!service.createdAt">
<template #label>{{ service.name || service.id }}</template>
<template #icon>
<i v-if="service.id" class="ti ti-key"></i>
<i v-else class="ti ti-plus"></i>
</template>
<template v-if="service.name && service.id" #caption>{{ service.id }}</template>
<div class="_gaps_m">
<MkInput v-model="service.id" disabled>
<template #label>Service ID</template>
</MkInput>
<MkInput v-model="service.name">
<template #label>Name</template>
</MkInput>
<MkRadios v-model="service.type">
<option value="jwt">JWT</option>
<option value="saml">SAML</option>
</MkRadios>
<MkInput v-model="service.issuer">
<template #label>Issuer</template>
</MkInput>
<MkTextarea v-model="service.audience">
<template #label>Audience</template>
</MkTextarea>
<MkInput v-model="service.acsUrl">
<template #label>Assertion Consumer Service URL</template>
</MkInput>
<MkInput v-model="service.publicKey">
<template #label>{{ service['useCertificate'] ? 'Public Key' : 'Secret' }}</template>
</MkInput>
<MkInput v-model="service.signatureAlgorithm">
<template #label>Signature Algorithm</template>
</MkInput>
<MkInput v-model="service.cipherAlgorithm">
<template #label>Cipher Algorithm</template>
</MkInput>
<MkSwitch v-model="service.wantAuthnRequestsSigned">
<template #label>Want Authn Requests Signed</template>
</MkSwitch>
<MkSwitch v-model="service.wantAssertionsSigned">
<template #label>Want Assertions Signed</template>
</MkSwitch>
<MkSwitch v-model="service.useCertificate" :disabled="!!service.createdAt">
<template #label>Use Certificate</template>
</MkSwitch>
<MkSwitch v-if="service.useCertificate" v-model="service.regenerateCertificate">
<template #label>Regenerate Certificate</template>
</MkSwitch>
<div class="buttons _buttons">
<MkButton primary @click="ssoServiceSave(service)"><i class="ti ti-device-floppy"></i> Save</MkButton>
<MkButton v-if="service.createdAt" warn @click="ssoServiceDelete(service)"><i class="ti ti-trash"></i> Delete</MkButton>
</div>
</div>
</MkFolder>
<MkButton v-if="ssoServiceHasMore" :class="$style.more" :disabled="!ssoServiceHasMore" primary rounded @click="ssoServiceFetch()">
<i class="ti ti-reload"></i>{{ i18n.ts.more }}
</MkButton>
</div>
</MkFolder>
</div>
</FormSuspense>
</MkSpacer>
@ -208,8 +274,13 @@ const truemailInstance = ref<string | null>(null);
const truemailAuthKey = ref<string | null>(null);
const bannedEmailDomains = ref<string>('');
const indieAuthClients = ref<any[]>([]);
const indieAuthTimestamp = ref(0);
const indieAuthOffset = ref(0);
const indieAuthHasMore = ref(false);
const ssoServices = ref<any[]>([]);
const ssoServiceTimestamp = ref(0);
const ssoServiceOffset = ref(0);
const ssoServiceHasMore = ref(false);
async function init() {
const meta = await misskeyApi('admin/meta');
@ -274,12 +345,11 @@ function indieAuthFetch(resetOffset = false) {
offset: indieAuthOffset.value,
limit: 10,
}).then(clients => {
indieAuthClients.value = indieAuthClients.value.concat(clients.map((client: any) => ({
id: client.id,
name: client.name,
indieAuthClients.value = indieAuthClients.value.concat(clients.map(client => ({
...client,
redirectUris: client.redirectUris.join('\n'),
createdAt: client.createdAt,
})));
indieAuthTimestamp.value = Date.now();
indieAuthHasMore.value = clients.length === 10;
indieAuthOffset.value += clients.length;
});
@ -302,7 +372,9 @@ function indieAuthDelete(client) {
}).then(({ canceled }) => {
if (canceled) return;
indieAuthClients.value = indieAuthClients.value.filter(x => x !== client);
misskeyApi('admin/indie-auth/delete', client);
os.apiWithDialog('admin/indie-auth/delete', client).then(() => {
indieAuthFetch(true);
});
});
}
@ -314,11 +386,100 @@ async function indieAuthSave(client) {
};
if (client.createdAt !== undefined) {
await misskeyApi('admin/indie-auth/update', params);
await os.apiWithDialog('admin/indie-auth/update', params).then(() => {
indieAuthFetch(true);
});
} else {
await misskeyApi('admin/indie-auth/create', params);
await os.apiWithDialog('admin/indie-auth/create', params).then(() => {
indieAuthFetch(true);
});
}
}
function ssoServiceFetch(resetOffset = false) {
if (resetOffset) {
ssoServices.value = [];
ssoServiceOffset.value = 0;
}
misskeyApi('admin/sso/list', {
offsetMode: true,
offset: ssoServiceOffset.value,
limit: 10,
}).then(services => {
ssoServices.value = ssoServices.value.concat(services.map(service => ({
...service,
audience: service.audience.join('\n'),
})));
ssoServiceTimestamp.value = Date.now();
ssoServiceHasMore.value = services.length === 10;
ssoServiceOffset.value += services.length;
});
}
ssoServiceFetch(true);
function ssoServiceAddNew() {
ssoServices.value.unshift({
id: '',
name: '',
type: 'jwt',
issuer: '',
audience: '',
acsUrl: '',
publicKey: '',
signatureAlgorithm: 'HS256',
cipherAlgorithm: '',
wantAuthnRequestsSigned: false,
wantAssertionsSigned: true,
useCertificate: false,
regenerateCertificate: false,
});
}
function ssoServiceDelete(service) {
os.confirm({
type: 'warning',
text: i18n.tsx.deleteAreYouSure({ x: service.id }),
}).then(({ canceled }) => {
if (canceled) return;
ssoServices.value = ssoServices.value.filter(x => x !== service);
os.apiWithDialog('admin/sso/delete', service).then(() => {
ssoServiceFetch(true);
});
});
}
async function ssoServiceSave(service) {
const params = {
id: service.id,
name: service.name,
type: service.type,
issuer: service.issuer,
audience: service.audience.split('\n'),
acsUrl: service.acsUrl,
secret: service.publicKey,
signatureAlgorithm: service.signatureAlgorithm,
cipherAlgorithm: service.cipherAlgorithm,
wantAuthnRequestsSigned: service.wantAuthnRequestsSigned,
wantAssertionsSigned: service.wantAssertionsSigned,
};
if (service.createdAt !== undefined) {
await os.apiWithDialog('admin/sso/update', {
...params,
regenerateCertificate: service.regenerateCertificate,
}).then(() => {
ssoServiceFetch(true);
});
} else {
await os.apiWithDialog('admin/sso/create', {
...params,
useCertificate: service.useCertificate,
}).then(() => {
ssoServiceFetch(true);
});
}
indieAuthFetch(true);
}
const headerActions = computed(() => []);