support OIDC authentication (#242)

2026-05-18 16:54:25 +08:00 · 2025-10-24 01:44:55 +08:00
parent d3ab2b94b7
commit 85b05f9e7e
24 changed files with 490 additions and 202 deletions
@@ -93,6 +93,7 @@ const (

 // OAuth 2.0 provider types
 const (
+	OAuth2ProviderOIDC      string = "oidc"
 	OAuth2ProviderNextcloud string = "nextcloud"
 	OAuth2ProviderGitea     string = "gitea"
 	OAuth2ProviderGithub    string = "github"
@@ -360,23 +361,25 @@ type Config struct {
 	MaxFailuresPerUserPerMinute           uint32

 	// Auth
-	EnableInternalAuth               bool
-	EnableOAuth2Login                bool
-	EnableTwoFactor                  bool
-	EnableUserForgetPassword         bool
-	ForgetPasswordRequireVerifyEmail bool
-	OAuth2ClientID                   string
-	OAuth2ClientSecret               string
-	OAuth2UserIdentifier             string
-	OAuth2AutoRegister               bool
-	OAuth2Provider                   string
-	OAuth2StateExpiredTime           uint32
-	OAuth2StateExpiredTimeDuration   time.Duration
-	OAuth2RequestTimeout             uint32
-	OAuth2Proxy                      string
-	OAuth2SkipTLSVerify              bool
-	OAuth2NextcloudBaseUrl           string
-	OAuth2GiteaBaseUrl               string
+	EnableInternalAuth                bool
+	EnableOAuth2Login                 bool
+	EnableTwoFactor                   bool
+	EnableUserForgetPassword          bool
+	ForgetPasswordRequireVerifyEmail  bool
+	OAuth2ClientID                    string
+	OAuth2ClientSecret                string
+	OAuth2UserIdentifier              string
+	OAuth2AutoRegister                bool
+	OAuth2Provider                    string
+	OAuth2StateExpiredTime            uint32
+	OAuth2StateExpiredTimeDuration    time.Duration
+	OAuth2RequestTimeout              uint32
+	OAuth2Proxy                       string
+	OAuth2SkipTLSVerify               bool
+	OAuth2OIDCProviderBaseUrl         string
+	OAuth2OIDCCustomDisplayNameConfig MultiLanguageContentConfig
+	OAuth2NextcloudBaseUrl            string
+	OAuth2GiteaBaseUrl                string

 	// User
 	EnableUserRegister            bool
@@ -1003,6 +1006,8 @@ func loadAuthConfiguration(config *Config, configFile *ini.File, sectionName str

 	if oauth2Provider == "" {
 		config.OAuth2Provider = ""
+	} else if oauth2Provider == OAuth2ProviderOIDC {
+		config.OAuth2Provider = OAuth2ProviderOIDC
 	} else if oauth2Provider == OAuth2ProviderNextcloud {
 		config.OAuth2Provider = OAuth2ProviderNextcloud
 	} else if oauth2Provider == OAuth2ProviderGitea {
@@ -1025,6 +1030,8 @@ func loadAuthConfiguration(config *Config, configFile *ini.File, sectionName str
 	config.OAuth2RequestTimeout = getConfigItemUint32Value(configFile, sectionName, "oauth2_request_timeout", defaultOAuth2RequestTimeout)
 	config.OAuth2SkipTLSVerify = getConfigItemBoolValue(configFile, sectionName, "oauth2_skip_tls_verify", false)

+	config.OAuth2OIDCProviderBaseUrl = getConfigItemStringValue(configFile, sectionName, "oidc_provider_base_url")
+	config.OAuth2OIDCCustomDisplayNameConfig = getMultiLanguageContentConfig(configFile, sectionName, "enable_oidc_display_name", "oidc_custom_display_name")
 	config.OAuth2NextcloudBaseUrl = getConfigItemStringValue(configFile, sectionName, "nextcloud_base_url")
 	config.OAuth2GiteaBaseUrl = getConfigItemStringValue(configFile, sectionName, "gitea_base_url")