feat(auth): Add external authentication (OAuth/OIDC & LDAP) with admin management, UI, and encryption support

2025-12-03 22:09:35 +00:00
parent 44e92d48f2
commit d3fd40ce2f
27 changed files with 4512 additions and 61 deletions
--- a/ts/models/platform.settings.ts
+++ b/ts/models/platform.settings.ts
@@ -0,0 +1,90 @@
+/**
+ * Platform Settings model for Stack.Gallery Registry
+ * Singleton model storing global platform configuration
+ */
+
+import * as plugins from '../plugins.ts';
+import type { IPlatformSettings, IPlatformAuthSettings } from '../interfaces/auth.interfaces.ts';
+import { db } from './db.ts';
+
+const DEFAULT_AUTH_SETTINGS: IPlatformAuthSettings = {
+  localAuthEnabled: true,
+  allowUserRegistration: true,
+  sessionDurationMinutes: 10080, // 7 days
+};
+
+@plugins.smartdata.Collection(() => db)
+export class PlatformSettings
+  extends plugins.smartdata.SmartDataDbDoc<PlatformSettings, PlatformSettings>
+  implements IPlatformSettings
+{
+  @plugins.smartdata.unI()
+  public id: string = 'singleton';
+
+  @plugins.smartdata.svDb()
+  public auth: IPlatformAuthSettings = DEFAULT_AUTH_SETTINGS;
+
+  @plugins.smartdata.svDb()
+  public updatedAt: Date = new Date();
+
+  @plugins.smartdata.svDb()
+  public updatedById?: string;
+
+  /**
+   * Get the singleton settings instance (creates if not exists)
+   */
+  public static async get(): Promise<PlatformSettings> {
+    let settings = await PlatformSettings.getInstance({ id: 'singleton' });
+    if (!settings) {
+      settings = new PlatformSettings();
+      settings.id = 'singleton';
+      settings.auth = DEFAULT_AUTH_SETTINGS;
+      settings.updatedAt = new Date();
+      await settings.save();
+      console.log('[PlatformSettings] Created default settings');
+    }
+    return settings;
+  }
+
+  /**
+   * Update auth settings
+   */
+  public async updateAuthSettings(
+    settings: Partial<IPlatformAuthSettings>,
+    updatedById?: string
+  ): Promise<void> {
+    this.auth = { ...this.auth, ...settings };
+    this.updatedAt = new Date();
+    this.updatedById = updatedById;
+    await this.save();
+  }
+
+  /**
+   * Check if local auth is enabled
+   */
+  public isLocalAuthEnabled(): boolean {
+    return this.auth.localAuthEnabled;
+  }
+
+  /**
+   * Check if registration is allowed
+   */
+  public isRegistrationAllowed(): boolean {
+    return this.auth.allowUserRegistration;
+  }
+
+  /**
+   * Get default provider ID (for auto-redirect)
+   */
+  public getDefaultProviderId(): string | undefined {
+    return this.auth.defaultProviderId;
+  }
+
+  /**
+   * Lifecycle hook: Ensure singleton ID
+   */
+  public async beforeSave(): Promise<void> {
+    this.id = 'singleton';
+    this.updatedAt = new Date();
+  }
+}