mirrors/gotosocial
1
0
Fork 0
mirror of https://github.com/superseriousbusiness/gotosocial.git synced 2025-12-09 16:38:08 -06:00
Code Issues Projects Releases Packages Wiki Activity Actions

[feature/oidc] Add support for very basic RBAC (#2642)

Browse source 
* Add support for very basic RBAC

* Add some small tests for allowedGroup and adminGroup

* Switch to table-driven tests
This commit is contained in:
9p4 2024-02-27 10:07:29 -05:00 committed by GitHub
commit 9bf448be7a
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
8 changed files with 130 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

1
internal/config/config.go
View file

@ -133,6 +133,7 @@ type Configuration struct {
OIDCClientSecret string `name:"oidc-client-secret" usage:"ClientSecret of GoToSocial, as registered with the OIDC provider."`
OIDCScopes []string `name:"oidc-scopes" usage:"OIDC scopes."`
OIDCLinkExisting bool `name:"oidc-link-existing" usage:"link existing user accounts to OIDC logins based on the stored email value"`
OIDCAllowedGroups []string `name:"oidc-allowed-groups" usage:"Membership of one of the listed groups allows access to GtS. If this is empty, all groups are allowed."`
OIDCAdminGroups []string `name:"oidc-admin-groups" usage:"Membership of one of the listed groups makes someone a GtS admin"`
TracingEnabled bool `name:"tracing-enabled" usage:"Enable OTLP Tracing"`

25
internal/config/helpers.gen.go
View file

@ -1975,6 +1975,31 @@ func GetOIDCLinkExisting() bool { return global.GetOIDCLinkExisting() }
// SetOIDCLinkExisting safely sets the value for global configuration 'OIDCLinkExisting' field
func SetOIDCLinkExisting(v bool) { global.SetOIDCLinkExisting(v) }
// GetOIDCAllowedGroups safely fetches the Configuration value for state's 'OIDCAllowedGroups' field
func (st *ConfigState) GetOIDCAllowedGroups() (v []string) {
st.mutex.RLock()
v = st.config.OIDCAllowedGroups
st.mutex.RUnlock()
return
}
// SetOIDCAllowedGroups safely sets the Configuration value for state's 'OIDCAllowedGroups' field
func (st *ConfigState) SetOIDCAllowedGroups(v []string) {
st.mutex.Lock()
defer st.mutex.Unlock()
st.config.OIDCAllowedGroups = v
st.reloadToViper()
}
// OIDCAllowedGroupsFlag returns the flag name for the 'OIDCAllowedGroups' field
func OIDCAllowedGroupsFlag() string { return "oidc-allowed-groups" }
// GetOIDCAllowedGroups safely fetches the value for global configuration 'OIDCAllowedGroups' field
func GetOIDCAllowedGroups() []string { return global.GetOIDCAllowedGroups() }
// SetOIDCAllowedGroups safely sets the value for global configuration 'OIDCAllowedGroups' field
func SetOIDCAllowedGroups(v []string) { global.SetOIDCAllowedGroups(v) }
// GetOIDCAdminGroups safely fetches the Configuration value for state's 'OIDCAdminGroups' field
func (st *ConfigState) GetOIDCAdminGroups() (v []string) {
st.mutex.RLock()