Cutlery/Kyoo
1
0
Fork 0
mirror of https://github.com/zoriya/Kyoo.git synced 2025-06-01 04:34:50 -04:00
Code Issues Packages Projects Releases Wiki Activity

Fix FIRST_USER_CLAIMS

Browse Source
This commit is contained in:
Zoe Roux 2025-04-06 23:58:01 +02:00
parent 18eb1b02a3
commit 3f5af4b7fa
No known key found for this signature in database
3 changed files with 3 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.env.example
View File

@ -97,6 +97,6 @@ RABBITMQ_DEFAULT_PASS=aohohunuhouhuhhoahothonseuhaoensuthoaentsuhha
# v5 stuff, does absolutely nothing on master (aka: you can delete this) # v5 stuff, does absolutely nothing on master (aka: you can delete this)
EXTRA_CLAIMS='{"permissions": ["core.read"], "verified": false}' EXTRA_CLAIMS='{"permissions": ["core.read"], "verified": false}'
FIRST_USER_CLAIMS='{"permissions": ["user.read", "users.write", "users.delete", "core.read"], "verified": true}' FIRST_USER_CLAIMS='{"permissions": ["users.read", "users.write", "users.delete", "core.read"], "verified": true}'
GUEST_CLAIMS='{"permissions": ["core.read"]}' GUEST_CLAIMS='{"permissions": ["core.read"]}'
PROTECTED_CLAIMS="permissions,verified" PROTECTED_CLAIMS="permissions,verified"

2
auth/.env.example
View File

@ -11,7 +11,7 @@ RSA_PRIVATE_KEY_PATH=""
EXTRA_CLAIMS='{}' EXTRA_CLAIMS='{}'
# json object with the claims to add to every jwt of the FIRST user (this can be used to mark the first user as admin). # json object with the claims to add to every jwt of the FIRST user (this can be used to mark the first user as admin).
# Those claims are merged with the `EXTRA_CLAIMS`. # Those claims are merged with the `EXTRA_CLAIMS`.
FIRST_USER_CLAIMS='{}' FIRST_USER_CLAIMS='{"permissions": ["users.read", "users.write", "users.delete"]}'
# If this is not empty, calls to `/jwt` without an `Authorization` header will still create a jwt (with `null` in `sub`) # If this is not empty, calls to `/jwt` without an `Authorization` header will still create a jwt (with `null` in `sub`)
GUEST_CLAIMS="" GUEST_CLAIMS=""
# Comma separated list of claims that users without the `user.write` permissions should NOT be able to edit # Comma separated list of claims that users without the `user.write` permissions should NOT be able to edit

3
auth/config.go
View File

@ -47,14 +47,13 @@ func LoadConfiguration(db *dbc.Queries) (*Configuration, error) {
return nil, err return nil, err
} }
} }
maps.Insert(ret.FirstUserClaims, maps.All(ret.DefaultClaims))
claims = os.Getenv("FIRST_USER_CLAIMS") claims = os.Getenv("FIRST_USER_CLAIMS")
if claims != "" { if claims != "" {
err := json.Unmarshal([]byte(claims), &ret.FirstUserClaims) err := json.Unmarshal([]byte(claims), &ret.FirstUserClaims)
if err != nil { if err != nil {
return nil, err return nil, err
} }
maps.Insert(ret.FirstUserClaims, maps.All(ret.DefaultClaims))
} else { } else {
ret.FirstUserClaims = ret.DefaultClaims ret.FirstUserClaims = ret.DefaultClaims
} }