directus

1
import { useEnv } from '@directus/env';
2
import { InvalidProviderConfigError } from '@directus/errors';
3
import { toArray } from '@directus/utils';
4
import type { AuthDriver } from './auth/auth.js';
5
import {
6
	LDAPAuthDriver,
7
	LocalAuthDriver,
8
	OAuth2AuthDriver,
9
	OpenIDAuthDriver,
10
	SAMLAuthDriver,
11
} from './auth/drivers/index.js';
12
import { DEFAULT_AUTH_PROVIDER } from './constants.js';
13
import getDatabase from './database/index.js';
14
import { useLogger } from './logger.js';
15
import type { AuthDriverOptions } from './types/index.js';
16
import { getConfigFromEnv } from './utils/get-config-from-env.js';
17
import { getSchema } from './utils/get-schema.js';
18

19
const providers: Map<string, AuthDriver> = new Map();
20

21
export function getAuthProvider(provider: string): AuthDriver {
22
	const logger = useLogger();
23

24
	if (!providers.has(provider)) {
25
		logger.error('Auth provider not configured');
26
		throw new InvalidProviderConfigError({ provider });
27
	}
28

29
	return providers.get(provider)!;
30
}
31

32
export async function registerAuthProviders(): Promise<void> {
33
	const env = useEnv();
34
	const logger = useLogger();
35
	const options = { knex: getDatabase(), schema: await getSchema() };
36

37
	const providerNames = toArray(env['AUTH_PROVIDERS'] as string);
38

39
	// Register default provider if not disabled
40
	if (!env['AUTH_DISABLE_DEFAULT']) {
41
		const defaultProvider = getProviderInstance('local', options)!;
42
		providers.set(DEFAULT_AUTH_PROVIDER, defaultProvider);
43
	}
44

45
	if (!env['AUTH_PROVIDERS']) {
46
		return;
47
	}
48

49
	// Register configured providers
50
	providerNames.forEach((name: string) => {
51
		name = name.trim();
52

53
		if (name === DEFAULT_AUTH_PROVIDER) {
54
			logger.error(`Cannot override "${DEFAULT_AUTH_PROVIDER}" auth provider.`);
55
			process.exit(1);
56
		}
57

58
		const { driver, ...config } = getConfigFromEnv(`AUTH_${name.toUpperCase()}_`);
59

60
		if (!driver) {
61
			logger.warn(`Missing driver definition for "${name}" auth provider.`);
62
			return;
63
		}
64

65
		const provider = getProviderInstance(driver, options, { provider: name, ...config });
66

67
		if (!provider) {
68
			logger.warn(`Invalid "${driver}" auth driver.`);
69
			return;
70
		}
71

72
		providers.set(name, provider);
73
	});
74
}
75

76
function getProviderInstance(
77
	driver: string,
78
	options: AuthDriverOptions,
79
	config: Record<string, any> = {},
80
): AuthDriver | undefined {
81
	switch (driver) {
82
		case 'local':
83
			return new LocalAuthDriver(options, config);
84

85
		case 'oauth2':
86
			return new OAuth2AuthDriver(options, config);
87

88
		case 'openid':
89
			return new OpenIDAuthDriver(options, config);
90

91
		case 'ldap':
92
			return new LDAPAuthDriver(options, config);
93

94
		case 'saml':
95
			return new SAMLAuthDriver(options, config);
96
	}
97

98
	return undefined;
99
}
100