bluepython508/sso-bsn
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Tailscale Authentication: if we're connecting within the tailnet, use that

Browse Source
This commit is contained in:
bluepython508
2024-05-19 15:55:07 +01:00
parent b83ef03030
commit 31fef398e8
2 changed files with 15 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
lib/sso_bsn_web/router.ex
View File

@@ -1,5 +1,6 @@
defmodule SsoBsnWeb.Router do
use SsoBsnWeb, :router
use SsoBsnWeb, :verified_routes
import SsoBsnWeb.UserAuth
@@ -47,9 +48,21 @@ defmodule SsoBsnWeb.Router do
end
## Authentication routes
defp ts_auth(conn, _) do
{o1, o2, o3, o4} = conn.remote_ip
case System.cmd("tailscale", ["whois", "--json", "#{o1}.#{o2}.#{o3}.#{o4}"], stderr_to_stdout: true) do
{json, 0} ->
username = Jason.decode!(json)["UserProfile"]["DisplayName"]
user = SsoBsn.Accounts.get_user_by_username(username)
login_token = SsoBsn.Accounts.generate_user_login_token(user)
conn |> redirect(to: if next = conn.query_params["next"] do ~p"/users/log_in/#{login_token}?next=#{next}" else ~p"/users/log_in/#{login_token}" end) |> halt()
{_, 1} ->
conn
end
end
scope "/", SsoBsnWeb do
pipe_through [:browser, :redirect_if_user_is_authenticated]
pipe_through [:browser, :redirect_if_user_is_authenticated, :ts_auth]
live_session :redirect_if_user_is_authenticated,
on_mount: [{SsoBsnWeb.UserAuth, :redirect_if_user_is_authenticated}] do