node-red: add oidc

cubic3d · Nov 29, 2024 · 157263f · 157263f
1 parent 8b56310
commit 157263f
Show file tree

Hide file tree

Showing 2 changed files with 30 additions and 0 deletions.
diff --git a/kubernetes/main/apps/automation/node-red/app/config/settings.js b/kubernetes/main/apps/automation/node-red/app/config/settings.js
@@ -3,6 +3,32 @@ module.exports = {
   credentialSecret: process.env.NODE_RED_CREDENTIAL_SECRET,
   flowFilePretty: true,
 
+  adminAuth: {
+    type: "strategy",
+    strategy: {
+      name: "openidconnect",
+      autoLogin: true,
+      label: "Sign in",
+      icon: "fa-cloud",
+      strategy: require("passport-openidconnect").Strategy,
+      options: {
+        issuer: "https://auth.${domain}",
+        authorizationURL: "https://auth.${domain}/api/oidc/authorization",
+        tokenURL: "https://auth.${domain}/api/oidc/token",
+        userInfoURL: "https://auth.${domain}/api/oidc/userinfo",
+        clientID: "node-red",
+        clientSecret: process.env.NODE_RED_OIDC_CLIENT_SECRET,
+        callbackURL: "https://r.${domain}/auth/strategy/callback",
+        scope: ["openid", "email", "profile", "groups"],
+        proxy: true,
+        verify: function (issuer, profile, done) {
+          done(null, profile);
+        },
+      },
+    },
+    users: [{ username: "cubic", permissions: ["*"] }],
+  },
+
   uiPort: process.env.PORT || 1880,
 
   diagnostics: {

diff --git a/kubernetes/main/apps/automation/node-red/app/externalsecret.yaml b/kubernetes/main/apps/automation/node-red/app/externalsecret.yaml
@@ -13,3 +13,7 @@ spec:
       remoteRef:
         key: node-red
         property: credential_secret
+    - secretKey: NODE_RED_OIDC_CLIENT_SECRET
+      remoteRef:
+        key: authelia
+        property: oidc_secret_nodered_plain