packages/auth/env.ts

import { z } from "zod";

import { supportedAuthProviders } from "@homarr/definitions";
import { createEnv } from "@homarr/env";
import { createBooleanSchema, createDurationSchema } from "@homarr/env/schemas";

const authProvidersSchema = z
  .string()
  .min(1)
  .transform((providers) =>
    providers
      .replaceAll(" ", "")
      .toLowerCase()
      .split(",")
      .filter((provider) => {
        if (supportedAuthProviders.some((supportedProvider) => supportedProvider === provider)) return true;
        else if (!provider)
          console.log("One or more of the entries for AUTH_PROVIDER could not be parsed and/or returned null.");
        else console.log(`The value entered for AUTH_PROVIDER "${provider}" is incorrect.`);
        return false;
      }),
  )
  .default("credentials");

const authProviders = authProvidersSchema.safeParse(process.env.AUTH_PROVIDERS).data ?? [];

export const env = createEnv({
  server: {
    AUTH_LOGOUT_REDIRECT_URL: z.string().url().optional(),
    AUTH_SESSION_EXPIRY_TIME: createDurationSchema("30d"),
    AUTH_PROVIDERS: authProvidersSchema,
    ...(authProviders.includes("oidc")
      ? {
          AUTH_OIDC_ISSUER: z.string().url(),
          AUTH_OIDC_CLIENT_ID: z.string().min(1),
          AUTH_OIDC_CLIENT_SECRET: z.string().min(1),
          AUTH_OIDC_CLIENT_NAME: z.string().min(1).default("OIDC"),
          AUTH_OIDC_AUTO_LOGIN: createBooleanSchema(false),
          AUTH_OIDC_SCOPE_OVERWRITE: z.string().min(1).default("openid email profile groups"),
          AUTH_OIDC_GROUPS_ATTRIBUTE: z.string().default("groups"), // Is used in the signIn event to assign the correct groups, key is from object of decoded id_token
          AUTH_OIDC_NAME_ATTRIBUTE_OVERWRITE: z.string().optional(),
          AUTH_OIDC_FORCE_USERINFO: createBooleanSchema(false),
          AUTH_OIDC_ENABLE_DANGEROUS_ACCOUNT_LINKING: createBooleanSchema(false),
        }
      : {}),
    ...(authProviders.includes("ldap")
      ? {
          AUTH_LDAP_URI: z.string().url(),
          AUTH_LDAP_BIND_DN: z.string(),
          AUTH_LDAP_BIND_PASSWORD: z.string(),
          AUTH_LDAP_BASE: z.string(),
          AUTH_LDAP_SEARCH_SCOPE: z.enum(["base", "one", "sub"]).default("base"),
          AUTH_LDAP_USERNAME_ATTRIBUTE: z.string().default("uid"),
          AUTH_LDAP_USER_MAIL_ATTRIBUTE: z.string().default("mail"),
          AUTH_LDAP_USERNAME_FILTER_EXTRA_ARG: z.string().optional(),
          AUTH_LDAP_GROUP_CLASS: z.string().default("groupOfUniqueNames"),
          AUTH_LDAP_GROUP_MEMBER_ATTRIBUTE: z.string().default("member"),
          AUTH_LDAP_GROUP_MEMBER_USER_ATTRIBUTE: z.string().default("dn"),
          AUTH_LDAP_GROUP_FILTER_EXTRA_ARG: z.string().optional(),
        }
      : {}),
  },
  experimental__runtimeEnv: process.env,
});
Initial commit 2023-12-08 22:35:15 +01:00			`import { z } from "zod";`

refactor: env validation typescript and common package (#1912) 2025-01-14 19:03:38 +01:00			`import { supportedAuthProviders } from "@homarr/definitions";`
feat(logging): add log level env variable (#2299) 2025-02-18 22:54:15 +01:00			`import { createEnv } from "@homarr/env";`
			`import { createBooleanSchema, createDurationSchema } from "@homarr/env/schemas";`
feat: add ldap and oidc sso (#500) * wip: sso * feat: add ldap client and provider * feat: implement login form * feat: finish sso * fix: lint and format issue * chore: address pull request feedback * fix: build not working * fix: oidc is redirected to internal docker container hostname * fix: build not working * refactor: migrate to ldapts * fix: format and frozen lock file * fix: deepsource issues * fix: unit tests for ldap authorization not working * refactor: remove unnecessary args from dockerfile * chore: address pull request feedback * fix: use console instead of logger in auth env.mjs * fix: default value for auth provider of wrong type * fix: broken lock file * fix: format issue 2024-07-20 22:23:58 +02:00
			`const authProvidersSchema = z`
			`.string()`
			`.min(1)`
			`.transform((providers) =>`
			`providers`
			`.replaceAll(" ", "")`
			`.toLowerCase()`
			`.split(",")`
			`.filter((provider) => {`
refactor: env validation typescript and common package (#1912) 2025-01-14 19:03:38 +01:00			`if (supportedAuthProviders.some((supportedProvider) => supportedProvider === provider)) return true;`
feat: add ldap and oidc sso (#500) * wip: sso * feat: add ldap client and provider * feat: implement login form * feat: finish sso * fix: lint and format issue * chore: address pull request feedback * fix: build not working * fix: oidc is redirected to internal docker container hostname * fix: build not working * refactor: migrate to ldapts * fix: format and frozen lock file * fix: deepsource issues * fix: unit tests for ldap authorization not working * refactor: remove unnecessary args from dockerfile * chore: address pull request feedback * fix: use console instead of logger in auth env.mjs * fix: default value for auth provider of wrong type * fix: broken lock file * fix: format issue 2024-07-20 22:23:58 +02:00			`else if (!provider)`
			`console.log("One or more of the entries for AUTH_PROVIDER could not be parsed and/or returned null.");`
			else console.log(`The value entered for AUTH_PROVIDER "${provider}" is incorrect.`);
			`return false;`
			`}),`
			`)`
			`.default("credentials");`

feat(logging): add log level env variable (#2299) 2025-02-18 22:54:15 +01:00			`const authProviders = authProvidersSchema.safeParse(process.env.AUTH_PROVIDERS).data ?? [];`
feat: add ldap and oidc sso (#500) * wip: sso * feat: add ldap client and provider * feat: implement login form * feat: finish sso * fix: lint and format issue * chore: address pull request feedback * fix: build not working * fix: oidc is redirected to internal docker container hostname * fix: build not working * refactor: migrate to ldapts * fix: format and frozen lock file * fix: deepsource issues * fix: unit tests for ldap authorization not working * refactor: remove unnecessary args from dockerfile * chore: address pull request feedback * fix: use console instead of logger in auth env.mjs * fix: default value for auth provider of wrong type * fix: broken lock file * fix: format issue 2024-07-20 22:23:58 +02:00
Initial commit 2023-12-08 22:35:15 +01:00			`export const env = createEnv({`
			`server: {`
feat: add logout redirect url (#954) * feat: add logout redirect url * fix: format issue 2024-08-09 19:24:07 +02:00			`AUTH_LOGOUT_REDIRECT_URL: z.string().url().optional(),`
feat: add session expiry (#951) 2024-08-09 15:59:00 +02:00			`AUTH_SESSION_EXPIRY_TIME: createDurationSchema("30d"),`
feat: add ldap and oidc sso (#500) * wip: sso * feat: add ldap client and provider * feat: implement login form * feat: finish sso * fix: lint and format issue * chore: address pull request feedback * fix: build not working * fix: oidc is redirected to internal docker container hostname * fix: build not working * refactor: migrate to ldapts * fix: format and frozen lock file * fix: deepsource issues * fix: unit tests for ldap authorization not working * refactor: remove unnecessary args from dockerfile * chore: address pull request feedback * fix: use console instead of logger in auth env.mjs * fix: default value for auth provider of wrong type * fix: broken lock file * fix: format issue 2024-07-20 22:23:58 +02:00			`AUTH_PROVIDERS: authProvidersSchema,`
			`...(authProviders.includes("oidc")`
			`? {`
			`AUTH_OIDC_ISSUER: z.string().url(),`
			`AUTH_OIDC_CLIENT_ID: z.string().min(1),`
			`AUTH_OIDC_CLIENT_SECRET: z.string().min(1),`
			`AUTH_OIDC_CLIENT_NAME: z.string().min(1).default("OIDC"),`
refactor: env validation typescript and common package (#1912) 2025-01-14 19:03:38 +01:00			`AUTH_OIDC_AUTO_LOGIN: createBooleanSchema(false),`
feat: add ldap and oidc sso (#500) * wip: sso * feat: add ldap client and provider * feat: implement login form * feat: finish sso * fix: lint and format issue * chore: address pull request feedback * fix: build not working * fix: oidc is redirected to internal docker container hostname * fix: build not working * refactor: migrate to ldapts * fix: format and frozen lock file * fix: deepsource issues * fix: unit tests for ldap authorization not working * refactor: remove unnecessary args from dockerfile * chore: address pull request feedback * fix: use console instead of logger in auth env.mjs * fix: default value for auth provider of wrong type * fix: broken lock file * fix: format issue 2024-07-20 22:23:58 +02:00			`AUTH_OIDC_SCOPE_OVERWRITE: z.string().min(1).default("openid email profile groups"),`
refactor: replace signIn callback with signIn event, adjust getUserByEmail in adapter to check provider (#1223) * refactor: replace signIn callback with signIn event, adjust getUserByEmail in adapter to check provider * test: adjusting tests for adapter and events * docs: add comments for unknown auth provider * fix: missing dayjs import 2024-10-07 21:13:15 +02:00			`AUTH_OIDC_GROUPS_ATTRIBUTE: z.string().default("groups"), // Is used in the signIn event to assign the correct groups, key is from object of decoded id_token`
feat(auth): add env variable for oidc-name-attribute-overwrite (#1850) 2025-01-04 21:49:33 +01:00			`AUTH_OIDC_NAME_ATTRIBUTE_OVERWRITE: z.string().optional(),`
feat(auth): add env variable to force user-info usage instead of idtoken (#2711) 2025-03-27 22:57:06 +01:00			`AUTH_OIDC_FORCE_USERINFO: createBooleanSchema(false),`
feat(auth): add account linking for oidc providers (#3106) Co-authored-by: Manuel <30572287+manuel-rw@users.noreply.github.com> 2025-05-16 20:57:51 +02:00			`AUTH_OIDC_ENABLE_DANGEROUS_ACCOUNT_LINKING: createBooleanSchema(false),`
feat: add ldap and oidc sso (#500) * wip: sso * feat: add ldap client and provider * feat: implement login form * feat: finish sso * fix: lint and format issue * chore: address pull request feedback * fix: build not working * fix: oidc is redirected to internal docker container hostname * fix: build not working * refactor: migrate to ldapts * fix: format and frozen lock file * fix: deepsource issues * fix: unit tests for ldap authorization not working * refactor: remove unnecessary args from dockerfile * chore: address pull request feedback * fix: use console instead of logger in auth env.mjs * fix: default value for auth provider of wrong type * fix: broken lock file * fix: format issue 2024-07-20 22:23:58 +02:00			`}`
			`: {}),`
			`...(authProviders.includes("ldap")`
			`? {`
			`AUTH_LDAP_URI: z.string().url(),`
			`AUTH_LDAP_BIND_DN: z.string(),`
			`AUTH_LDAP_BIND_PASSWORD: z.string(),`
			`AUTH_LDAP_BASE: z.string(),`
			`AUTH_LDAP_SEARCH_SCOPE: z.enum(["base", "one", "sub"]).default("base"),`
			`AUTH_LDAP_USERNAME_ATTRIBUTE: z.string().default("uid"),`
			`AUTH_LDAP_USER_MAIL_ATTRIBUTE: z.string().default("mail"),`
			`AUTH_LDAP_USERNAME_FILTER_EXTRA_ARG: z.string().optional(),`
			`AUTH_LDAP_GROUP_CLASS: z.string().default("groupOfUniqueNames"),`
			`AUTH_LDAP_GROUP_MEMBER_ATTRIBUTE: z.string().default("member"),`
			`AUTH_LDAP_GROUP_MEMBER_USER_ATTRIBUTE: z.string().default("dn"),`
			`AUTH_LDAP_GROUP_FILTER_EXTRA_ARG: z.string().optional(),`
			`}`
			`: {}),`
Initial commit 2023-12-08 22:35:15 +01:00			`},`
feat(logging): add log level env variable (#2299) 2025-02-18 22:54:15 +01:00			`experimental__runtimeEnv: process.env,`
Initial commit 2023-12-08 22:35:15 +01:00			`});`