Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft: Add keycloak config #51

Open
wants to merge 20 commits into
base: main
Choose a base branch
from
Open

Draft: Add keycloak config #51

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
20 commits
Select commit Hold shift + click to select a range
e6007f3
Install oidc-client-ts dependency
daniellrgn Nov 13, 2024
12b5307
Add auth-related env vars and config
daniellrgn Nov 13, 2024
8305fc9
Add basic auth wrapper class
daniellrgn Nov 13, 2024
288329a
Add basic auth component
daniellrgn Nov 13, 2024
8bfad2e
Initial stab at auth flow with custom redirect url
daniellrgn Dec 3, 2024
5694f50
Add checks to scrollbar to handle auth preload state
daniellrgn Dec 3, 2024
8e88401
Add auth component to app layout
daniellrgn Dec 3, 2024
c1a6df0
Initial bump auth service instance up to layout to share between comp…
daniellrgn Dec 3, 2024
8fb3793
Move to singleton AuthService, handle token renewal errors
daniellrgn Jan 2, 2025
120d958
Update home button plus
daniellrgn Jan 2, 2025
475fd96
Handle small selector error in scroll event
daniellrgn Jan 2, 2025
6c80ccc
Move footer out of base layout to improve pre-login pop-in
daniellrgn Jan 2, 2025
f2fbc4d
Remove WADOH plain text from navbar
daniellrgn Jan 2, 2025
076b83a
Fix navbar scroll handler error
daniellrgn Jan 2, 2025
dbf2262
Add /auth page
daniellrgn Jan 2, 2025
2fe88bf
Add account nav menu item; rearrange nav items appropriately
daniellrgn Jan 2, 2025
da2562b
Add csp for XSS
daniellrgn Jan 6, 2025
15aff2f
Put language menu on separate line above others to declutter navbar
daniellrgn Jan 6, 2025
e92bc4c
Update preload to correct logo image
daniellrgn Jan 7, 2025
83182d8
Fix up scrolling for two-layered nav
daniellrgn Jan 7, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 7 additions & 0 deletions default.env
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,13 @@ VITE_VERSION_STRING=
### Variables with VITE_ prefix will be available to the client
###

# Auth environment variables for user oidc idp
#VITE_AUTH_URL=
#VITE_AUTH_CLIENT_ID=
#VITE_AUTH_REDIRECT_URI=
#VITE_AUTH_SILENT_REDIRECT_URI=
#VITE_AUTH_POST_LOGOUT_URI=

# SMART on FHIR client id configurations:
# Ensure that your development client is registered with the proper redirect uris
VITE_EPIC_CLIENT_ID=
Expand Down
20 changes: 20 additions & 0 deletions package-lock.json
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,7 @@
"bootstrap": "^5.2.3",
"fhirclient": "^2.5.2",
"jose": "^4.11.4",
"oidc-client-ts": "^3.1.0",
"pako": "^2.1.0",
"qrcode": "^1.5.1",
"serve": "^14.2.0",
Expand Down
2 changes: 1 addition & 1 deletion src/app.html
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@
<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bootstrap-icons@1.9.1/font/bootstrap-icons.css" />
<link rel="preload" as="font" href="https://cdn.jsdelivr.net/npm/bootstrap-icons@1.9.1/font/fonts/bootstrap-icons.woff2?8d200481aa7f02a2d63a331fc782cfaf" type="font/woff2" crossorigin="anonymous">
<link rel="preload" as="image" href="/img/doh_logo_doh-black.png" />
<link rel="preload" as="image" href="/img/waverifypluslogo.png" />
<link rel="preload" as="image" href="/img/waverifypluslogo.svg" />
<link rel="preload" as="image" href="/img/qr-banner-top.png" />
<link rel="preload" as="image" href="/img/qr-banner-bottom.png" />
<meta name="viewport" content="width=device-width, initial-scale=1, minimum-scale=1" />
Expand Down
5 changes: 5 additions & 0 deletions src/env.d.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,11 @@
/// <reference types="vite/client" />

interface ImportMetaEnv {
readonly VITE_AUTH_URL: string
readonly VITE_AUTH_CLIENT_ID: string
readonly VITE_AUTH_REDIRECT_URI: string
readonly VITE_AUTH_SILENT_REDIRECT_URI: string
readonly VITE_AUTH_POST_LOGOUT_URI: string
readonly VITE_EPIC_HIMSS_CLIENT_ID: string
readonly VITE_ECW_HIMSS_CLIENT_ID: string
readonly VITE_EPIC_CLIENT_ID: string
Expand Down
45 changes: 45 additions & 0 deletions src/lib/components/app/Auth.svelte
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,45 @@
<script lang="ts">
import { onMount, setContext } from 'svelte';
import { AuthService } from '$lib/utils/AuthService';
import type { User } from 'oidc-client-ts';
import { goto } from '$app/navigation';

let authService: AuthService = AuthService.Instance;

let currentUser: User | undefined;

onMount(async () => {
let newUser: User | undefined;
try {
newUser = await authService.signinCallback();
} catch (error) {
console.warn("No authentication parameters found, checking for current user");
} finally {
currentUser = await authService.getUser() ?? undefined;
if (currentUser) {
let now = Date.now() / 1000;
if ((currentUser.expires_at ?? 0) < now) {
currentUser = await authService.renewToken() ?? undefined;
}
}
if (!currentUser) {
await authService.login();
} else {
if (newUser) {
let redirectUrl = authService.getRedirectUrl();
if (redirectUrl) {
goto(redirectUrl);
} else {
goto('/home');
}
}
}
}
});

</script>
{#if currentUser}
<slot />
{:else}
Authorizing...
{/if}
3 changes: 2 additions & 1 deletion src/lib/components/app/HealthLinkOverview.svelte
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@
import {
Button,
Col,
Icon,
Row,
Styles
} from 'sveltestrap';
Expand All @@ -22,7 +23,7 @@
<Row>
<Col md="1"></Col>
<Col md="10">
<Button color="success" style="width:100%" href={'/create'}><span style="font-size: medium"><b>+</b></span> New IPS SHLink</Button>
<Button color="success" style="width:100%" href={'/create'}><b><Icon name="plus-lg"/></b> New IPS SHLink</Button>
</Col>
<Col md="1"></Col>
</Row>
Expand Down
7 changes: 4 additions & 3 deletions src/lib/components/layout/LanguageMenu.svelte
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,9 +10,10 @@
</script>

<Dropdown nav inNavbar class="navbar-dropdown" size="sm" direction="down">
<DropdownToggle color="primary" nav caret>
<Icon name="globe2" />
{$locales[$locale].lang}
<DropdownToggle color="primary" class="pt-0" nav>
<span style="font-size:small">
{$locales[$locale].lang} <Icon name="globe2" />
</span>
</DropdownToggle>
<DropdownMenu end style="height: 500px; overflow:auto">
{#if $locales}
Expand Down
6 changes: 6 additions & 0 deletions src/lib/config.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,12 @@ export const INTERMEDIATE_FHIR_SERVER_BASE = import.meta.env.VITE_INTERMEDIATE_F

export const VERSION_STRING = import.meta.env.VITE_VERSION_STRING;

export const AUTH_URL = import.meta.env.VITE_AUTH_URL;
export const AUTH_CLIENT_ID = import.meta.env.VITE_AUTH_CLIENT_ID;
export const AUTH_REDIRECT_URI = import.meta.env.VITE_AUTH_REDIRECT_URI;
export const AUTH_SILENT_REDIRECT_URI = import.meta.env.VITE_AUTH_SILENT_REDIRECT_URI;
export const AUTH_POST_LOGOUT_URI = import.meta.env.VITE_AUTH_POST_LOGOUT_URI;

export const SOF_HOSTS = [
// {
// id: "epic-himss",
Expand Down
92 changes: 92 additions & 0 deletions src/lib/utils/AuthService.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,92 @@
import {
AUTH_URL,
AUTH_CLIENT_ID,
AUTH_REDIRECT_URI,
AUTH_SILENT_REDIRECT_URI,
AUTH_POST_LOGOUT_URI
} from '$lib/config';
import { User, UserManager } from 'oidc-client-ts';

export class AuthService {
private static _instance: AuthService;
userManager: UserManager;
redirect_url: string = "";

private constructor() {
const settings = {
authority: AUTH_URL,
client_id: AUTH_CLIENT_ID,
redirect_uri: AUTH_REDIRECT_URI,
silent_redirect_uri: AUTH_SILENT_REDIRECT_URI,
post_logout_redirect_uri: AUTH_POST_LOGOUT_URI,
scope: "openid online_access",
};
this.userManager = new UserManager(settings);
}

public static get Instance(): AuthService {
return this._instance || (this._instance = new this());
}

getUser(): Promise<User | null> {
return this.userManager.getUser();
}

getRedirectUrl(): string {
let url = this.redirect_url;
this.redirect_url = "";
return url;
}

signinCallback(): Promise<User | undefined> {
return this.userManager.signinCallback().then((user) => {
if (user) {
this.redirect_url = user.url_state ?? "";
this.storeUser(user);
}
return user;
});
}

storeUser(user: User): void {
this.userManager.storeUser(user);
}

login(): Promise<void> {
let currentUrl = window.location.href.split('?')[0];
return this.userManager.signinRedirect({ url_state: currentUrl });
}

renewToken(): Promise<User | null> {
return this.userManager.signinSilent().then((user) => {
if (user) {
this.storeUser(user);
}
return user;
}).catch((error) => {
console.error(error);
this.logout();
return null;
});
}

logout(): Promise<void> {
return this.userManager.signoutRedirect();
}

async isAuthenticated(): Promise<boolean> {
return this.getUser().then((user) => {
if (user?.access_token) {
return true;
} else {
return this.renewToken().then((user) => {
return user?.access_token ? true : false;
}).catch((error) => {
console.error(error);
this.logout();
return false;
});
}
});
}
}
Loading
Loading