diff --git a/frontend/js/app/nginx/proxy/form.ejs b/frontend/js/app/nginx/proxy/form.ejs index 1a49830..3777b25 100644 --- a/frontend/js/app/nginx/proxy/form.ejs +++ b/frontend/js/app/nginx/proxy/form.ejs @@ -11,6 +11,7 @@ +
@@ -270,6 +271,54 @@
+ + +
+
+
+
+ +
+
+
+
+ + +
+
+
+
+ + +
+
+
+
+ + +
+
+
+
+ + +
+
+
+
+ + +
+
+
+
diff --git a/frontend/js/app/nginx/proxy/form.js b/frontend/js/app/nginx/proxy/form.js index 1dfb5c1..413712b 100644 --- a/frontend/js/app/nginx/proxy/form.js +++ b/frontend/js/app/nginx/proxy/form.js @@ -43,7 +43,9 @@ module.exports = Mn.View.extend({ dns_provider_credentials: 'textarea[name="meta[dns_provider_credentials]"]', propagation_seconds: 'input[name="meta[propagation_seconds]"]', forward_scheme: 'select[name="forward_scheme"]', - letsencrypt: '.letsencrypt' + letsencrypt: '.letsencrypt', + openidc_enabled: 'input[name="openidc_enabled"]', + openidc: '.openidc' }, regions: { @@ -113,7 +115,7 @@ module.exports = Mn.View.extend({ } else { this.ui.dns_provider.prop('required', false); this.ui.dns_provider_credentials.prop('required', false); - this.ui.dns_challenge_content.hide(); + this.ui.dns_challenge_content.hide(); } }, @@ -125,13 +127,24 @@ module.exports = Mn.View.extend({ this.ui.credentials_file_content.show(); } else { this.ui.dns_provider_credentials.prop('required', false); - this.ui.credentials_file_content.hide(); + this.ui.credentials_file_content.hide(); + } + }, + + 'change @ui.openidc_enabled': function () { + console.log('Changing'); + let checked = this.ui.openidc_enabled.prop('checked'); + + if (checked) { + this.ui.openidc.show().find('input').prop('required', true); + } else { + this.ui.openidc.hide().find('input').prop('required', false); } }, 'click @ui.add_location_btn': function (e) { e.preventDefault(); - + const model = new ProxyLocationModel.Model(); this.locationsCollection.add(model); }, @@ -167,17 +180,18 @@ module.exports = Mn.View.extend({ data.hsts_enabled = !!data.hsts_enabled; data.hsts_subdomains = !!data.hsts_subdomains; data.ssl_forced = !!data.ssl_forced; - + data.openidc_enabled = data.openidc_enabled === '1'; + if (typeof data.meta === 'undefined') data.meta = {}; data.meta.letsencrypt_agree = data.meta.letsencrypt_agree == 1; data.meta.dns_challenge = data.meta.dns_challenge == 1; - + if(!data.meta.dns_challenge){ data.meta.dns_provider = undefined; data.meta.dns_provider_credentials = undefined; data.meta.propagation_seconds = undefined; } else { - if(data.meta.propagation_seconds === '') data.meta.propagation_seconds = undefined; + if(data.meta.propagation_seconds === '') data.meta.propagation_seconds = undefined; } if (typeof data.domain_names === 'string' && data.domain_names) { @@ -185,7 +199,7 @@ module.exports = Mn.View.extend({ } // Check for any domain names containing wildcards, which are not allowed with letsencrypt - if (data.certificate_id === 'new') { + if (data.certificate_id === 'new') { let domain_err = false; if (!data.meta.dns_challenge) { data.domain_names.map(function (name) { @@ -203,6 +217,12 @@ module.exports = Mn.View.extend({ data.certificate_id = parseInt(data.certificate_id, 10); } + // OpenID Connect won't work with multiple domain names because the redirect URL has to point to a specific one + if (data.openidc_enabled && data.domain_names.length > 1) { + alert('Cannot use mutliple domain names when OpenID Connect is enabled'); + return; + } + let method = App.Api.Nginx.ProxyHosts.create; let is_new = true; @@ -344,6 +364,9 @@ module.exports = Mn.View.extend({ view.ui.certificate_select[0].selectize.setValue(view.model.get('certificate_id')); } }); + + // OpenID Connect + this.ui.openidc.hide().find('input').prop('required', false); }, initialize: function (options) { diff --git a/frontend/js/models/proxy-host.js b/frontend/js/models/proxy-host.js index b82d09f..77302a7 100644 --- a/frontend/js/models/proxy-host.js +++ b/frontend/js/models/proxy-host.js @@ -22,6 +22,12 @@ const model = Backbone.Model.extend({ block_exploits: false, http2_support: false, advanced_config: '', + openidc_enabled: false, + openidc_redirect_uri: null, + openidc_discovery: null, + openidc_auth_method: null, + openidc_client_id: null, + openidc_client_secret: null, enabled: true, meta: {}, // The following are expansions: