Skip to content

Commit

Permalink
chore: Allow to provide access to the site using a referrer policy #11
Browse files Browse the repository at this point in the history
  • Loading branch information
@cnouguier
cnouguier committed Jul 3, 2024
1 parent 7a30ca2 commit 8d35a6b
Show file tree
Hide file tree
Showing 2 changed files with 52 additions and 38 deletions.
2 changes: 1 addition & 1 deletion docs/yarn.lock
View file
Original file line number Diff line number Diff line change
Expand Up @@ -795,7 +795,7 @@ vite@^5.2.11:

"vitepress-theme-kalisio@https://github.com/kalisio/vitepress-theme-kalisio":
version "0.1.0"
resolved "https://github.com/kalisio/vitepress-theme-kalisio#5d3ce09373b4bb0f920b34da2361ecb6f5f46069"
resolved "https://github.com/kalisio/vitepress-theme-kalisio#7a30ca229e520b56283154782b09a4f58e909261"

vitepress@^1.0.2:
version "1.2.2"
Expand Down
88 changes: 51 additions & 37 deletions layouts/KeycloakLayout.vue
View file
Original file line number Diff line number Diff line change
@@ -1,15 +1,6 @@
<template>
<div>
<div v-if="useKeycloak">
<div v-if="isAuthenticated">
<div v-if="hasAccess">
<Layout>
<Content />
</Layout>
</div>
</div>
</div>
<Layout v-else>
<div v-if="hasAccess">
<Layout>
<Content />
</Layout>
</div>
Expand All @@ -27,37 +18,60 @@ import Keycloak from 'keycloak-js'
const { theme } = useData()
const { Layout } = DefaultTheme
const $q = useQuasar()
const useKeycloak = ref(false)
const isAuthenticated = ref(false)
const hasAccess = ref(false)
// Functions
function passReferrer () {
if (!document.referrer) return false
let domains = _.get(theme.value, 'referrer.domains', [])
if (!Arrays.isArray(domains)) domains = [domains]
let hasAccess = false
_.forEach(domains, domain => {
if (document.referrer.contains(domain)) {
hasAccess = true
return false
}
})
return hasAccess
}
function passKeycloak () {
const keycloak = new Keycloak(theme.value.keycloak)
keycloak.init({ onLoad: 'login-required', checkLoginIframe: false }).then((auth) => {
if (auth) {
const acceptedRoles = _.get(theme.value, 'keycloak.roles', [])
if (_.isEmpty(acceptedRoles)) return true
// check roles
const userRoles = _.get(keycloak, 'realmAccess.roles', [])
if (!_.isEmpty(_.intersection(userRoles, acceptedRoles))) return true
return false
} else {
window.location.reload()
}
})
}
// Hooks
onMounted(() => {
if (!(_.isBoolean(theme.value.useKeycloak) && theme.value.useKeycloak) && (theme.value.useKeycloak !== 'true')) return false
if (theme.value.keycloak) {
useKeycloak.value = true
const keycloak = new Keycloak(theme.value.keycloak)
keycloak.init({ onLoad: 'login-required', checkLoginIframe: false }).then((auth) => {
if (auth) {
isAuthenticated.value = true
const acceptedRoles = _.get(theme.value, 'keycloak.roles', [])
if (_.isEmpty(acceptedRoles)) hasAccess.value = true
else {
const userRoles = _.get(keycloak, 'realmAccess.roles', [])
if (!_.isEmpty(_.intersection(userRoles, acceptedRoles))) hasAccess.value = true
else $q.dialog({
title: 'Accés refusé',
message: 'Vous n\'êtes pas autorisé à accèder à ce site'
}).onOk(() => {
window.location.href=theme.value.keycloak.fallbackUrl
})
}
} else {
window.location.reload()
}
const useReferrer = (_.isBoolean(theme.value.useReferrer) && theme.value.useReferrer) || theme.value.useReferrer === 'true'
const useKeycloak = (_.isBoolean(theme.value.useKeycloak) && theme.value.useKeycloak) || theme.value.useKeycloak === 'true'
if (useReferrer) {
hasAccess.value = passReferrer()
}
if (!hasAccess.value) {
if (useKeycloak) {
hasAccess.value = passKeycloak()
} else {
hasAccess.value = !useReferrer
}
}
if (!hasAccess.value) {
// otherwise
$q.dialog({
title: 'Accés refusé',
message: 'Vous n\'êtes pas autorisé à accèder à ce site'
}).onOk(() => {
window.location.href=theme.value.keycloak.fallbackUrl
})
} else {
console.error('Invalid SSO configutation: keycloak settings must be defined')
}
})
</script>

0 comments on commit 8d35a6b

Please sign in to comment.