coop-cloud/directus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request 'sso' (#1) from sso into main

Browse Source 
Reviewed-on: #1
This commit is contained in:
val (he/him)
2026-01-08 15:32:40 +00:00
parent 3c818aaf6d 0d7f132f22
commit 126bec5ef7
6 changed files with 55 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.env.sample
View File

@ -35,7 +35,7 @@ ADMIN_EMAIL=mail@example.com
# https://directus.io/docs/configuration/auth-sso#openid-connect
#COMPOSE_FILE="$COMPOSE_FILE:compose.oidc.yml"
#SECRET_SIGNING_OIDC_VERSION=v1
#SECRET_OIDC_SECRET_VERSION=v1
#AUTH_DISABLE_DEFAULT="false"
#AUTH_SSO_LABEL="Single-Sign On"

2
abra.sh
View File

@ -1,6 +1,6 @@
# Set any config versions here
# Docs: https://docs.coopcloud.tech/maintainers/handbook/#manage-configs
export DIRECTUS_ENTRYPOINT_VERSION=v3
export DIRECTUS_ENTRYPOINT_VERSION=v4
export PG_BACKUP_VERSION=v1
# essentially a wrapper for directus-template-cli apply:

31
compose.oidc.yml Normal file
View File

@ -0,0 +1,31 @@
---
services:
app:
environment:
AUTH_PROVIDERS: "sso"
AUTH_DISABLE_DEFAULT: "${AUTH_DISABLE_DEFAULT:-false}"
AUTH_SSO_DRIVER: "openid"
AUTH_SSO_CLIENT_ID: ${AUTH_SSO_CLIENT_ID}
AUTH_SSO_CLIENT_SECRET_FILE: /run/secrets/oidc_secret
AUTH_SSO_ISSUER_URL: ${AUTH_SSO_ISSUER_URL}
AUTH_SSO_SCOPE: ${AUTH_SSO_SCOPE:-"openid profile email"}
AUTH_SSO_IDENTIFIER_KEY: ${AUTH_SSO_IDENTIFIER_KEY}
AUTH_SSO_ALLOW_PUBLIC_REGISTRATION: ${AUTH_SSO_ALLOW_PUBLIC_REGISTRATION:-false}
AUTH_SSO_REQUIRE_VERIFIED_EMAIL: ${AUTH_SSO_REQUIRE_VERIFIED_EMAIL:-false}
AUTH_SSO_DEFAULT_ROLE_ID: ${AUTH_SSO_DEFAULT_ROLE_ID}
AUTH_SSO_SYNC_USER_INFO: ${AUTH_SSO_SYNC_USER_INFO:-true}
AUTH_SSO_ROLE_MAPPING: ${AUTH_SSO_ROLE_MAPPING:-{}}"
AUTH_SSO_GROUP_CLAIM_NAME: ${AUTH_SSO_GROUP_CLAIM_NAME:-groups}
AUTH_SSO_ICON: ${AUTH_SSO_ICON:-account_circle}
AUTH_SSO_LABEL: ${AUTH_SSO_LABEL:-"Single Sign On"}
AUTH_SSO_PARAMS: ${AUTH_SSO_PARAMS:-{}}
AUTH_SSO_REDIRECT_ALLOW_LIST: ${AUTH_SSO_REDIRECT_ALLOW_LIST}
secrets:
- oidc_secret
secrets:
oidc_secret:
name: ${STACK_NAME}_oidc_secret_${SECRET_OIDC_SECRET_VERSION}
external: true

20
compose.smtp.yml Normal file
View File

@ -0,0 +1,20 @@
---
services:
app:
environment:
EMAIL_TRANSPORT: "smtp"
EMAIL_FROM: ${EMAIL_FROM}
EMAIL_SMTP_USER: ${EMAIL_SMTP_USER}
EMAIL_SMTP_HOST: ${EMAIL_SMTP_HOST}
EMAIL_SMTP_PORT: ${EMAIL_SMTP_PORT:-465}
EMAIL_SMTP_SECURE: ${EMAIL_SMTP_SECURE:-true}
EMAIL_SMTP_PASSWORD_FILE: /run/secrets/smtp_password
secrets:
- smtp_password
secrets:
smtp_password:
name: ${STACK_NAME}_smtp_password_${SECRET_SMTP_PASSWORD_VERSION}
external: true

11
compose.yml
View File

@ -24,13 +24,6 @@ services:
PUBLIC_URL: https://${DOMAIN}
EMAIL_TRANSPORT: ${EMAIL_TRANSPORT}
EMAIL_FROM: ${EMAIL_FROM}
EMAIL_SMTP_USER: ${EMAIL_SMTP_USER}
EMAIL_SMTP_HOST: ${EMAIL_SMTP_HOST}
EMAIL_SMTP_PORT: ${EMAIL_SMTP_PORT}
EMAIL_SMTP_SECURE: ${EMAIL_SMTP_SECURE}
networks:
- proxy
- internal
@ -54,7 +47,6 @@ services:
- db_password
- admin_password
- signing_secret
- smtp_password
deploy:
restart_policy:
@ -143,9 +135,6 @@ secrets:
signing_secret:
name: ${STACK_NAME}_signing_secret_${SECRET_SIGNING_SECRET_VERSION}
external: true
smtp_password:
name: ${STACK_NAME}_smtp_password_${SECRET_SMTP_PASSWORD_VERSION}
external: true
configs:
directus_entrypoint:

4
entrypoint.sh
View File

@ -14,8 +14,7 @@ load_secret() {
fi
export "$env_var"="$value"
else
echo >&2 "error: $secret_file does not exist"
exit 1
echo >&2 "info: $secret_file does not exist, if you don't use the secret it shouldn't be a problem"
fi
}
@ -23,6 +22,7 @@ load_secret "DB_PASSWORD" "/run/secrets/db_password"
load_secret "ADMIN_PASSWORD" "/run/secrets/admin_password"
load_secret "SIGNING_SECRET" "/run/secrets/signing_secret"
load_secret "EMAIL_SMTP_PASSWORD" "/run/secrets/smtp_password"
load_secret "OIDC_SECRET" "/run/secrets/oidc_secret"
# upstream has no entrypoint https://github.com/directus/directus/blob/main/Dockerfile
node cli.js bootstrap && pm2-runtime start ecosystem.config.cjs