2025-07-31 23:30:50 +00:00 · 2025-07-24 08:50:59 +00:00 · 2025-07-24 13:57:57 +00:00 · 2025-07-27 23:49:34 +00:00 · 2025-07-28 07:06:22 +00:00
5 changed files with 47 additions and 0 deletions
--- a/.drone.yml
+++ b/.drone.yml
@ -22,6 +22,7 @@ steps:
      SECRET_SECRET_COOKIE_TOKEN_VERSION: v1
      SECRET_DB_PASSWORD_VERSION: v1
      SECRET_SMTP_PASSWORD_VERSION: v1
+      SECRET_OAUTH_APP_SECRET_VERSION: v1
 trigger:
  branch:
    - main
--- a/.env.sample
+++ b/.env.sample
@ -90,3 +90,17 @@ SECRET_DB_PASSWORD_VERSION=v1
 # THEME_ACCENT_COLOR=rgb(0,188,212)
 # THEME_TEXT_ON_PRIMARY_COLOR=rgb(255,255,255)
 # THEME_TEXT_ON_ACCENT_COLOR=rgb(255,255,255)
+
+# env variables needed to enable OAuth2 authentication  
+# COMPOSE_FILE="$COMPOSE_FILE:compose.oauth.yml"
+# OAUTH_ENABLED=1
+# OAUTH_AUTH_URL=
+# OAUTH_TOKEN_URL=
+# OAUTH_PROFILE_URL=
+# OAUTH_SCOPE=
+# OAUTH_APP_KEY=
+# OAUTH_ATTR_UID=
 file_env() {
   local var="$1"
   local fileVar="${var}_FILE"
   local def="${2:-}"
   if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
      echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
      exit 1
   fi
   local val="$def"
   if [ "${!var:-}" ]; then
      val="${!var}"
   elif [ "${!fileVar:-}" ]; then
      val="$(< "${!fileVar}")"
   fi
   export "$var"="$val"
   unset "$fileVar"
 }
 file_env "PEERTUBE_DB_PASSWORD"
 file_env "PEERTUBE_SECRET"
 file_env() {
   local var="$1"
   local fileVar="${var}_FILE"
   local def="${2:-}"

   if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
      echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
      exit 1
   fi

   local val="$def"

   if [ "${!var:-}" ]; then
      val="${!var}"
   elif [ "${!fileVar:-}" ]; then
      val="$(< "${!fileVar}")"
   fi

   export "$var"="$val"
   unset "$fileVar"
 }

 file_env "PEERTUBE_DB_PASSWORD"
 file_env "PEERTUBE_SECRET"
+# OAUTH_ATTR_NAME=
+# OAUTH_ATTR_EMAIL=
+# OAUTH_LOGIN_PROVIDER_NAME=
+# SECRET_OAUTH_APP_SECRET_VERSION=v1
--- a/compose.oauth.yml
+++ b/compose.oauth.yml
@ -0,0 +1,25 @@
+version: "3.8"
+
+x-oauth-env: &oauth-env
+  OAUTH_AUTH_URL:
+  OAUTH_TOKEN_URL:
+  OAUTH_PROFILE_URL:
+  OAUTH_SCOPE:
+  OAUTH_APP_KEY:
+  OAUTH_APP_SECRET_FILE: /run/secrets/oauth_app_secret
+  OAUTH_ATTR_UID:
+  OAUTH_ATTR_NAME:
+  OAUTH_ATTR_EMAIL:
+  OAUTH_LOGIN_PROVIDER_NAME:
+
+services:
+  app:
+    environment: 
+      *oauth-env
+    secrets:
+      - oauth_app_secret
+
+secrets:
+  oauth_app_secret:
+    name: ${STACK_NAME}_oauth_app_secret_${SECRET_OAUTH_APP_SECRET_VERSION}
+    external: true
--- a/entrypoint.sh
+++ b/entrypoint.sh
@ -25,6 +25,11 @@ file_env "DEVISE_SECRET"
 file_env "SECRET_COOKIE_TOKEN"
 file_env "POSTGRES_PASSWORD"
 file_env "SMTP_PASSWORD"
+
 {{ if eq (env "PEERTUBE_SMTP_ENABLED") "1" }}
 file_env "PEERTUBE_SMTP_PASSWORD"
 {{ end }}
 {{ if eq (env "PEERTUBE_SMTP_ENABLED") "1" }}
 file_env "PEERTUBE_SMTP_PASSWORD"
 {{ end }}
+{{ if eq (env "OAUTH_ENABLED") "1" }}
+file_env "OAUTH_APP_SECRET"
+{{ end }}
+
 export DB_HOST="db"
 export DATABASE_URL="postgresql://${POSTGRES_USER}:${POSTGRES_PASSWORD}@db/${POSTGRES_DB}"

--- a/release/5.1.0+v3.0.0
+++ b/release/5.1.0+v3.0.0
@ -0,0 +1,2 @@
+Add support for OAuth2. To use this feature copy and populate the new oauth2 env variables from the .env.sample to your locale .env config and insert the oauth2_app_secret secret into your recipe:
+abra app secret insert <domain> oauth_app_secret v1 <your oauth2 client secret>