Merge branch 'feat/oidc-integration' of github.com:er-santosh/bigcapi…

…tal into feat/oidc-integration

.env.example

@@ -104,6 +104,7 @@ OIDC_TOKEN_ENDPOINT=
 OIDC_USERINFO_ENDPOINT=
 OIDC_ENDSESSION_ENDPOINT=
 OIDC_REVOCATION_ENDPOINT=
+OIDC_INTROSPECTION_ENDPOINT=
 OIDC_CLIENT_ID=
 OIDC_CLIENT_SECRET=
 OIDC_REDIRECT_URI=

docker-compose.prod.yml

@@ -92,6 +92,21 @@ services:
       - GOTENBERG_URL=${GOTENBERG_URL}
       - GOTENBERG_DOCS_URL=${GOTENBERG_DOCS_URL}
 
+      # OIDC
+      - OIDC_LOGIN_DISABLED=${OIDC_LOGIN_DISABLED:-false}
+      - OIDC_ISSUER=${OIDC_ISSUER}
+      - OIDC_AUTHORIZATION_ENDPOINT=${OIDC_AUTHORIZATION_ENDPOINT}
+      - OIDC_TOKEN_ENDPOINT=${OIDC_TOKEN_ENDPOINT}
+      - OIDC_USERINFO_ENDPOINT=${OIDC_USERINFO_ENDPOINT}
+      - OIDC_ENDSESSION_ENDPOINT=${OIDC_ENDSESSION_ENDPOINT}
+      - OIDC_REVOCATION_ENDPOINT=${OIDC_REVOCATION_ENDPOINT}
+      - OIDC_INTROSPECTION_ENDPOINT=${OIDC_INTROSPECTION_ENDPOINT}
+      - OIDC_CLIENT_ID=${OIDC_CLIENT_ID}
+      - OIDC_CLIENT_SECRET=${OIDC_CLIENT_SECRET}
+      - OIDC_REDIRECT_URI=${OIDC_REDIRECT_URI}
+      - OIDC_SCOPE=${OIDC_SCOPE}
+      - OIDC_JWK_URI=${OIDC_JWK_URI}
+
   database_migration:
     container_name: bigcapital-database-migration
     build:

packages/server/package.json

@@ -90,17 +90,17 @@
     "objection-soft-delete": "^1.0.7",
     "objection-unique": "^1.2.2",
     "openid-client": "^5.6.5",
-    "plaid": "^10.3.0",
     "pluralize": "^8.0.0",
     "pug": "^3.0.2",
     "puppeteer": "^10.2.0",
+    "plaid": "^10.3.0",
     "qim": "0.0.52",
     "ramda": "^0.27.1",
     "rate-limiter-flexible": "^2.1.14",
     "reflect-metadata": "^0.1.13",
     "rtl-detect": "^1.0.4",
-    "socket.io": "^4.7.4",
     "source-map-loader": "^4.0.1",
+    "socket.io": "^4.7.4",
     "tmp-promise": "^3.0.3",
     "ts-transformer-keys": "^0.4.2",
     "tsyringe": "^4.3.0",

packages/server/src/api/middleware/oidcSession.ts

@@ -12,9 +12,10 @@ const oidcSessionMiddleware = async (
     const oidcAccessToken = token.oidc_access_token;
 
     if (oidcAccessToken) {
-      const oidcUser = await oidcClient.userinfo(oidcAccessToken);
-
-      if (!oidcUser) {
+      const introspectionResponse = await oidcClient.introspect(
+        oidcAccessToken
+      );
+      if (!introspectionResponse.active) {
         return res.boom.unauthorized();
       }
     }

packages/server/src/config/oidcConfig.ts

@@ -17,6 +17,7 @@ export const oidcConfig = {
   OIDC_REDIRECT_URI: process.env.OIDC_REDIRECT_URI,
   OIDC_SCOPE: process.env.OIDC_SCOPE,
   OIDC_JWK_URI: process.env.OIDC_JWK_URI,
+  OIDC_INTROSPECTION_ENDPOINT: process.env.OIDC_INTROSPECTION_ENDPOINT
 };
 
 export const issuerMetadata: IssuerMetadata = {
@@ -26,6 +27,7 @@ export const issuerMetadata: IssuerMetadata = {
   userinfo_endpoint: oidcConfig.OIDC_USERINFO_ENDPOINT,
   end_session_endpoint: oidcConfig.OIDC_ENDSESSION_ENDPOINT,
   revocation_endpoint: oidcConfig.OIDC_REVOCATION_ENDPOINT,
+  introspection_endpoint: oidcConfig.OIDC_INTROSPECTION_ENDPOINT,
   jwks_uri: oidcConfig.OIDC_JWK_URI,
 };
 

packages/webapp/src/lang/ar/index.json

@@ -1592,8 +1592,8 @@
   "refund": "استرجاع",
   "landed_cost.dialog.label_select_transaction": "حدد المعاملة ",
   "landed_cost.dialog.label_select_transaction_entry": "حدد سطر المعاملة ",
-  "landed_cost.dialog.label_unallocated_cost_amount": "قيمة التكلفة غير المحملة:",
-  "landed_cost.error.the_total_located_cost_is_bigger_than_the_transaction_line": "إجمالي قيمة التكلفة المحملة أكبر من قيمة سطر المعاملة.",
+  "landed_cost.dialog.label_unallocated_cost_amount":"قيمة التكلفة غير المحملة:",
+  "landed_cost.error.the_total_located_cost_is_bigger_than_the_transaction_line":"إجمالي قيمة التكلفة المحملة أكبر من قيمة سطر المعاملة.",
   "landed_cost.once_your_delete_this_located_landed_cost": "بمجرد حذف معاملة تحميل التكلفة ، لن تتمكن من استعادتها لاحقًا ، هل أنت متأكد من أنك تريد حذف هذه المعاملة؟",
   "refund_credit_note.dialog.label": "استرجاع اموال",
   "refund_credit_note.dialog.success_message": "تم انشاء معاملة استرجاع الاموال لإشعار الدائن بنجاح.",