diff --git a/blueprint.yaml b/blueprint.yaml index 2e790cba..adc25055 100644 --- a/blueprint.yaml +++ b/blueprint.yaml @@ -31,7 +31,7 @@ proxy-resources: # - owen@pangolin.net # whitelist-users: # - owen@pangolin.net - # auto-login-idp: My IDP Name + # auto-login-idp: 1 headers: - name: X-Example-Header value: example-value diff --git a/server/lib/blueprints/proxyResources.ts b/server/lib/blueprints/proxyResources.ts index eb03ad49..5fbebb5a 100644 --- a/server/lib/blueprints/proxyResources.ts +++ b/server/lib/blueprints/proxyResources.ts @@ -14,9 +14,7 @@ import { Transaction, userOrgs, userResources, - users, - idp, - idpOrg + users } from "@server/db"; import { resources, targets, sites } from "@server/db"; import { eq, and, asc, or, ne, count, isNotNull } from "drizzle-orm"; @@ -210,16 +208,6 @@ export async function updateProxyResources( ); resource = existingResource; } else { - // Lookup IDP ID if auto-login-idp is specified - let skipToIdpId: number | null = null; - if (resourceData.auth?.["auto-login-idp"]) { - skipToIdpId = await getIdpIdByName( - orgId, - resourceData.auth["auto-login-idp"], - trx - ); - } - // Update existing resource [resource] = await trx .update(resources) @@ -233,7 +221,7 @@ export async function updateProxyResources( domainId: domain ? domain.domainId : null, enabled: resourceEnabled, sso: resourceData.auth?.["sso-enabled"] || false, - skipToIdpId: skipToIdpId, + skipToIdpId: resourceData.auth?.["auto-login-idp"] || null, ssl: resourceSsl, setHostHeader: resourceData["host-header"] || null, tlsServerName: resourceData["tls-server-name"] || null, @@ -608,16 +596,6 @@ export async function updateProxyResources( ); } - // Lookup IDP ID if auto-login-idp is specified - let skipToIdpId: number | null = null; - if (resourceData.auth?.["auto-login-idp"]) { - skipToIdpId = await getIdpIdByName( - orgId, - resourceData.auth["auto-login-idp"], - trx - ); - } - // Create new resource const [newResource] = await trx .insert(resources) @@ -633,7 +611,7 @@ export async function updateProxyResources( domainId: domain ? domain.domainId : null, enabled: resourceEnabled, sso: resourceData.auth?.["sso-enabled"] || false, - skipToIdpId: skipToIdpId, + skipToIdpId: resourceData.auth?.["auto-login-idp"] || null, setHostHeader: resourceData["host-header"] || null, tlsServerName: resourceData["tls-server-name"] || null, ssl: resourceSsl, @@ -1108,22 +1086,3 @@ async function getDomainId( domainId: domainSelection.domainId }; } - -async function getIdpIdByName( - orgId: string, - idpName: string, - trx: Transaction -): Promise { - const [idpResult] = await trx - .select({ idpId: idp.idpId }) - .from(idp) - .innerJoin(idpOrg, eq(idp.idpId, idpOrg.idpId)) - .where(and(eq(idp.name, idpName), eq(idpOrg.orgId, orgId))) - .limit(1); - - if (!idpResult) { - throw new Error(`IDP not found: ${idpName} in org ${orgId}`); - } - - return idpResult.idpId; -} diff --git a/server/lib/blueprints/types.ts b/server/lib/blueprints/types.ts index d0790a65..e49024f9 100644 --- a/server/lib/blueprints/types.ts +++ b/server/lib/blueprints/types.ts @@ -59,7 +59,7 @@ export const AuthSchema = z.object({ }), "sso-users": z.array(z.string().email()).optional().default([]), "whitelist-users": z.array(z.string().email()).optional().default([]), - "auto-login-idp": z.string().min(1).optional(), + "auto-login-idp": z.number().int().positive().optional(), }); export const RuleSchema = z.object({