feat: allow generic provider to use untrusted SSL certificates

2025-11-04 08:05:42 +00:00 · 2025-05-25 12:48:57 +03:00
parent 3c3bd719db
commit 1dfa54305f
5 changed files with 36 additions and 10 deletions
--- a/internal/oauth/oauth.go
+++ b/internal/oauth/oauth.go
@@ -3,28 +3,48 @@ package oauth
 import (
 	"context"
 	"crypto/rand"
+	"crypto/tls"
 	"encoding/base64"
 	"net/http"

 	"golang.org/x/oauth2"
 )

-func NewOAuth(config oauth2.Config) *OAuth {
+func NewOAuth(config oauth2.Config, insecureSkipVerify bool) *OAuth {
 	return &OAuth{
-		Config: config,
+		Config:             config,
+		InsecureSkipVerify: insecureSkipVerify,
 	}
 }

 type OAuth struct {
-	Config   oauth2.Config
-	Context  context.Context
-	Token    *oauth2.Token
-	Verifier string
+	Config             oauth2.Config
+	Context            context.Context
+	Token              *oauth2.Token
+	Verifier           string
+	InsecureSkipVerify bool
 }

 func (oauth *OAuth) Init() {
-	// Create a new context and verifier
+	// Create transport with TLS
+	transport := &http.Transport{
+		TLSClientConfig: &tls.Config{
+			InsecureSkipVerify: oauth.InsecureSkipVerify,
+		},
+	}
+
+	// Create a new context
 	oauth.Context = context.Background()
+
+	// Create the HTTP client with the transport
+	httpClient := &http.Client{
+		Transport: transport,
+	}
+
+	// Set the HTTP client in the context
+	oauth.Context = context.WithValue(oauth.Context, oauth2.HTTPClient, httpClient)
+
+	// Create the verifier
 	oauth.Verifier = oauth2.GenerateVerifier()
 }

--- a/internal/providers/providers.go
+++ b/internal/providers/providers.go
@@ -36,7 +36,7 @@ func (providers *Providers) Init() {
 			RedirectURL:  fmt.Sprintf("%s/api/oauth/callback/github", providers.Config.AppURL),
 			Scopes:       GithubScopes(),
 			Endpoint:     endpoints.GitHub,
-		})
+		}, false)

 		// Initialize the oauth provider
 		providers.Github.Init()
@@ -53,7 +53,7 @@ func (providers *Providers) Init() {
 			RedirectURL:  fmt.Sprintf("%s/api/oauth/callback/google", providers.Config.AppURL),
 			Scopes:       GoogleScopes(),
 			Endpoint:     endpoints.Google,
-		})
+		}, false)

 		// Initialize the oauth provider
 		providers.Google.Init()
@@ -73,7 +73,7 @@ func (providers *Providers) Init() {
 				AuthURL:  providers.Config.GenericAuthURL,
 				TokenURL: providers.Config.GenericTokenURL,
 			},
-		})
+		}, providers.Config.GenericSkipSSL)

 		// Initialize the oauth provider
 		providers.Generic.Init()
--- a/internal/types/config.go
+++ b/internal/types/config.go
@@ -24,6 +24,7 @@ type Config struct {
 	GenericTokenURL         string `mapstructure:"generic-token-url"`
 	GenericUserURL          string `mapstructure:"generic-user-url"`
 	GenericName             string `mapstructure:"generic-name"`
+	GenericSkipSSL          bool   `mapstructure:"generic-skip-ssl"`
 	DisableContinue         bool   `mapstructure:"disable-continue"`
 	OAuthWhitelist          string `mapstructure:"oauth-whitelist"`
 	OAuthAutoRedirect       string `mapstructure:"oauth-auto-redirect" validate:"oneof=none github google generic"`
@@ -62,6 +63,7 @@ type OAuthConfig struct {
 	GenericAuthURL      string
 	GenericTokenURL     string
 	GenericUserURL      string
+	GenericSkipSSL      bool
 	AppURL              string
 }