feat: implement OIDC provider management in GraphQL API (#1563)

Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>

Author: elibosley

.gitignore

@@ -76,6 +76,9 @@ typescript
 # Github actions
 RELEASE_NOTES.md
 
+# Test backups
+api/dev/configs/api.json.backup
+
 # Docker Deploy Folder
 deploy/*
 !deploy/.gitkeep

api/.env.development

@@ -17,6 +17,7 @@ PATHS_RCLONE_SOCKET=./dev/rclone-socket
 PATHS_LOG_BASE=./dev/log # Where we store logs
 PATHS_LOGS_FILE=./dev/log/graphql-api.log
 PATHS_CONNECT_STATUS_FILE_PATH=./dev/connectStatus.json # Connect plugin status file
+PATHS_OIDC_JSON=./dev/configs/oidc.local.json
 ENVIRONMENT="development"
 NODE_ENV="development"
 PORT="3001"

api/.gitignore

@@ -86,3 +86,8 @@ deploy/*
 # local api configs - don't need project-wide tracking
 dev/connectStatus.json
 dev/configs/*
+# local status - doesn't need to be tracked
+dev/connectStatus.json
+
+# local OIDC config for testing - contains secrets
+dev/configs/oidc.local.json

api/dev/configs/README.md

@@ -0,0 +1,34 @@
+# Development Configuration Files
+
+This directory contains configuration files for local development.
+
+## OIDC Configuration
+
+### oidc.json
+The default OIDC configuration file. This file is committed to git and should only contain non-sensitive test configurations.
+
+### Using a Local Configuration (gitignored)
+For local testing with real OAuth providers:
+
+1. Create an `oidc.local.json` file based on `oidc.json`
+2. Set the environment variable: `PATHS_OIDC_JSON=./dev/configs/oidc.local.json`
+3. The API will load your local configuration instead of the default
+
+Example:
+```bash
+PATHS_OIDC_JSON=./dev/configs/oidc.local.json pnpm dev
+```
+
+### Setting up OAuth Apps
+
+#### Google
+1. Go to [Google Cloud Console](https://console.cloud.google.com/)
+2. Create a new project or select existing
+3. Enable Google+ API
+4. Create OAuth 2.0 credentials
+5. Add authorized redirect URI: `http://localhost:3000/graphql/api/auth/oidc/callback`
+
+#### GitHub
+1. Go to GitHub Settings > Developer settings > OAuth Apps
+2. Create a new OAuth App
+3. Set Authorization callback URL: `http://localhost:3000/graphql/api/auth/oidc/callback`

api/dev/configs/api.json

@@ -1,7 +1,9 @@
 {
-    "version": "4.12.0",
-    "extraOrigins": [],
-    "sandbox": true,
-    "ssoSubIds": [],
-    "plugins": ["unraid-api-plugin-connect"]
-}
+  "version": "4.12.0",
+  "extraOrigins": [],
+  "sandbox": true,
+  "ssoSubIds": [],
+  "plugins": [
+    "unraid-api-plugin-connect"
+  ]
+}

api/dev/configs/connect.json

@@ -2,11 +2,11 @@
   "wanaccess": true,
   "wanport": 8443,
   "upnpEnabled": false,
-  "apikey": "_______________________BIG_API_KEY_HERE_________________________",
+  "apikey": "",
   "localApiKey": "_______________________LOCAL_API_KEY_HERE_________________________",
   "email": "test@example.com",
   "username": "zspearmint",
   "avatar": "https://via.placeholder.com/200",
   "regWizTime": "1611175408732_0951-1653-3509-FBA155FA23C0",
-  "dynamicRemoteAccessType": "DISABLED"
+  "dynamicRemoteAccessType": "STATIC"
 }

api/dev/configs/oidc.json

@@ -0,0 +1,21 @@
+{
+  "providers": [
+    {
+      "id": "unraid.net",
+      "name": "Unraid.net",
+      "clientId": "CONNECT_SERVER_SSO",
+      "issuer": "https://account.unraid.net",
+      "authorizationEndpoint": "https://account.unraid.net/sso/",
+      "tokenEndpoint": "https://account.unraid.net/api/oauth2/token",
+      "scopes": [
+        "openid",
+        "profile",
+        "email"
+      ],
+      "authorizedSubIds": [
+        "297294e2-b31c-4bcc-a441-88aee0ad609f"
+      ],
+      "buttonText": "Login With Unraid.net"
+    }
+  ]
+}