Add OIDC authentification in project

src/app/api/admin/oidc/route.ts

@@ -0,0 +1,46 @@
+import { z } from 'zod';
+export const runtime = 'nodejs';
+import { parseRequest } from '@/lib/request';
+import { json, unauthorized } from '@/lib/response';
+import { getEffectiveOIDCConfig } from '@/lib/oidc';
+import { setSetting } from '@/queries/prisma/setting';
+
+const schema = z.object({
+  issuerUrl: z.string().url(),
+  clientId: z.string().min(1),
+  clientSecret: z.string().optional(),
+  redirectUri: z.string().url(),
+  scopes: z.string().default('openid profile email').optional(),
+  usernameClaim: z.string().default('preferred_username').optional(),
+  autoCreateUsers: z.boolean().default(true).optional(),
+});
+
+export async function GET(request: Request) {
+  const { auth, error } = await parseRequest(request);
+  if (error) return error();
+  if (!auth?.user?.isAdmin) return unauthorized();
+
+  const cfg = await getEffectiveOIDCConfig();
+  return json(cfg);
+}
+
+export async function POST(request: Request) {
+  const { auth, body, error } = await parseRequest(request, schema);
+  if (error) return error();
+  if (!auth?.user?.isAdmin) return unauthorized();
+
+  const { issuerUrl, clientId, clientSecret, redirectUri, scopes, usernameClaim, autoCreateUsers } =
+    body;
+
+  await Promise.all([
+    setSetting('oidc:issuerUrl', issuerUrl),
+    setSetting('oidc:clientId', clientId),
+    setSetting('oidc:clientSecret', clientSecret || null),
+    setSetting('oidc:redirectUri', redirectUri),
+    setSetting('oidc:scopes', scopes || 'openid profile email'),
+    setSetting('oidc:usernameClaim', usernameClaim || 'preferred_username'),
+    setSetting('oidc:autoCreateUsers', String(Boolean(autoCreateUsers))),
+  ]);
+
+  return json({ success: true });
+}