nishantr/Authentik
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

deploy code

Browse Source
This commit is contained in:
NishantRajputRN
2026-05-19 18:08:06 +05:30
parent e886bddfd1
commit 44d3f015fe
45 changed files with 5072 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
backend/src/index.js
+59
View File
@@ -0,0 +1,59 @@
import 'dotenv/config';
import cors from 'cors';
import express from 'express';
import { initAuth, requireAccessToken } from './middleware/auth.js';
function resolveIssuer() {
if (process.env.OIDC_ISSUER?.trim()) {
const issuer = process.env.OIDC_ISSUER.trim();
return issuer.endsWith('/') ? issuer : `${issuer}/`;
}
const base = process.env.AUTHENTIK_URL?.trim();
const slug = process.env.OIDC_APP_SLUG?.trim() || 'oidc-demo';
if (!base) return null;
return `${base.replace(/\/+$/, '')}/application/o/${slug}/`;
}
const port = Number(process.env.PORT) || 3001;
const oidcIssuer = resolveIssuer();
const corsOrigin = process.env.CORS_ORIGIN ?? 'http://localhost:5173';
if (!oidcIssuer) {
console.error(
'Set OIDC_ISSUER or AUTHENTIK_URL + OIDC_APP_SLUG in backend/.env',
);
process.exit(1);
}
initAuth({
oidcIssuer,
oidcAudience: process.env.OIDC_AUDIENCE,
});
const app = express();
app.use(
cors({
origin: corsOrigin,
credentials: true,
}),
);
app.get('/health', (_req, res) => {
res.json({ status: 'ok', issuer: oidcIssuer });
});
app.get('/api/me', requireAccessToken, (req, res) => {
res.json({
message: 'Authorized via access token',
sub: req.auth.sub,
email: req.auth.email,
name: req.auth.name,
scopes: req.auth.scope,
});
});
app.listen(port, () => {
console.log(`API listening on http://localhost:${port}`);
console.log(`OIDC issuer: ${oidcIssuer}`);
});
backend/src/middleware/auth.js
+33
View File
@@ -0,0 +1,33 @@
import { createRemoteJWKSet, jwtVerify } from 'jose';
let jwks;
let issuer;
export function initAuth({ oidcIssuer, oidcAudience }) {
issuer = oidcIssuer.replace(/\/?$/, '/');
const jwksUri = new URL('.well-known/jwks', issuer);
jwks = createRemoteJWKSet(jwksUri);
}
export async function requireAccessToken(req, res, next) {
const header = req.headers.authorization;
if (!header?.startsWith('Bearer ')) {
return res.status(401).json({ error: 'Missing Bearer access token' });
}
const token = header.slice(7);
try {
const { payload } = await jwtVerify(token, jwks, {
issuer,
audience: process.env.OIDC_AUDIENCE || undefined,
});
req.auth = payload;
next();
} catch (err) {
return res.status(401).json({
error: 'Invalid access token',
detail: err instanceof Error ? err.message : 'verification failed',
});
}
}