ФУНКЦИИ - NODEDC AUTH: register logout redirect uri

2026-05-04 22:36:27 +03:00 · 2026-05-04 22:36:27 +03:00 · b34461f64e
parent 55beb7f026
commit b34461f64e
2 changed files with 18 additions and 1 deletions
--- a/infra/.env.example
+++ b/infra/.env.example
@ -32,6 +32,7 @@ LAUNCHER_OIDC_ISSUER=http://auth.local.nodedc/application/o/launcher/
 LAUNCHER_OIDC_CLIENT_ID=nodedc-launcher
 LAUNCHER_OIDC_CLIENT_SECRET=change-me-generate-with-bootstrap-authentik-dev
 LAUNCHER_OIDC_REDIRECT_URI=http://launcher.local.nodedc/auth/callback
+LAUNCHER_OIDC_LOGGED_OUT_REDIRECT_URI=http://launcher.local.nodedc/auth/logged-out

 # plane oidc
 PLANE_OIDC_ISSUER=http://auth.local.nodedc/application/o/task-manager/
--- a/infra/authentik/bootstrap-dev.py
+++ b/infra/authentik/bootstrap-dev.py
@ -39,6 +39,8 @@ APP_SPECS = [
        "client_id_env": "LAUNCHER_OIDC_CLIENT_ID",
        "client_secret_env": "LAUNCHER_OIDC_CLIENT_SECRET",
        "redirect_uri_env": "LAUNCHER_OIDC_REDIRECT_URI",
+        "logged_out_redirect_uri_env": "LAUNCHER_OIDC_LOGGED_OUT_REDIRECT_URI",
+        "default_logged_out_redirect_uri": "http://launcher.local.nodedc/auth/logged-out",
        "launch_url": "http://launcher.local.nodedc",
        "logout_uri": "http://launcher.local.nodedc/logout",
        "groups": ["nodedc:superadmin", "nodedc:launcher:admin", "nodedc:launcher:user"],
@ -66,6 +68,10 @@ def required_env(name):
    return value


+def optional_env(name, default=""):
+    return environ.get(name, default).strip()
+
+
 def ensure_group(name, is_superuser=False):
    group, _ = Group.objects.get_or_create(name=name)
    group.is_superuser = is_superuser
@ -241,8 +247,18 @@ def ensure_provider(spec, mappings):
    provider.client_type = ClientTypes.CONFIDENTIAL
    provider.client_id = required_env(spec["client_id_env"])
    provider.client_secret = required_env(spec["client_secret_env"])
+    redirect_uri_values = [required_env(spec["redirect_uri_env"])]
+    logged_out_redirect_uri = optional_env(
+        spec.get("logged_out_redirect_uri_env", ""),
+        spec.get("default_logged_out_redirect_uri", ""),
+    )
+
+    if logged_out_redirect_uri:
+        redirect_uri_values.append(logged_out_redirect_uri)
+
    provider.redirect_uris = [
-        RedirectURI(RedirectURIMatchingMode.STRICT, required_env(spec["redirect_uri_env"]))
+        RedirectURI(RedirectURIMatchingMode.STRICT, redirect_uri)
+        for redirect_uri in dict.fromkeys(redirect_uri_values)
    ]
    provider.logout_uri = spec["logout_uri"]
    provider.logout_method = OAuth2LogoutMethod.FRONTCHANNEL