geprog
diff --git a/‎.github/workflows/publish.yml
+70 b/‎.github/workflows/publish.yml
+70
diff --git a/‎.github/workflows/tests.yml
+69 b/‎.github/workflows/tests.yml
+69
diff --git a/‎.gitignore
+27 b/‎.gitignore
+27
diff --git a/‎.vscode/settings.json
+37 b/‎.vscode/settings.json
+37
diff --git a/‎Dockerfile
+4 b/‎Dockerfile
+4
diff --git a/‎LICENSE
+21 b/‎LICENSE
+21
diff --git a/‎README.md
+47 b/‎README.md
+47
diff --git a/‎app.vue
+19 b/‎app.vue
+19
diff --git a/‎components/LoadingAnimation.vue
+11 b/‎components/LoadingAnimation.vue
+11
diff --git a/‎components/PageContent.vue
+12 b/‎components/PageContent.vue
+12
@@ -0,0 +1,70 @@
+name: Publish
+on:
+  push:
+    branches:
+      - main
+    tags:
+      - "*"
+  pull_request:
+    branches:
+      - main
+
+env:
+  REGISTRY: ghcr.io
+
+jobs:
+  docker:
+    name: Docker image publishing
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v3
+        with:
+          node-version: "20"
+
+      - name: Cache pnpm modules
+        uses: actions/cache@v3
+        with:
+          path: ~/.pnpm-store
+          key: ${{ runner.os }}-${{ hashFiles('**/pnpm-lock.yaml') }}
+          restore-keys: |
+            ${{ runner.os }}-
+
+      - uses: pnpm/action-setup@v2
+        with:
+          version: 8
+          run_install: true
+
+      - name: Build
+        run: pnpm run build
+
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v4
+        with:
+          images: ${{ env.REGISTRY }}/${{ github.repository }}
+          tags: |
+            type=ref,event=tag
+            type=ref,event=pr
+            type=raw,value=next,enable={{is_default_branch}}
+
+      - name: Login to registry
+        if: github.event_name != 'pull_request'
+        uses: docker/login-action@v2
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Build and push
+        uses: docker/build-push-action@v4
+        with:
+          context: .
+          push: ${{ github.event_name != 'pull_request' }}
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
@@ -0,0 +1,69 @@
+name: Tests
+on:
+  pull_request:
+    branches:
+      - main
+  push:
+    branches:
+      - main
+
+jobs:
+  typecheck:
+    name: Typecheck
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v3
+        with:
+          node-version: "20"
+
+      - name: Cache pnpm modules
+        uses: actions/cache@v3
+        with:
+          path: ~/.pnpm-store
+          key: ${{ runner.os }}-${{ hashFiles('**/pnpm-lock.yaml') }}
+          restore-keys: |
+            ${{ runner.os }}-
+
+      - uses: pnpm/action-setup@v2
+        with:
+          version: 8
+          run_install: true
+
+      - name: Typecheck
+        run: pnpm run typecheck
+
+  linting:
+    name: Linting
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v3
+        with:
+          node-version: "20"
+
+      - name: Cache pnpm modules
+        uses: actions/cache@v3
+        with:
+          path: ~/.pnpm-store
+          key: ${{ runner.os }}-${{ hashFiles('**/pnpm-lock.yaml') }}
+          restore-keys: |
+            ${{ runner.os }}-
+
+      - uses: pnpm/action-setup@v2
+        with:
+          version: 8
+          run_install: true
+
+      - name: Check format
+        run: pnpm lint
@@ -0,0 +1,27 @@
+# Nuxt dev/build outputs
+.output
+.data
+.nuxt
+.nitro
+.cache
+dist
+
+# Node dependencies
+node_modules
+
+# Logs
+logs
+*.log
+
+# Misc
+.DS_Store
+.fleet
+.idea
+
+# Local env files
+.env
+.env.*
+!.env.example
+
+# Storage
+data
@@ -0,0 +1,37 @@
+{
+  // ########## START - eslint formatting options (https://github.com/antfu/eslint-config?tab=readme-ov-file#ide-support-auto-fix-on-save) ##############
+  // Disable the default formatter, use eslint instead
+  "prettier.enable": false,
+  "editor.formatOnSave": false,
+
+  // Auto fix
+  "editor.codeActionsOnSave": {
+    "source.fixAll.eslint": "explicit",
+    "source.organizeImports": "never"
+  },
+
+  // Enable eslint for all supported languages
+  "eslint.validate": [
+    "javascript",
+    "javascriptreact",
+    "typescript",
+    "typescriptreact",
+    "vue",
+    "html",
+    "markdown",
+    "json",
+    "jsonc",
+    "yaml",
+    "toml",
+    "xml",
+    "gql",
+    "graphql",
+    "astro",
+    "svelte",
+    "css",
+    "less",
+    "scss",
+    "pcss",
+    "postcss"
+  ],
+}
@@ -0,0 +1,4 @@
+FROM node:20
+WORKDIR /app
+COPY .output ./
+CMD ["node", "server/index.mjs"]
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2024 GEPROG GmbH
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
@@ -0,0 +1,47 @@
+# OAuth2 Bridge
+
+A small UI that allows to proxy oAuth2 providers that does not allow wildcard redirect uris.
+This is especially a problem when dealing with review environments or multi tenant environments based on subdomains.
+
+## Usage
+
+Use it via the docker image `ghcr.io/geprog/oauth2-bridge` with the following environment variables
+
+- `NUXT_AUTH_NAME` - the session cookie name. Defaults to `oauth2-bridge-session`
+- `NUXT_AUTH_PASSWORD` - the master password for the admin console. Should be a random 64 characters long key.
+
+The docker container exposes the entre app under port `3000`.
+
+To persist data you should mount a volume `/app/data`.
+
+### Managing proxies
+
+In the UI you can configure different proxies.
+Per proxy you need to set 
+- a `name` (must be unique)
+- an authorization URI e.g. `https://login.microsoftonline.com/${TENANT_ID}/oauth2/v2.0/authorize` (with your specific tenant id of course)
+- a token URI e.g. `https://login.microsoftonline.com/${TENANT_ID}/oauth2/v2.0/token` (with your specific tenant id of course)
+
+You can also add and remove redirect URIs per proxy.
+
+To use your proxy you need to configure your app to use the following paths of the hosted oauth2-bridge
+- Authorization URL `/api/proxies/${proxyName}/bridge/auth`
+- Token URL `/api/proxies/${proxyName}/bridge/token`
+
+All the "normal" oauth2 parameters like `clientId`, `clientSecrect` and so on must be define in your app.
+OAuth2-Bridge will forward them to the actual oAuth2 provider configured in the proxy.
+
+Only requests matching one of the configured redirect URIs are allowed.
+
+### Adding/Removing redirect URIs
+
+Of course you can add and remove redirect URIs manually via the web app.
+
+But you can also generate an API Token per Proxy.
+With this API Token you can add and remove redirect URIs per simple http call from your CI.
+
+To add a redirect URI via curl use
+`curl -H "Api-Token: <PROXY_API_TOKEN>" "<OAUTH2_BRIDGE_HOST>/api/proxies/<PROXY_NAME>/redirect-uri/add?redirectUri=<REDIRECT_URI_TO_ADD>"`
+
+To remove a redirect URI via curl use
+`curl -H "Api-Token: <PROXY_API_TOKEN>" "<OAUTH2_BRIDGE_HOST>/api/proxies/<PROXY_NAME>/redirect-uri/remove?redirectUri=<REDIRECT_URI_TO_ADD>"`
@@ -0,0 +1,19 @@
+<template>
+  <NuxtLayout>
+    <NuxtPage />
+    <UNotifications />
+  </NuxtLayout>
+</template>
+
+<script setup lang="ts">
+const toast = useToast()
+
+onErrorCaptured((error) => {
+  console.error(error)
+  toast.add({
+    title: 'An unexpected error occurred',
+    description: error.message,
+    color: 'red',
+  })
+})
+</script>
@@ -0,0 +1,11 @@
+<template>
+  <div class="flex flex-1 flex-col items-center justify-center">
+    <UIcon
+      name="i-heroicons-arrow-path-20-solid"
+      class="mx-auto h-6 w-6 animate-spin text-gray-400 dark:text-gray-500"
+    />
+    <p class="text-center text-sm text-gray-900 dark:text-white">
+      Loading...
+    </p>
+  </div>
+</template>
@@ -0,0 +1,12 @@
+<template>
+  <section class="flex flex-col gap-2 items-center w-full">
+    <h2 class="font-bold text-lg">
+      {{ title }}
+    </h2>
+    <slot />
+  </section>
+</template>
+
+<script setup lang="ts">
+defineProps<{ title: string }>()
+</script>