diff --git a/config.schema.json b/config.schema.json
index 3661d7464..4539cb5b2 100644
--- a/config.schema.json
+++ b/config.schema.json
@@ -10,7 +10,32 @@
"sessionMaxAgeHours": { "type": "number" },
"api": {
"description": "Third party APIs",
- "type": "object"
+ "type": "object",
+ "properties": {
+ "ls": {
+ "type": "object",
+ "description": "Configuration used in conjunction with ActiveDirectory auth, which relates to a REST API used to check user group membership, as opposed to direct querying via LDAP.
If this configuration is set direct querying of group membership via LDAP will be disabled.",
+ "properties": {
+ "userInADGroup": {
+ "type": "string",
+ "description": "URL template for a GET request that confirms a user's membership of a specific group. Should respond with a non-empty 200 status if the user is a member of the group, an empty response or non-200 status indicates that the user is not a group member. If set, this URL will be queried and direct queries via LDAP will be disabled. The template should contain the following string placeholders, which will be replaced to produce the final URL:- \"<domain>\": AD domain,
- \"<name>\": The group name to check membership of.
- \"<id>\": The username to check group membership for.
",
+ "examples": [
+ "https://somedomain.com/some/path/checkUserGroups?domain=&name=&id="
+ ]
+ }
+ }
+ },
+ "github": {
+ "type": "object",
+ "properties": {
+ "baseUrl": {
+ "type": "string",
+ "format": "uri",
+ "examples": ["https://api.github.com"]
+ }
+ }
+ }
+ }
},
"commitConfig": {
"description": "Enforce rules and patterns on commits including e-mail and message",
@@ -169,12 +194,98 @@
},
"authentication": {
"type": "object",
- "properties": {
- "type": { "type": "string" },
- "enabled": { "type": "boolean" },
- "options": { "type": "object" }
- },
- "required": ["type", "enabled"]
+ "description": "Configuration for an authentication source",
+ "oneOf": [
+ {
+ "title": "Local Auth Config",
+ "description": "Configuration for the use of the local database as the authentication source.",
+ "properties": {
+ "type": { "type": "string", "const": "local" },
+ "enabled": { "type": "boolean" }
+ },
+ "required": ["type", "enabled"]
+ },
+ {
+ "title": "Active Directory Auth Config",
+ "description": "Configuration for Active Directory authentication.",
+ "properties": {
+ "type": { "type": "string", "const": "ActiveDirectory" },
+ "enabled": { "type": "boolean" },
+ "adminGroup": {
+ "type": "string",
+ "description": "Group that indicates that a user is an admin"
+ },
+ "userGroup": {
+ "type": "string",
+ "description": "Group that indicates that a user should be able to login to the Git Proxy UI and can work as a reviewer"
+ },
+ "domain": { "type": "string", "description": "Active Directory domain" },
+ "adConfig": {
+ "type": "object",
+ "description": "Additional Active Directory configuration supporting LDAP connection which can be used to confirm group membership. For the full set of available options see the activedirectory 2 NPM module docs at https://www.npmjs.com/package/activedirectory2#activedirectoryoptions
Please note that if the Third Party APIs config `api.ls.userInADGroup` is set then the REST API it represents is used in preference to direct querying of group memebership via LDAP.",
+ "properties": {
+ "url": {
+ "type": "string",
+ "description": "Active Directory server to connect to, e.g. `ldap://ad.example.com`."
+ },
+ "baseDN": {
+ "type": "string",
+ "description": "The root DN from which all searches will be performed, e.g. `dc=example,dc=com`."
+ },
+ "username": {
+ "type": "string",
+ "description": "An account name capable of performing the operations desired."
+ },
+ "password": {
+ "type": "string",
+ "description": "Password for the given `username`."
+ }
+ },
+ "required": ["url", "baseDN", "username", "password"]
+ }
+ },
+ "required": ["type", "enabled", "adminGroup", "userGroup", "domain"]
+ },
+ {
+ "title": "Open ID Connect Auth Config",
+ "description": "Configuration for Open ID Connect authentication.",
+ "properties": {
+ "type": { "type": "string", "const": "openidconnect" },
+ "enabled": { "type": "boolean" },
+ "oidcConfig": {
+ "type": "object",
+ "description": "Additional OIDC configuration.",
+ "properties": {
+ "issuer": { "type": "string" },
+ "clientID": { "type": "string" },
+ "clientSecret": { "type": "string" },
+ "callbackURL": { "type": "string" },
+ "scope": { "type": "string" }
+ },
+ "required": ["issuer", "clientID", "clientSecret", "callbackURL", "scope"]
+ }
+ },
+ "required": ["type", "enabled", "oidcConfig"]
+ },
+ {
+ "title": "JWT Auth Config",
+ "description": "Configuration for JWT authentication.",
+ "properties": {
+ "type": { "type": "string", "const": "jwt" },
+ "enabled": { "type": "boolean" },
+ "jwtConfig": {
+ "type": "object",
+ "description": "Additional JWT configuration.",
+ "properties": {
+ "clientID": { "type": "string" },
+ "authorityURL": { "type": "string" }
+ },
+ "required": ["clientID", "authorityURL"]
+ }
+ },
+ "required": ["type", "enabled", "jwtConfig"]
+ }
+ ]
},
"routeAuthRule": {
"type": "object",
diff --git a/proxy.config.json b/proxy.config.json
index 618603a6a..99d000731 100644
--- a/proxy.config.json
+++ b/proxy.config.json
@@ -51,7 +51,9 @@
"adConfig": {
"url": "",
"baseDN": "",
- "searchBase": ""
+ "searchBase": "",
+ "username": "",
+ "password": ""
}
},
{
diff --git a/src/config/index.ts b/src/config/index.ts
index 63174a296..db8f19f34 100644
--- a/src/config/index.ts
+++ b/src/config/index.ts
@@ -87,7 +87,7 @@ export const getDatabase = () => {
}
}
- throw Error('No database cofigured!');
+ throw Error('No database configured!');
};
/**
diff --git a/src/service/passport/activeDirectory.js b/src/service/passport/activeDirectory.js
index 8d8752371..e5eb6f8a2 100644
--- a/src/service/passport/activeDirectory.js
+++ b/src/service/passport/activeDirectory.js
@@ -31,18 +31,35 @@ const configure = (passport) => {
profile.id = profile.username;
req.user = profile;
- // First check to see if the user is in the usergroups
- const isUser = await ldaphelper.isUserInAdGroup(profile.username, domain, userGroup);
-
- if (!isUser) {
- const message = `User it not a member of ${userGroup}`;
+ console.log(
+ `passport.activeDirectory: resolved login ${
+ profile._json.userPrincipalName
+ }, profile=${JSON.stringify(profile)}`,
+ );
+ // First check to see if the user is in the AD user group
+ try {
+ const isUser = await ldaphelper.isUserInAdGroup(req, profile, ad, domain, userGroup);
+ if (!isUser) {
+ const message = `User it not a member of ${userGroup}`;
+ return done(message, null);
+ }
+ } catch (e) {
+ const message = `An error occurred while checking if the user is a member of the user group: ${JSON.stringify(e)}`;
return done(message, null);
}
-
+
// Now check if the user is an admin
- const isAdmin = await ldaphelper.isUserInAdGroup(profile.username, domain, adminGroup);
+ let isAdmin = false;
+ try {
+ isAdmin = await ldaphelper.isUserInAdGroup(req, profile, ad, domain, adminGroup);
+
+ } catch (e) {
+ const message = `An error occurred while checking if the user is a member of the admin group: ${JSON.stringify(e)}`;
+ console.error(message, e); // don't return an error for this case as you may still be a user
+ }
profile.admin = isAdmin;
+ console.log(`passport.activeDirectory: ${profile.username} admin=${isAdmin}`);
const user = {
username: profile.username,
@@ -70,6 +87,7 @@ const configure = (passport) => {
passport.deserializeUser(function (user, done) {
done(null, user);
});
+ passport.type = "ActiveDirectory";
return passport;
};
diff --git a/src/service/passport/ldaphelper.js b/src/service/passport/ldaphelper.js
index 886b2c4a4..00ba01f00 100644
--- a/src/service/passport/ldaphelper.js
+++ b/src/service/passport/ldaphelper.js
@@ -1,18 +1,42 @@
-const axios = require('axios');
const thirdpartyApiConfig = require('../../config').getAPIs();
-const client = axios.create({
- responseType: 'json',
- headers: {
- 'content-type': 'application/json',
- },
-});
+const axios = require('axios');
+
+const isUserInAdGroup = (req, profile, ad, domain, name) => {
+ // determine, via config, if we're using HTTP or AD directly
+ if (thirdpartyApiConfig?.ls?.userInADGroup) {
+ return isUserInAdGroupViaHttp(profile.username, domain, name);
+ } else {
+ return isUserInAdGroupViaAD(req, profile, ad, domain, name);
+ }
+};
-const isUserInAdGroup = (id, domain, name) => {
+const isUserInAdGroupViaAD = (req, profile, ad, domain, name) => {
+ return new Promise((resolve, reject) => {
+ ad.isUserMemberOf(profile.username, name, function (err, isMember) {
+ if (err) {
+ const msg = 'ERROR isUserMemberOf: ' + JSON.stringify(err);
+ reject(msg);
+ } else {
+ console.log(profile.username + ' isMemberOf ' + name + ': ' + isMember);
+ resolve(isMember);
+ }
+ });
+ });
+};
+
+const isUserInAdGroupViaHttp = (id, domain, name) => {
const url = String(thirdpartyApiConfig.ls.userInADGroup)
.replace('', domain)
.replace('', name)
.replace('', id);
+ const client = axios.create({
+ responseType: 'json',
+ headers: {
+ 'content-type': 'application/json',
+ },
+ });
+
console.log(`checking if user is in group ${url}`);
return client
.get(url)
diff --git a/website/docs/configuration/reference.mdx b/website/docs/configuration/reference.mdx
index 3b8402305..8a5fae462 100644
--- a/website/docs/configuration/reference.mdx
+++ b/website/docs/configuration/reference.mdx
@@ -71,6 +71,81 @@ description: JSON schema reference documentation for GitProxy
**Description:** Third party APIs
+
+
+ 4.1. [Optional] Property GitProxy configuration file > api > ls
+
+
+
+| | |
+| ------------------------- | ---------------- |
+| **Type** | `object` |
+| **Required** | No |
+| **Additional properties** | Any type allowed |
+
+**Description:** Configuration used in conjunction with ActiveDirectory auth, which relates to a REST API used to check user group membership, as opposed to direct querying via LDAP.
If this configuration is set direct querying of group membership via LDAP will be disabled.
+
+
+
+ 4.1.1. [Optional] Property GitProxy configuration file > api > ls > userInADGroup
+
+
+
+| | |
+| ------------ | -------- |
+| **Type** | `string` |
+| **Required** | No |
+
+**Description:** URL template for a GET request that confirms a user's membership of a specific group. Should respond with a non-empty 200 status if the user is a member of the group, an empty response or non-200 status indicates that the user is not a group member. If set, this URL will be queried and direct queries via LDAP will be disabled. The template should contain the following string placeholders, which will be replaced to produce the final URL:- "<domain>": AD domain,
- "<name>": The group name to check membership of.
- "<id>": The username to check group membership for.
+
+**Example:**
+
+```json
+"https://somedomain.com/some/path/checkUserGroups?domain=&name=&id="
+```
+
+
+
+
+
+
+
+
+
+ 4.2. [Optional] Property GitProxy configuration file > api > github
+
+
+
+| | |
+| ------------------------- | ---------------- |
+| **Type** | `object` |
+| **Required** | No |
+| **Additional properties** | Any type allowed |
+
+
+
+ 4.2.1. [Optional] Property GitProxy configuration file > api > github > baseUrl
+
+
+
+| | |
+| ------------ | -------- |
+| **Type** | `string` |
+| **Required** | No |
+| **Format** | `uri` |
+
+**Example:**
+
+```json
+"https://api.github.com"
+```
+
+
+
+
+
+
+
@@ -482,22 +557,216 @@ description: JSON schema reference documentation for GitProxy
**Description:** List of authentication sources. The first source in the configuration with enabled=true will be used.
-| Each item of this array must be | Description |
-| --------------------------------------- | ----------- |
-| [authentication](#authentication_items) | - |
+| Each item of this array must be | Description |
+| --------------------------------------- | ------------------------------------------ |
+| [authentication](#authentication_items) | Configuration for an authentication source |
### 16.1. GitProxy configuration file > authentication > authentication
| | |
| ------------------------- | ---------------------------- |
-| **Type** | `object` |
+| **Type** | `combining` |
| **Required** | No |
| **Additional properties** | Any type allowed |
| **Defined in** | #/definitions/authentication |
+**Description:** Configuration for an authentication source
+
+
+
+| One of(Option) |
+| -------------------------------------------------------------- |
+| [Local Auth Config](#authentication_items_oneOf_i0) |
+| [Active Directory Auth Config](#authentication_items_oneOf_i1) |
+| [Open ID Connect Auth Config](#authentication_items_oneOf_i2) |
+| [JWT Auth Config](#authentication_items_oneOf_i3) |
+
+
+
+#### 16.1.1. Property `GitProxy configuration file > authentication > authentication items > oneOf > Local Auth Config`
+
+**Title:** Local Auth Config
+
+| | |
+| ------------------------- | ---------------- |
+| **Type** | `object` |
+| **Required** | No |
+| **Additional properties** | Any type allowed |
+
+**Description:** Configuration for the use of the local database as the authentication source.
+
+
+
+ 16.1.1.1. [Required] Property GitProxy configuration file > authentication > authentication items > oneOf > Local Auth Config > type
+
+
+
+| | |
+| ------------ | ------- |
+| **Type** | `const` |
+| **Required** | Yes |
+
+Specific value: `"local"`
+
+
+
+
+
+
+ 16.1.1.2. [Required] Property GitProxy configuration file > authentication > authentication items > oneOf > Local Auth Config > enabled
+
+
+
+| | |
+| ------------ | --------- |
+| **Type** | `boolean` |
+| **Required** | Yes |
+
+
+
+
+
+
+
+#### 16.1.2. Property `GitProxy configuration file > authentication > authentication items > oneOf > Active Directory Auth Config`
+
+**Title:** Active Directory Auth Config
+
+| | |
+| ------------------------- | ---------------- |
+| **Type** | `object` |
+| **Required** | No |
+| **Additional properties** | Any type allowed |
+
+**Description:** Configuration for Active Directory authentication.
+
+
+
+ 16.1.2.1. [Required] Property GitProxy configuration file > authentication > authentication items > oneOf > Active Directory Auth Config > type
+
+
+
+| | |
+| ------------ | ------- |
+| **Type** | `const` |
+| **Required** | Yes |
+
+Specific value: `"ActiveDirectory"`
+
+
+
+
+
+
+ 16.1.2.2. [Required] Property GitProxy configuration file > authentication > authentication items > oneOf > Active Directory Auth Config > enabled
+
+
+
+| | |
+| ------------ | --------- |
+| **Type** | `boolean` |
+| **Required** | Yes |
+
+
+
+
+
+
+ 16.1.2.3. [Required] Property GitProxy configuration file > authentication > authentication items > oneOf > Active Directory Auth Config > adminGroup
+
+
+
+| | |
+| ------------ | -------- |
+| **Type** | `string` |
+| **Required** | Yes |
+
+**Description:** Group that indicates that a user is an admin
+
+
+
+
+
+
+ 16.1.2.4. [Required] Property GitProxy configuration file > authentication > authentication items > oneOf > Active Directory Auth Config > userGroup
+
+
+
+| | |
+| ------------ | -------- |
+| **Type** | `string` |
+| **Required** | Yes |
+
+**Description:** Group that indicates that a user should be able to login to the Git Proxy UI and can work as a reviewer
+
+
+
+
+
+
+ 16.1.2.5. [Required] Property GitProxy configuration file > authentication > authentication items > oneOf > Active Directory Auth Config > domain
+
+
+
+| | |
+| ------------ | -------- |
+| **Type** | `string` |
+| **Required** | Yes |
+
+**Description:** Active Directory domain
+
+
+
+
+
+
+ 16.1.2.6. [Optional] Property GitProxy configuration file > authentication > authentication items > oneOf > Active Directory Auth Config > adConfig
+
+
+
+| | |
+| ------------------------- | ---------------- |
+| **Type** | `object` |
+| **Required** | No |
+| **Additional properties** | Any type allowed |
+
+**Description:** Additional Active Directory configuration supporting LDAP connection which can be used to confirm group membership. For the full set of available options see the activedirectory 2 NPM module docs at https://www.npmjs.com/package/activedirectory2#activedirectoryoptions
Please note that if the Third Party APIs config `api.ls.userInADGroup` is set then the REST API it represents is used in preference to direct querying of group memebership via LDAP.
+
+
+
+ 16.1.2.6.1. [Required] Property GitProxy configuration file > authentication > authentication items > oneOf > Active Directory Auth Config > adConfig > url
+
+
+
+| | |
+| ------------ | -------- |
+| **Type** | `string` |
+| **Required** | Yes |
+
+**Description:** Active Directory server to connect to, e.g. `ldap://ad.example.com`.
+
+
+
+
+
+
+ 16.1.2.6.2. [Required] Property GitProxy configuration file > authentication > authentication items > oneOf > Active Directory Auth Config > adConfig > baseDN
+
+
+
+| | |
+| ------------ | -------- |
+| **Type** | `string` |
+| **Required** | Yes |
+
+**Description:** The root DN from which all searches will be performed, e.g. `dc=example,dc=com`.
+
+
+
+
- 16.1.1. [Required] Property GitProxy configuration file > authentication > authentication items > type
+ 16.1.2.6.3. [Required] Property GitProxy configuration file > authentication > authentication items > oneOf > Active Directory Auth Config > adConfig > username
@@ -506,12 +775,64 @@ description: JSON schema reference documentation for GitProxy
| **Type** | `string` |
| **Required** | Yes |
+**Description:** An account name capable of performing the operations desired.
+
- 16.1.2. [Required] Property GitProxy configuration file > authentication > authentication items > enabled
+ 16.1.2.6.4. [Required] Property GitProxy configuration file > authentication > authentication items > oneOf > Active Directory Auth Config > adConfig > password
+
+
+
+| | |
+| ------------ | -------- |
+| **Type** | `string` |
+| **Required** | Yes |
+
+**Description:** Password for the given `username`.
+
+
+
+
+
+
+
+
+
+
+#### 16.1.3. Property `GitProxy configuration file > authentication > authentication items > oneOf > Open ID Connect Auth Config`
+
+**Title:** Open ID Connect Auth Config
+
+| | |
+| ------------------------- | ---------------- |
+| **Type** | `object` |
+| **Required** | No |
+| **Additional properties** | Any type allowed |
+
+**Description:** Configuration for Open ID Connect authentication.
+
+
+
+ 16.1.3.1. [Required] Property GitProxy configuration file > authentication > authentication items > oneOf > Open ID Connect Auth Config > type
+
+
+
+| | |
+| ------------ | ------- |
+| **Type** | `const` |
+| **Required** | Yes |
+
+Specific value: `"openidconnect"`
+
+
+
+
+
+
+ 16.1.3.2. [Required] Property GitProxy configuration file > authentication > authentication items > oneOf > Open ID Connect Auth Config > enabled
@@ -525,19 +846,185 @@ description: JSON schema reference documentation for GitProxy
- 16.1.3. [Optional] Property GitProxy configuration file > authentication > authentication items > options
+ 16.1.3.3. [Required] Property GitProxy configuration file > authentication > authentication items > oneOf > Open ID Connect Auth Config > oidcConfig
+
+
+
+| | |
+| ------------------------- | ---------------- |
+| **Type** | `object` |
+| **Required** | Yes |
+| **Additional properties** | Any type allowed |
+
+**Description:** Additional OIDC configuration.
+
+
+
+ 16.1.3.3.1. [Required] Property GitProxy configuration file > authentication > authentication items > oneOf > Open ID Connect Auth Config > oidcConfig > issuer
+
+
+
+| | |
+| ------------ | -------- |
+| **Type** | `string` |
+| **Required** | Yes |
+
+
+
+
+
+
+ 16.1.3.3.2. [Required] Property GitProxy configuration file > authentication > authentication items > oneOf > Open ID Connect Auth Config > oidcConfig > clientID
+
+
+
+| | |
+| ------------ | -------- |
+| **Type** | `string` |
+| **Required** | Yes |
+
+
+
+
+
+
+ 16.1.3.3.3. [Required] Property GitProxy configuration file > authentication > authentication items > oneOf > Open ID Connect Auth Config > oidcConfig > clientSecret
+
+
+
+| | |
+| ------------ | -------- |
+| **Type** | `string` |
+| **Required** | Yes |
+
+
+
+
+
+
+ 16.1.3.3.4. [Required] Property GitProxy configuration file > authentication > authentication items > oneOf > Open ID Connect Auth Config > oidcConfig > callbackURL
+
+
+
+| | |
+| ------------ | -------- |
+| **Type** | `string` |
+| **Required** | Yes |
+
+
+
+
+
+
+ 16.1.3.3.5. [Required] Property GitProxy configuration file > authentication > authentication items > oneOf > Open ID Connect Auth Config > oidcConfig > scope
+| | |
+| ------------ | -------- |
+| **Type** | `string` |
+| **Required** | Yes |
+
+
+
+
+
+
+
+
+
+
+#### 16.1.4. Property `GitProxy configuration file > authentication > authentication items > oneOf > JWT Auth Config`
+
+**Title:** JWT Auth Config
+
| | |
| ------------------------- | ---------------- |
| **Type** | `object` |
| **Required** | No |
| **Additional properties** | Any type allowed |
+**Description:** Configuration for JWT authentication.
+
+
+
+ 16.1.4.1. [Required] Property GitProxy configuration file > authentication > authentication items > oneOf > JWT Auth Config > type
+
+
+
+| | |
+| ------------ | ------- |
+| **Type** | `const` |
+| **Required** | Yes |
+
+Specific value: `"jwt"`
+
+
+
+ 16.1.4.2. [Required] Property GitProxy configuration file > authentication > authentication items > oneOf > JWT Auth Config > enabled
+
+
+
+| | |
+| ------------ | --------- |
+| **Type** | `boolean` |
+| **Required** | Yes |
+
+
+
+
+
+
+ 16.1.4.3. [Required] Property GitProxy configuration file > authentication > authentication items > oneOf > JWT Auth Config > jwtConfig
+
+
+
+| | |
+| ------------------------- | ---------------- |
+| **Type** | `object` |
+| **Required** | Yes |
+| **Additional properties** | Any type allowed |
+
+**Description:** Additional JWT configuration.
+
+
+
+ 16.1.4.3.1. [Required] Property GitProxy configuration file > authentication > authentication items > oneOf > JWT Auth Config > jwtConfig > clientID
+
+
+
+| | |
+| ------------ | -------- |
+| **Type** | `string` |
+| **Required** | Yes |
+
+
+
+
+
+
+ 16.1.4.3.2. [Required] Property GitProxy configuration file > authentication > authentication items > oneOf > JWT Auth Config > jwtConfig > authorityURL
+
+
+
+| | |
+| ------------ | -------- |
+| **Type** | `string` |
+| **Required** | Yes |
+
+
+
+
+
+
+
+
+
+
+
@@ -591,7 +1078,38 @@ description: JSON schema reference documentation for GitProxy
- 18. [Optional] Property GitProxy configuration file > tls
+ 18. [Optional] Property GitProxy configuration file > apiAuthentication
+
+
+
+| | |
+| ------------ | ------- |
+| **Type** | `array` |
+| **Required** | No |
+
+**Description:** List of authentication sources for API endpoints. May be empty, in which case all endpoints are public.
+
+| Each item of this array must be | Description |
+| ------------------------------------------ | ------------------------------------------ |
+| [authentication](#apiAuthentication_items) | Configuration for an authentication source |
+
+### 18.1. GitProxy configuration file > apiAuthentication > authentication
+
+| | |
+| ------------------------- | --------------------------------------------- |
+| **Type** | `combining` |
+| **Required** | No |
+| **Additional properties** | Any type allowed |
+| **Same definition as** | [authentication_items](#authentication_items) |
+
+**Description:** Configuration for an authentication source
+
+
+
+
+
+
+ 19. [Optional] Property GitProxy configuration file > tls
@@ -605,7 +1123,7 @@ description: JSON schema reference documentation for GitProxy
- 18.1. [Required] Property GitProxy configuration file > tls > enabled
+ 19.1. [Required] Property GitProxy configuration file > tls > enabled
@@ -619,7 +1137,7 @@ description: JSON schema reference documentation for GitProxy
- 18.2. [Required] Property GitProxy configuration file > tls > key
+ 19.2. [Required] Property GitProxy configuration file > tls > key
@@ -633,7 +1151,7 @@ description: JSON schema reference documentation for GitProxy
- 18.3. [Required] Property GitProxy configuration file > tls > cert
+ 19.3. [Required] Property GitProxy configuration file > tls > cert
@@ -650,21 +1168,36 @@ description: JSON schema reference documentation for GitProxy
- 19. [Optional] Property GitProxy configuration file > configurationSources
+ 20. [Optional] Property GitProxy configuration file > configurationSources
+
+
+
+| | |
+| ------------------------- | ---------------- |
+| **Type** | `object` |
+| **Required** | No |
+| **Additional properties** | Any type allowed |
+
+
+
+
+
+
+ 21. [Optional] Property GitProxy configuration file > uiRouteAuth
-| | |
-| ------------------------- | ------------------------------------------------------- |
-| **Type** | `object` |
-| **Required** | No |
-| **Additional properties** | [[Not allowed]](# "Additional Properties not allowed.") |
+| | |
+| ------------------------- | ---------------- |
+| **Type** | `object` |
+| **Required** | No |
+| **Additional properties** | Any type allowed |
-**Description:** Configuration for dynamic loading from external sources
+**Description:** UI routes that require authentication (logged in or admin)
- 19.1. [Optional] Property configurationSources > enabled
+ 21.1. [Optional] Property GitProxy configuration file > uiRouteAuth > enabled
@@ -673,30 +1206,50 @@ description: JSON schema reference documentation for GitProxy
| **Type** | `boolean` |
| **Required** | No |
-**Description:** Enable/disable dynamic configuration loading
-
- 19.2. [Optional] Property configurationSources > reloadIntervalSeconds
+ 21.2. [Optional] Property GitProxy configuration file > uiRouteAuth > rules
+
+
+
+| | |
+| ------------ | ------- |
+| **Type** | `array` |
+| **Required** | No |
+
+| Each item of this array must be | Description |
+| ----------------------------------------- | ----------- |
+| [routeAuthRule](#uiRouteAuth_rules_items) | - |
+
+#### 21.2.1. GitProxy configuration file > uiRouteAuth > rules > routeAuthRule
+
+| | |
+| ------------------------- | --------------------------- |
+| **Type** | `object` |
+| **Required** | No |
+| **Additional properties** | Any type allowed |
+| **Defined in** | #/definitions/routeAuthRule |
+
+
+
+ 21.2.1.1. [Optional] Property GitProxy configuration file > uiRouteAuth > rules > rules items > pattern
| | |
| ------------ | -------- |
-| **Type** | `number` |
+| **Type** | `string` |
| **Required** | No |
-**Description:** How often to check for configuration updates (in seconds)
-
- 19.3. [Optional] Property configurationSources > merge
+ 21.2.1.2. [Optional] Property GitProxy configuration file > uiRouteAuth > rules > rules items > adminOnly
@@ -705,41 +1258,19 @@ description: JSON schema reference documentation for GitProxy
| **Type** | `boolean` |
| **Required** | No |
-**Description:** When true, merges configurations from all enabled sources. When false, uses the last successful configuration load
-
- 19.4. [Optional] Property configurationSources > sources
+ 21.2.1.3. [Optional] Property GitProxy configuration file > uiRouteAuth > rules > rules items > loginRequired
-| | |
-| ------------ | ------- |
-| **Type** | `array` |
-| **Required** | No |
-
-**Description:** Array of configuration sources to load from
-
-Each item in the array must be an object with the following properties:
-
-- `type`: (Required) Type of configuration source (`"file"`, `"http"`, or `"git"`)
-- `enabled`: (Required) Whether this source is enabled
-- `path`: (Required for `file` type) Path to the configuration file
-- `url`: (Required for `http` type) URL of the configuration endpoint
-- `repository`: (Required for `git` type) Git repository URL
-- `branch`: (Optional for `git` type) Branch to use
-- `path`: (Required for `git` type) Path to configuration file in repository
-- `headers`: (Optional for `http` type) HTTP headers to include
-- `auth`: (Optional) Authentication configuration
- - For `http` type:
- - `type`: `"bearer"`
- - `token`: Bearer token value
- - For `git` type:
- - `type`: `"ssh"`
- - `privateKeyPath`: Path to SSH private key
+| | |
+| ------------ | --------- |
+| **Type** | `boolean` |
+| **Required** | No |
@@ -747,6 +1278,8 @@ Each item in the array must be an object with the following properties:
----
+
+
-Generated using [json-schema-for-humans](https://github.com/coveooss/json-schema-for-humans) on 2025-05-01 at 18:17:32 +0100
+----------------------------------------------------------------------------------------------------------------------------
+Generated using [json-schema-for-humans](https://github.com/coveooss/json-schema-for-humans) on 2025-06-04 at 23:10:45 +0100