From 01093b022fe82e3ea0c3e5d9d7bd0687695fa2cc Mon Sep 17 00:00:00 2001
From: iFargle <albert@sysctl.io>
Date: Fri, 17 Feb 2023 13:30:35 +0900
Subject: [PATCH] Things are gonna break

---
 Dockerfile         |  5 +++++
 docker-compose.yml |  3 ++-
 server.py          | 12 +++++++++++-
 3 files changed, 18 insertions(+), 2 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index ffa14d9..a065f00 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -37,6 +37,11 @@ ENV AUTH_TYPE="basic"
 ENV BASIC_AUTH_USER="user"
 ENV BASIC_AUTH_PASS="pass"
 
+# OIDC variables
+ENV OIDC_DISCOVERY_URL=http://localhost
+ENV OIDC_CLIENT_ID=Headscale WebUI
+ENV OIDC_CLIENT_SECRET=
+
 # Jenkins build args
 ARG GIT_COMMIT_ARG=""
 ARG GIT_BRANCH_ARG=""
diff --git a/docker-compose.yml b/docker-compose.yml
index dcd2207..5a32c4f 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -12,9 +12,10 @@ services:
       - BASIC_AUTH_USER=user                   # Used for basic auth - Can be omitted if not using Basic Auth  
       - BASIC_AUTH_PASS=pass                   # Used for basic auth - Can be omitted if not using Basic Auth
       # ENV for OIDC (Used only if AUTH_TYPE is "OIDC")
-      - OIDC_URL=https://auth.$DOMAIN
+      - OIDC_DISCOVERY_URL=https://auth.$DOMAIN # Check docs for your OIDC provider for the "Well Known" discovery URL
       - OIDC_CLIENT_ID=Headscale WebUI
       - OIDC_CLIENT_SECRET=YourOIDCClientSecret
+      # OIDC Redirect URI:  $DOMAIN/$BASE_PATH/auth
     volumes:
       - ./volume:/data                         # Headscale-WebUI's storage.  Make sure ./volume is readable by UID 1000 (chown 1000:1000 ./volume)
       - ./headscale/config/:/etc/headscale/:ro # Headscale's config storage location.  Used to read your Headscale config.
\ No newline at end of file
diff --git a/server.py b/server.py
index 3816a12..6fe027a 100644
--- a/server.py
+++ b/server.py
@@ -16,6 +16,17 @@ HS_VERSION  = "v0.20.0"
 DEBUG_STATE = False
 AUTH_TYPE   = os.environ["AUTH_TYPE"].replace('"', '')
 
+# OIDC Variables:  https://github.com/verdan/flaskoidc
+FLASK_OIDC_PROVIDER_NAME = "OIDC"                           # Default:  'google'
+FLASK_OIDC_SCOPES                                           # Default:  'openid email profile'
+FLASK_OIDC_USER_ID_FIELD                                    # Default:  'email'
+FLASK_OIDC_CLIENT_ID = os.environ["OIDC_CLIENT_ID"]         # Default:  ''
+FLASK_OIDC_CLIENT_SECRET = os.environ["OIDC_CLIENT_SECRET"] # Default:  ''
+FLASK_OIDC_FORCE_SCHEME                                     # Default:  'http'
+FLASK_OIDC_REDIRECT_URI                                     # Default:  '/auth'
+FLASK_OIDC_CONFIG_URL                                       # Default:  ''
+FLASK_OIDC_OVERWRITE_REDIRECT_URI = BASE_PATH               # Default:  '/'
+
 static_url_path = '/static'
 if BASE_PATH != '': static_url_path = BASE_PATH + static_url_path
 
@@ -47,7 +58,6 @@ elif AUTH_TYPE.lower() == "basic":
 
     basic_auth = BasicAuth(app)
 
-
 else:
     app = Flask(__name__, static_url_path=static_url_path)