NotNet's one stop shop for authentication and account onboarding
Go to file
Julian 234518a62e
use discord avatar as fallback
2023-04-25 21:23:55 -04:00
.vscode first commit didnt happen 2023-04-24 22:40:19 -04:00
prisma refactor database to split ticket/user/oauth 2023-04-25 19:28:07 -04:00
public Add more colors (thanks cyn\!) 2023-04-25 13:26:28 -04:00
src use discord avatar as fallback 2023-04-25 21:23:55 -04:00
.eslintrc.json first commit didnt happen 2023-04-24 22:40:19 -04:00
.gitignore add graphql codegen + fix some things 2023-04-25 14:33:16 -04:00
.prettierrc first commit didnt happen 2023-04-24 22:40:19 -04:00
.vsls.json Descriptive commit message 2023-04-24 22:13:35 -07:00
LICENSE first commit didnt happen 2023-04-24 22:40:19 -04:00
README.md create user account on ldap 2023-04-25 16:18:35 -04:00
codegen.ts add graphql codegen + fix some things 2023-04-25 14:33:16 -04:00
environment.d.ts create user account on ldap 2023-04-25 16:18:35 -04:00
get-token.js add graphql codegen + fix some things 2023-04-25 14:33:16 -04:00
next.config.js first commit didnt happen 2023-04-24 22:40:19 -04:00
package-lock.json create user account on ldap 2023-04-25 16:18:35 -04:00
package.json create user account on ldap 2023-04-25 16:18:35 -04:00
tsconfig.json first commit didnt happen 2023-04-24 22:40:19 -04:00

README.md

gluestick

gluestick

gluestick is NotNet's one stop shop for authentication and account onboarding. It connects Discord and GitHub OAuth to NotNet's LDAP server (LLDAP), manages email inboxes with Migadu, and configures Tailscale ACLs.

gluestick is developed in house by NotNite and skip, written in Next.js.

Deploying

Note: gluestick is heavily designed for NotNet specific infrastructure, and as such, may require modification for your use.

You will need:

  • A recent enough Node.js version
  • An LLDAP server
    • Ports are assumed to not have been changed from the defaults
  • A Discord application for authentication
    • Set the redirect URL to (your domain)/oauth/discord/redirect

Cloning & config

First, clone the repository:

git clone https://git.n2.pm/NotNet/gluestick.git
cd gluestick

After cloning, create an .env.local with the following contents (in key=value form, separated by newlines):

  • DISCORD_CLIENT_ID: the client ID from your Discord application
  • DISCORD_CLIENT_SECRET: the client secret from your Discord application
  • DISCORD_ALLOWED_GUILDS: a comma separated list of guild IDs
    • Users must be in one of these guilds to register with gluestick
    • Enable "Advanced > Developer Mode" in your Discord client to copy IDs
  • LDAP_HOST: the IP address or hostname of your LLDAP server
  • LDAP_DC: your LDAP dc
  • LDAP_BIND_USER: the bind user of your LLDAP server
  • LDAP_BIND_PASSWORD: the password of the bind user
  • BASE_DOMAIN: the domain gluestick is deployed on, with a protocol and trailing slash
    • This domain will be used for OAuth redirects - if you are testing locally, set it to http://localhost:3000/

Example config:

DISCORD_CLIENT_ID=1100257729844621324
DISCORD_CLIENT_SECRET=redacted
DISCORD_ALLOWED_GUILDS=986268106416611368,805978396974514206

LDAP_HOST=auth
LDAP_DC=dc=n2,dc=pm
LDAP_BIND_USER=admin
LDAP_BIND_PASSWORD=redacted

BASE_DOMAIN=https://gluestick.n2.pm/

Generating code

gluestick makes use of code generation from both prisma and graphql-codegen. Before you can deploy it, you need to run their CLI tools.

First, install required dependencies:

npm i

Because the LLDAP GraphQL API is locked behind authentication, and of a quirk with graphl-codegen configuration files, we need to set a temporary environment variable to generate GraphQL code.

Run the get-token.js helper script and set the environment variable from its output:

node get-token.js
export GRAPHQL_CODEDGEN_AUTH=...

Then, generate the GraphQL and database code:

npm run graphql-codegen
npm run prisma-generate

Running

Now, build and run the server:

npm run build
npm run start

Developing

You'll want to run these two commands at the same time:

npm run dev # Next.js hot reload
npm run graphql-codegen -- -w # GraphQL hot reload