From 96ef0ef749bd31fdbd56241956d4161ebc9b8b77 Mon Sep 17 00:00:00 2001
From: Danilo Martinelli <danilomartinelli429@gmail.com>
Date: Sun, 29 Sep 2024 13:51:41 -0300
Subject: [PATCH] feat: :passport_control: integrate Authentik authentication
 with Coolify

- Configured Authentik as the OAuth provider in Coolify.
---
 app/Livewire/SettingsOauth.php                |  1 +
 app/Providers/EventServiceProvider.php        |  1 +
 bootstrap/helpers/socialite.php               | 11 ++++
 composer.json                                 |  1 +
 composer.lock                                 | 50 +++++++++++++++++++
 config/services.php                           |  7 +++
 ...5_add_base_url_to_oauth_settings_table.php | 32 ++++++++++++
 database/seeders/OauthSettingSeeder.php       |  4 ++
 lang/en.json                                  |  1 +
 .../views/livewire/settings-oauth.blade.php   |  4 ++
 10 files changed, 112 insertions(+)
 create mode 100644 database/migrations/2024_09_29_163625_add_base_url_to_oauth_settings_table.php

diff --git a/app/Livewire/SettingsOauth.php b/app/Livewire/SettingsOauth.php
index c3884589f6..472d35ba0e 100644
--- a/app/Livewire/SettingsOauth.php
+++ b/app/Livewire/SettingsOauth.php
@@ -17,6 +17,7 @@ protected function rules()
             $carry["oauth_settings_map.$setting->provider.client_secret"] = 'nullable';
             $carry["oauth_settings_map.$setting->provider.redirect_uri"] = 'nullable';
             $carry["oauth_settings_map.$setting->provider.tenant"] = 'nullable';
+            $carry["oauth_settings_map.$setting->provider.base_url"] = 'nullable';
 
             return $carry;
         }, []);
diff --git a/app/Providers/EventServiceProvider.php b/app/Providers/EventServiceProvider.php
index 7ba72e10d4..2147495fa6 100644
--- a/app/Providers/EventServiceProvider.php
+++ b/app/Providers/EventServiceProvider.php
@@ -21,6 +21,7 @@ class EventServiceProvider extends ServiceProvider
         ],
         \SocialiteProviders\Manager\SocialiteWasCalled::class => [
             \SocialiteProviders\Azure\AzureExtendSocialite::class.'@handle',
+            \SocialiteProviders\Authentik\AuthentikExtendSocialite::class.'@handle',
         ],
         ProxyStarted::class => [
             ProxyStartedNotification::class,
diff --git a/bootstrap/helpers/socialite.php b/bootstrap/helpers/socialite.php
index a23dc24d3e..2922f5a000 100644
--- a/bootstrap/helpers/socialite.php
+++ b/bootstrap/helpers/socialite.php
@@ -18,6 +18,17 @@ function get_socialite_provider(string $provider)
         return Socialite::driver('azure')->setConfig($azure_config);
     }
 
+    if ($provider == 'authentik') {
+        $authentik_config = new \SocialiteProviders\Manager\Config(
+            $oauth_setting->client_id,
+            $oauth_setting->client_secret,
+            $oauth_setting->redirect_uri,
+            ['base_url' => $oauth_setting->base_url],
+        );
+
+        return Socialite::driver('authentik')->setConfig($authentik_config);
+    }
+
     $config = [
         'client_id' => $oauth_setting->client_id,
         'client_secret' => $oauth_setting->client_secret,
diff --git a/composer.json b/composer.json
index fbd77d0cf9..8763d1b07c 100644
--- a/composer.json
+++ b/composer.json
@@ -35,6 +35,7 @@
         "pusher/pusher-php-server": "^7.2",
         "resend/resend-laravel": "^0.13.0",
         "sentry/sentry-laravel": "^4.6",
+        "socialiteproviders/authentik": "^5.2",
         "socialiteproviders/microsoft-azure": "^5.1",
         "spatie/laravel-activitylog": "^4.7.3",
         "spatie/laravel-data": "^3.4.3",
diff --git a/composer.lock b/composer.lock
index 0b8da82d0a..04c4741ba4 100644
--- a/composer.lock
+++ b/composer.lock
@@ -7586,6 +7586,56 @@
             ],
             "time": "2024-09-19T12:58:53+00:00"
         },
+        {
+            "name": "socialiteproviders/authentik",
+            "version": "5.2.0",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/SocialiteProviders/Authentik.git",
+                "reference": "4cf129cf04728a38e0531c54454464b162f0fa66"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/SocialiteProviders/Authentik/zipball/4cf129cf04728a38e0531c54454464b162f0fa66",
+                "reference": "4cf129cf04728a38e0531c54454464b162f0fa66",
+                "shasum": ""
+            },
+            "require": {
+                "ext-json": "*",
+                "php": "^8.0",
+                "socialiteproviders/manager": "^4.4"
+            },
+            "type": "library",
+            "autoload": {
+                "psr-4": {
+                    "SocialiteProviders\\Authentik\\": ""
+                }
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "authors": [
+                {
+                    "name": "rf152",
+                    "email": "git@rf152.co.uk"
+                }
+            ],
+            "description": "Authentik OAuth2 Provider for Laravel Socialite",
+            "keywords": [
+                "authentik",
+                "laravel",
+                "oauth",
+                "provider",
+                "socialite"
+            ],
+            "support": {
+                "docs": "https://socialiteproviders.com/authentik",
+                "issues": "https://github.com/socialiteproviders/providers/issues",
+                "source": "https://github.com/socialiteproviders/providers"
+            },
+            "time": "2023-11-07T22:21:16+00:00"
+        },
         {
             "name": "socialiteproviders/manager",
             "version": "v4.6.0",
diff --git a/config/services.php b/config/services.php
index 9fd55870f2..46fd12ec33 100644
--- a/config/services.php
+++ b/config/services.php
@@ -38,4 +38,11 @@
         'tenant' => env('AZURE_TENANT_ID'),
         'proxy' => env('AZURE_PROXY'),
     ],
+
+    'authentik' => [
+        'base_url' => env('AUTHENTIK_BASE_URL'),
+        'client_id' => env('AUTHENTIK_CLIENT_ID'),
+        'client_secret' => env('AUTHENTIK_CLIENT_SECRET'),
+        'redirect' => env('AUTHENTIK_REDIRECT_URI'),
+    ],
 ];
diff --git a/database/migrations/2024_09_29_163625_add_base_url_to_oauth_settings_table.php b/database/migrations/2024_09_29_163625_add_base_url_to_oauth_settings_table.php
new file mode 100644
index 0000000000..8df9b48a21
--- /dev/null
+++ b/database/migrations/2024_09_29_163625_add_base_url_to_oauth_settings_table.php
@@ -0,0 +1,32 @@
+<?php
+
+use Illuminate\Database\Migrations\Migration;
+use Illuminate\Database\Schema\Blueprint;
+use Illuminate\Support\Facades\Schema;
+
+return new class extends Migration
+{
+    /**
+     * Run the migrations.
+     */
+    public function up(): void
+    {
+        Schema::table('oauth_settings', function (Blueprint $table) {
+            Schema::table('oauth_settings', function (Blueprint $table) {
+                $table->string('base_url')->nullable();
+            });
+        });
+    }
+
+    /**
+     * Reverse the migrations.
+     */
+    public function down(): void
+    {
+        Schema::table('oauth_settings', function (Blueprint $table) {
+            Schema::table('oauth_settings', function (Blueprint $table) {
+                $table->dropColumn('base_url');
+            });
+        });
+    }
+};
diff --git a/database/seeders/OauthSettingSeeder.php b/database/seeders/OauthSettingSeeder.php
index 16abf9e04b..d0365c5424 100644
--- a/database/seeders/OauthSettingSeeder.php
+++ b/database/seeders/OauthSettingSeeder.php
@@ -32,5 +32,9 @@ public function run(): void
             'id' => 4,
             'provider' => 'google',
         ]);
+        OauthSetting::firstOrCreate([
+            'id' => 5,
+            'provider' => 'authentik',
+        ]);
     }
 }
diff --git a/lang/en.json b/lang/en.json
index fa69c7035a..383bbda025 100644
--- a/lang/en.json
+++ b/lang/en.json
@@ -1,5 +1,6 @@
 {
     "auth.login": "Login",
+    "auth.login.authentik": "Login with Authentik",
     "auth.login.azure": "Login with Microsoft",
     "auth.login.bitbucket": "Login with Bitbucket",
     "auth.login.github": "Login with GitHub",
diff --git a/resources/views/livewire/settings-oauth.blade.php b/resources/views/livewire/settings-oauth.blade.php
index 9a94d3c2b1..2362ad8804 100644
--- a/resources/views/livewire/settings-oauth.blade.php
+++ b/resources/views/livewire/settings-oauth.blade.php
@@ -32,6 +32,10 @@
                             <x-forms.input id="oauth_settings_map.{{ $oauth_setting->provider }}.tenant"
                                 label="Tenant" />
                         @endif
+                        @if ($oauth_setting->provider == 'authentik')
+                            <x-forms.input id="oauth_settings_map.{{ $oauth_setting->provider }}.base_url"
+                                label="Base URL" />
+                        @endif
                     </div>
                 </div>
             @endforeach