45 lines
1.1 KiB
Python
45 lines
1.1 KiB
Python
"""
|
|
Authentication configuration.
|
|
|
|
Generic config that works with any provider vein.
|
|
"""
|
|
|
|
from typing import Optional
|
|
|
|
from pydantic import BaseModel
|
|
|
|
|
|
class AuthConfig(BaseModel):
|
|
"""Authentication configuration for a room."""
|
|
|
|
enabled: bool = False
|
|
provider: str = "google" # Vein name to use for auth
|
|
allowed_domains: list[str] = [] # Empty = allow any domain
|
|
allowed_emails: list[str] = [] # Specific emails to allow
|
|
session_secret: str = "" # Required if enabled, can be "ENV:VAR_NAME"
|
|
session_timeout_hours: int = 24
|
|
login_redirect: str = "/"
|
|
public_routes: list[str] = [
|
|
"/health",
|
|
"/auth/login",
|
|
"/auth/callback",
|
|
"/auth/logout",
|
|
]
|
|
|
|
|
|
def load_auth_config(config: dict) -> Optional[AuthConfig]:
|
|
"""
|
|
Load auth config from room config.json.
|
|
|
|
Returns None if auth is not enabled.
|
|
"""
|
|
auth_data = config.get("auth")
|
|
if not auth_data:
|
|
return None
|
|
|
|
auth_config = AuthConfig(**auth_data)
|
|
if not auth_config.enabled:
|
|
return None
|
|
|
|
return auth_config
|