Added SSO config to bookstack.sh

2024-09-06 16:25:13 +00:00 · 2024-09-06 16:25:13 +00:00 · f6b7291921
commit f6b7291921
parent 3e8244a4da
1 changed files with 70 additions and 0 deletions
--- a/lib/bookstack.sh
+++ b/lib/bookstack.sh
@ -190,6 +190,76 @@ uninstall_bookstack() {
  # Delete the app directory
  rm -rf /federated/apps/bookstack

+  # Delete the image
+  docker image rm lscr.io/linuxserver/bookstack:$IMAGE_VERSION &> /dev/null
+
+  # Delete the DNS record
+  docker exec pdns pdnsutil delete-rrset $DOMAIN bookstack A
+
+  # Uninstall the SSO configuration if it exists in authelia (authelia must exist too)
+  if [[ $(grep "### Bookstack" /federated/apps/authelia/data/config/idproviders.yml 2>/dev/null) ]]; then
+    sed -i '/### Bookstack/,/### /{/### PowerDNS/!{/### /!d}}' /federated/apps/authelia/data/config/idproviders.yml
+    sed -i '/### Bookstack/d' /federated/apps/authelia/data/config/idproviders.yml
+    /federated/bin/stop authelia
+    /federated/bin/start authelia
+  fi
+
  kill -9 $SPINPID &> /dev/null
  echo -ne "done.\n"
 }
+configsso_bookstack() {
+  [ ! -d "/federated/apps/authelia" ] && failcheck "Authelia is not installed. You need this first before continuing."
+  [ ! -f "/federated/apps/authelia/data/config/idproviders.yml" ] && failcheck "Authelia idproviders.yml is missing."
+  [[ $(grep "### Bookstack" /federated/apps/authelia/data/config/idproviders.yml 2>/dev/null) ]] && failcheck "Authelia already has a Bookstack configuration."
+
+  BOOKSTACK_CLIENT_SECRET=$(create_password);
+  BOOKSTACK_CLIENT_SECRET_HASH=$(docker run -it --rm authelia/authelia:latest authelia crypto hash generate pbkdf2 --password $BOOKSTACK_CLIENT_SECRET | awk '{ print $2 }')
+
+cat >> /federated/apps/authelia/data/config/idproviders.yml <<EOF
+     ### Bookstack
+      - client_id: 'bookstack'
+        client_name: 'Bookstack'
+        client_secret: $BOOKSTACK_CLIENT_SECRET_HASH
+        consent_mode: 'implicit'
+        public: false
+        authorization_policy: 'one_factor'
+        redirect_uris:
+          - 'https://bookstack.$DOMAIN/oidc/callback'
+        scopes:
+          - 'openid'
+          - 'profile'
+          - 'email'
+        userinfo_signed_response_alg: 'none'
+EOF
+
+  # Restart Authelia for changes to take the above configuration
+  /federated/bin/stop authelia
+  /federated/bin/start authelia
+
+cat >> /federated/apps/bookstack/.env <<EOF
+AUTH_METHOD=oidc
+AUTH_AUTO_INITIATE=false
+OIDC_NAME=Authelia
+OIDC_DISPLAY_NAME_CLAIMS=name
+OIDC_CLIENT_ID=bookstack
+OIDC_CLIENT_SECRET=$BOOKSTACK_CLIENT_SECRET
+OIDC_ISSUER=https://authelia.$DOMAIN
+OIDC_ISSUER_DISCOVER=true
+OIDC_EXTERNAL_ID_CLAIM=email
+OIDC_END_SESSION_ENDPOINT=https://authelia.$DOMAIN/logout
+#APP_DEBUG=true
+#OIDC_DUMP_USER_DETAILS=true
+EOF
+
+  # Add in extra hosts config
+  [[ ! $(grep extra_hosts /federated/apps/bookstack/docker-compose.yml 2>/dev/null) ]] && sed -i "/172.99.0.36/a  \    extra_hosts:\n\      - \"authelia.$DOMAIN:$EXTERNALIP\"" /federated/apps/bookstack/docker-compose.yml
+
+  # Setup external_auth_id for each user in bookstack users table
+  BOOKSTACK_SECRET=$(cat /federated/apps/bookstack/.env | grep "DB_PASS" | awk -F= '{ print $2 }')
+  for i in $(docker exec pdnsmysql mysql -ubookstack -p${BOOKSTACK_SECRET} bookstack -sN -e "select email from users;"); do
+    docker exec pdnsmysql mysql -ubookstack -p${BOOKSTACK_SECRET} bookstack -e "update users set external_auth_id = '$i' where email = '$i'";
+  done
+
+  /federated/bin/stop bookstack
+  /federated/bin/start bookstack
+}