Add OIDC authentication support

Pipfile

@@ -9,15 +9,18 @@ flake8 = "*"
 rope = "*"
 isort = "*"
 
-[packages]
-whoosh = "==2.7.4"
-fastapi = "==0.118.3"
-uvicorn = {extras = ["standard"], version = "==0.37.0"}
-aiofiles = "==25.1.0"
-python-jose = {extras = ["cryptography"], version = "==3.5.0"}
-pyotp = "==2.9.0"
-qrcode = "==8.2"
-python-multipart = "==0.0.20"
+[packages]
+whoosh = "==2.7.4"
+fastapi = "==0.118.3"
+uvicorn = {extras = ["standard"], version = "==0.37.0"}
+aiofiles = "==25.1.0"
+python-jose = {extras = ["cryptography"], version = "==3.5.0"}
+pyotp = "==2.9.0"
+qrcode = "==8.2"
+python-multipart = "==0.0.20"
+authlib = "==1.6.7"
+httpx = "==0.28.1"
+itsdangerous = "==2.2.0"
 
 [requires]
 python_version = "3.11"

README.md

@@ -1,123 +1,163 @@
-<p align="center">
-  <img src="docs/logo.svg" width="300px"></img>
-</p>
-<p align="center">
-  <img alt="Docker Pulls" src="https://img.shields.io/docker/pulls/dullage/flatnotes?style=for-the-badge">
-</p>
-
-A self-hosted, database-less note-taking web app that utilises a flat folder of markdown files for storage.
-
-Log into the [demo site](https://demo.flatnotes.io) and take a look around. *Note: This site resets every 15 minutes.*
-
-## Contents
-
-* [Design Principle](#design-principle)
-* [Features](#features)
-* [Getting Started](#getting-started)
-  * [Hosted](#hosted)
-  * [Self Hosted](#self-hosted)
-* [Roadmap](#roadmap)
-* [Contributing](#contributing)
-* [Sponsorship](#sponsorship)
-* [Thanks](#thanks)
-
-## Design Principle
-
-flatnotes is designed to be a distraction-free note-taking app that puts your note content first. This means:
-
-* A clean and simple user interface.
-* No folders, notebooks or anything like that. Just all of your notes, backed by powerful search and tagging functionality.
-* Quick access to a full-text search from anywhere in the app (keyboard shortcut "/").
-
-Another key design principle is not to take your notes hostage. Your notes are just markdown files. There's no database, proprietary formatting, complicated folder structures or anything like that. You're free at any point to just move the files elsewhere and use another app.
-
-Equally, the only thing flatnotes caches is the search index and that's incrementally synced on every search (and when flatnotes first starts). This means that you're free to add, edit & delete the markdown files outside of flatnotes even whilst flatnotes is running.
-
-## Features
-
-* Mobile responsive web interface.
-* Raw/WYSIWYG markdown editor modes.
-* Advanced search functionality.
-* Note "tagging" functionality.
-* Customisable home page.
-* Wikilink support to easily link to other notes (`[[My Other Note]]`).
-* Light/dark themes.
-* Multiple authentication options (none, read-only, username/password, 2FA).
-* Restful API.
-
-See [the wiki](https://github.com/dullage/flatnotes/wiki) for more details.
-
-## Getting Started
-
-### Hosted
-
-A quick and easy way to get started with flatnotes is to host it on PikaPods. Just click the button below and follow the instructions.
-
-[![PikaPods](https://www.pikapods.com/static/run-button-34.svg)](https://www.pikapods.com/pods?run=flatnotes)
-
-
-### Self Hosted
-
-If you'd prefer to host flatnotes yourself then the recommendation is to use Docker.
-
-### Example Docker Run Command
-
-```shell
-docker run -d \
-  -e "PUID=1000" \
-  -e "PGID=1000" \
-  -e "FLATNOTES_AUTH_TYPE=password" \
-  -e "FLATNOTES_USERNAME=user" \
-  -e 'FLATNOTES_PASSWORD=changeMe!' \
-  -e "FLATNOTES_SECRET_KEY=aLongRandomSeriesOfCharacters" \
-  -v "$(pwd)/data:/data" \
-  -p "8080:8080" \
-  dullage/flatnotes:latest
-```
-
-### Example Docker Compose
-```yaml
-version: "3"
-
-services:
-  flatnotes:
-    container_name: flatnotes
-    image: dullage/flatnotes:latest
-    environment:
-      PUID: 1000
-      PGID: 1000
-      FLATNOTES_AUTH_TYPE: "password"
-      FLATNOTES_USERNAME: "user"
-      FLATNOTES_PASSWORD: "changeMe!"
-      FLATNOTES_SECRET_KEY: "aLongRandomSeriesOfCharacters"
-    volumes:
-      - "./data:/data"
-      # Optional. Allows you to save the search index in a different location: 
-      # - "./index:/data/.flatnotes"
-    ports:
-      - "8080:8080"
-    restart: unless-stopped
-```
-
-See the [Environment Variables](https://github.com/dullage/flatnotes/wiki/Environment-Variables) article in the wiki for a full list of configuration options.
-
-## Roadmap
-
-I want to keep flatnotes as simple and distraction-free as possible which means limiting new features. This said, I welcome feedback and suggestions.
-
-## Contributing
-
-If you're interested in contributing to flatnotes, then please read the [CONTRIBUTING.md](CONTRIBUTING.md) file.
-
-## Sponsorship
-
-If you find this project useful, please consider buying me a beer. It would genuinely make my day.
-
-[![Sponsor](https://img.shields.io/static/v1?label=Sponsor&message=%E2%9D%A4&logo=GitHub&color=%23fe8e86)](https://github.com/sponsors/Dullage)
-
-## Thanks
-
-A special thanks to 2 fantastic open-source projects that make flatnotes possible.
-
-* [Whoosh](https://whoosh.readthedocs.io/en/latest/intro.html) - A fast, pure Python search engine library.
-* [TOAST UI Editor](https://ui.toast.com/tui-editor) - A GFM Markdown and WYSIWYG editor for the browser.
+<p align="center">
+  <img src="docs/logo.svg" width="300px"></img>
+</p>
+<p align="center">
+  <img alt="Docker Pulls" src="https://img.shields.io/docker/pulls/dullage/flatnotes?style=for-the-badge">
+</p>
+
+A self-hosted, database-less note-taking web app that utilises a flat folder of markdown files for storage.
+
+Log into the [demo site](https://demo.flatnotes.io) and take a look around. _Note: This site resets every 15 minutes._
+
+## Contents
+
+- [Contents](#contents)
+- [Design Principle](#design-principle)
+- [Features](#features)
+- [Getting Started](#getting-started)
+  - [Hosted](#hosted)
+  - [Self Hosted](#self-hosted)
+  - [Example Docker Run Command](#example-docker-run-command)
+  - [Example Docker Compose](#example-docker-compose)
+  - [Example Docker Compose with OIDC](#example-docker-compose-with-oidc)
+- [Roadmap](#roadmap)
+- [Contributing](#contributing)
+- [Sponsorship](#sponsorship)
+- [Thanks](#thanks)
+
+## Design Principle
+
+flatnotes is designed to be a distraction-free note-taking app that puts your note content first. This means:
+
+- A clean and simple user interface.
+- No folders, notebooks or anything like that. Just all of your notes, backed by powerful search and tagging functionality.
+- Quick access to a full-text search from anywhere in the app (keyboard shortcut "/").
+
+Another key design principle is not to take your notes hostage. Your notes are just markdown files. There's no database, proprietary formatting, complicated folder structures or anything like that. You're free at any point to just move the files elsewhere and use another app.
+
+Equally, the only thing flatnotes caches is the search index and that's incrementally synced on every search (and when flatnotes first starts). This means that you're free to add, edit & delete the markdown files outside of flatnotes even whilst flatnotes is running.
+
+## Features
+
+- Mobile responsive web interface.
+- Raw/WYSIWYG markdown editor modes.
+- Advanced search functionality.
+- Note "tagging" functionality.
+- Customisable home page.
+- Wikilink support to easily link to other notes (`[[My Other Note]]`).
+- Light/dark themes.
+- Multiple authentication options (none, read-only, username/password, 2FA).
+- Restful API.
+
+See [the wiki](https://github.com/dullage/flatnotes/wiki) for more details.
+
+## Getting Started
+
+### Hosted
+
+A quick and easy way to get started with flatnotes is to host it on PikaPods. Just click the button below and follow the instructions.
+
+[![PikaPods](https://www.pikapods.com/static/run-button-34.svg)](https://www.pikapods.com/pods?run=flatnotes)
+
+### Self Hosted
+
+If you'd prefer to host flatnotes yourself then the recommendation is to use Docker.
+
+### Example Docker Run Command
+
+```shell
+docker run -d \
+  -e "PUID=1000" \
+  -e "PGID=1000" \
+  -e "FLATNOTES_AUTH_TYPE=password" \
+  -e "FLATNOTES_USERNAME=user" \
+  -e 'FLATNOTES_PASSWORD=changeMe!' \
+  -e "FLATNOTES_SECRET_KEY=aLongRandomSeriesOfCharacters" \
+  -v "$(pwd)/data:/data" \
+  -p "8080:8080" \
+  dullage/flatnotes:latest
+```
+
+### Example Docker Compose
+
+```yaml
+version: "3"
+
+services:
+  flatnotes:
+    container_name: flatnotes
+    image: dullage/flatnotes:latest
+    environment:
+      PUID: 1000
+      PGID: 1000
+      FLATNOTES_AUTH_TYPE: "password"
+      FLATNOTES_USERNAME: "user"
+      FLATNOTES_PASSWORD: "changeMe!"
+      FLATNOTES_SECRET_KEY: "aLongRandomSeriesOfCharacters"
+    volumes:
+      - "./data:/data"
+      # Optional. Allows you to save the search index in a different location:
+      # - "./index:/data/.flatnotes"
+    ports:
+      - "8080:8080"
+    restart: unless-stopped
+```
+
+See the [Environment Variables](https://github.com/dullage/flatnotes/wiki/Environment-Variables) article in the wiki for a full list of configuration options.
+
+### Example Docker Compose with OIDC
+
+When configuring your OIDC provider, set the callback/redirect URL to:
+
+```
+https://your-flatnotes-domain.com/api/auth/oidc/callback
+```
+
+```yaml
+version: "3"
+
+services:
+  flatnotes:
+    container_name: flatnotes
+    image: dullage/flatnotes:latest
+    environment:
+      PUID: 1000
+      PGID: 1000
+      FLATNOTES_AUTH_TYPE: "oidc"
+      FLATNOTES_OIDC_PROVIDER_URL: "https://accounts.google.com"
+      FLATNOTES_OIDC_CLIENT_ID: "your-client-id.apps.googleusercontent.com"
+      FLATNOTES_OIDC_CLIENT_SECRET: "your-client-secret"
+      FLATNOTES_SECRET_KEY: "aLongRandomSeriesOfCharacters"
+      # Optional: restrict access to specific users
+      # FLATNOTES_OIDC_ALLOWED_USERS: "user1@gmail.com,user2@gmail.com"
+      # Optional: display name for the OIDC provider (default: "OIDC")
+      # FLATNOTES_OIDC_PROVIDER_NAME: "Google"
+      # Optional: automatically redirect to OIDC login (default: false)
+      # FLATNOTES_OIDC_AUTO_REDIRECT: "true"
+    volumes:
+      - "./data:/data"
+    ports:
+      - "8080:8080"
+    restart: unless-stopped
+```
+
+## Roadmap
+
+I want to keep flatnotes as simple and distraction-free as possible which means limiting new features. This said, I welcome feedback and suggestions.
+
+## Contributing
+
+If you're interested in contributing to flatnotes, then please read the [CONTRIBUTING.md](CONTRIBUTING.md) file.
+
+## Sponsorship
+
+If you find this project useful, please consider buying me a beer. It would genuinely make my day.
+
+[![Sponsor](https://img.shields.io/static/v1?label=Sponsor&message=%E2%9D%A4&logo=GitHub&color=%23fe8e86)](https://github.com/sponsors/Dullage)
+
+## Thanks
+
+A special thanks to 2 fantastic open-source projects that make flatnotes possible.
+
+- [Whoosh](https://whoosh.readthedocs.io/en/latest/intro.html) - A fast, pure Python search engine library.
+- [TOAST UI Editor](https://ui.toast.com/tui-editor) - A GFM Markdown and WYSIWYG editor for the browser.

client/api.js

@@ -1,11 +1,13 @@
 import * as constants from "./constants.js";
+import { authTypes } from "./constants.js";
 
 import { Note, SearchResult } from "./classes.js";
 
 import axios from "axios";
 import { getStoredToken } from "./tokenStorage.js";
 import { getToastOptions } from "./helpers.js";
 import router from "./router.js";
+import { useGlobalStore } from "./globalStore.js";
 
 const api = axios.create();
 
@@ -27,11 +29,19 @@ api.interceptors.request.use(
 
 export function apiErrorHandler(error, toast) {
   if (error.response?.status === 401) {
-    const redirectPath = router.currentRoute.value.fullPath;
-    router.push({
-      name: "login",
-      query: { [constants.params.redirect]: redirectPath },
-    });
+    const globalStore = useGlobalStore();
+    if (
+      globalStore.config.authType === authTypes.oidc &&
+      globalStore.config.oidcAutoRedirect
+    ) {
+      window.location.href = "api/auth/oidc/login";
+    } else {
+      const redirectPath = router.currentRoute.value.fullPath;
+      router.push({
+        name: "login",
+        query: { [constants.params.redirect]: redirectPath },
+      });
+    }
   } else {
     console.error(error);
     toast.add(

client/constants.js

@@ -17,4 +17,5 @@ export const authTypes = {
   readOnly: "read_only",
   password: "password",
   totp: "totp",
+  oidc: "oidc",
 };