-
Notifications
You must be signed in to change notification settings - Fork 81
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Feature addition: Multi-Factor Authentication #401
base: develop
Are you sure you want to change the base?
Conversation
This is super cool, thanks for doing this. Is it also possible to configure the I'll also review the additional routes for the OTP. |
@perfectra1n the environment variables can be set with environment variables (ie export TOTP_ENABLED="true"), -e with docker, and in a .env file in the root directory. Honestly I forgot to update documentation. Whoops! edit: I'm working on adding some pages now. |
Docs complete here. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for your great work! I didn't finish testing the functionality, but the setup steps need some changes I believe.
Since you are adding a new table, and it doesn't add it automatically. I got an error here:
I'm not sure whether I'm doing something wrong, if not, I think this PR also need to fix the database migration stuff.
I don't know exactly how the database version is handled in Trilium, but for syncing, the database version should be the same. So after we merge this PR, it won't compatible with the latest Trilium from Zadam. (Correct me if I'm wrong) It could be the first big step for TriliumNext, not sure how careful we should be hhh.
Some minor stuffs I find so far:
@JYC333 I'll take any feedback I can get!
I do have a way to create the table if it doesn't exist, however it looks like it's in the wrong place since you got that error. I'll add it to the startup sequence.
Do you mean the versioning change from BetterSqlite3? That was changed earlier with the dependency cleanup.
I will look into it, but honestly my UI/UX skills are nothing to write home about. |
No, I mean the database version for the syncing, I think the database version should be the same bewteen client and server. So the previous Trilium (like 0.63.7) won't be compatible. But I see sync version here also, so I'm not sure whether I'm right.
You can also leave this for later if you don't want spend too much time on this, I can help with this. |
I'm also not sure if it's just me, but running the branch on a brand new instance brings the following errors when navigating to the
Full output of the Docker run command: [root on DESKTOP-M0FBO5A] ~
» docker run -v /root/triliumtest:/home/node/trilium-data -p 8080:8080 gitea.example.com/perf3ct/testnotes:mfatest
No USER_UID specified, leaving 1000
No USER_GID specified, leaving 1000
(node:9) ExperimentalWarning: Importing JSON modules is an experimental feature and might change at any time
(Use `node --trace-warnings ...` to show where the warning was created)
Generated session secret
DB not initialized, please visit setup page - http://[your-server-host]:8080 to see instructions on how to initialize Trilium.
DB size: 4 KB
(node:9) [DEP0040] DeprecationWarning: The `punycode` module is deprecated. Please use a userland alternative instead.
{
"appVersion": "0.90.6-beta",
"dbVersion": 228,
"nodeVersion": "v22.8.0",
"syncVersion": 32,
"buildDate": "2024-09-07T18:36:34Z",
"buildRevision": "7c0d6930fa8f20d269dcfbcbc8f636a25f6bb9a7",
"dataDirectory": "/home/node/trilium-data",
"clipperProtocolVersion": "1.0",
"utcDateTime": "2024-09-13T18:23:05.503Z"
}
CPU model: AMD Ryzen 7 5800X 8-Core Processor, logical cores: 16, freq: 0 Mhz
Trusted reverse proxy: false
App HTTP server starting up at port 8080
Listening on port 8080
200 GET /api/health-check with 15 bytes took 3ms
ReferenceError: /usr/src/app/src/views/setup.ejs:6
4| <meta charset="utf-8">
5| <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1">
>> 6| <title><%= t("setup.title") %></title>
7|
8| <style>
9| .lds-ring {
t is not defined
at eval ("/usr/src/app/src/views/setup.ejs":12:7)
at setup (/usr/src/app/node_modules/ejs/lib/ejs.js:703:17)
at tryHandleCache (/usr/src/app/node_modules/ejs/lib/ejs.js:274:36)
at exports.renderFile [as engine] (/usr/src/app/node_modules/ejs/lib/ejs.js:491:10)
at View.render (/usr/src/app/node_modules/express/lib/view.js:135:8)
at tryRender (/usr/src/app/node_modules/express/lib/application.js:657:10)
at Function.render (/usr/src/app/node_modules/express/lib/application.js:609:3)
at ServerResponse.render (/usr/src/app/node_modules/express/lib/response.js:1048:7)
at setupPage (file:///usr/src/app/src/routes/setup.js:24:9)
at Function.cb (file:///usr/src/app/src/routes/routes.js:377:34) {
path: '/usr/src/app/src/views/setup.ejs'
}
200 GET /api/health-check with 15 bytes took 0ms
200 GET /api/health-check with 15 bytes took 1ms I checked out the |
Oh, looks like it might be a fatfinger somewhere with the |
Yeah I'm not sure why it can't find what |
@JYC333 I was able to reproduce this and fix it.
I'll have to look into that. I'm not familiar with the client version. @perfectra1n When I build docker it is successful, however the setup page doesn't render any text when I tried it again. Both |
@perfectra1n it looks like the
|
Hmm, I wonder why it's throwing an error then, @eliandoran do you have any idea why by chance? |
@perfectra1n I can confirm that |
@JYC333 I can't replicate your issue. When I build the docker image it runs, but when I navigate to |
Sorry I didn't follow here, is the issue here you for the database issue? And I didn't try to start with docker, I always run with |
There are still some bugs related to internationalization of the server that I'm trying to fix. If it occurs on 'develop' as well it can be ignored for this particular PR. |
@chesspro13 is this still good for testing? :) I wonder what commits I would have to cherry pick to get the Docker container to build, or how would be best to test it...what have you been doing thus far to test it on your branch? |
@perfectra1n I tried it in my dev environment as well as on a fresh VM today. The only issue I have is the one with i18next and text not showing up in the setup screen. What OS are you using? @JYC333 I got the conversations mixed up. That last message I tagged you in was probably supposed to tag @perfectra1n. Been busy with work related projects and school. |
auth0Logout: false, | ||
baseURL: process.env.BASE_URL, | ||
clientID: process.env.CLIENT_ID, | ||
issuerBaseURL: "https://accounts.google.com/.well-known/openid-configuration", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Make issuerBaseUrl
load process.env.OPENID_CONFIG_URL', and now you have support for more services for OpenID Connect. would also prefix all of the Openid Connect related variables with something like
OIDC_' or similar to prevent conflicts.
@@ -69,6 +69,7 @@ | |||
"dayjs": "^1.11.13", | |||
"dayjs-plugin-utc": "0.1.2", | |||
"debounce": "^2.1.0", | |||
"dotenv": "^16.4.5", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
chesspro13 Do we need dotenv now? we can use the inbuilt functionality of nodejs now https://nodejs.org/en/learn/command-line/how-to-read-environment-variables-from-nodejs
Hi, @chesspro13 . What's the status of this PR, do you have the time to work on it? |
quick comment on the env naming: I personally feel like the env vars should be prefixed with some sort of code, to make sure they are clearly belonging to TriliumNext - which will reduce the chance of accidentally resetting/overwriting these. E.g. instead of What do you think? |
quick other remark: since this project seems to use ini files for setting some config options, I would think it makes sense to continue using the existing solution here as well, instead of going to the .env file way. (Admittedly: yes, it also uses optional env variables, but these are e.g. used to "point" to the data-dir (via TRILIUM_DATA_DIR), where the ini file lies (or gets created, if not existing)) https://github.com/TriliumNext/Notes/blob/develop/config-sample.ini what do you think? |
Features added
Documentation
Testing Instructions
TOTP
OpenID
Currently only compatible with Google. Other services like Authentik and Auth0 are planned on being added.
In order to setup OpenID, you will need to setup a authentication provider. This requires a bit of extra setup. Follow these instructions to setup an OpenID service through google.
Set an environment variable "SSO_ENABLED" to true and add the client ID and secret you obtained from google. Environment variables can be set with a .env file in the root directory, by defining them in the command line, or with a docker container.
.env File
Environment variable (linux)
Docker
After you restart Trilium Notes, you will be redirected to Google's account selection page. Login to an account and Trilium Next will bind to that account, allowing you to login with it.
You can now login using your google account.