initial commit

server/utils/authConfig.js

@@ -0,0 +1,17 @@
+/**
+ * Read auth config from env. Returns only non-secret data for client.
+ * Auth always allows local (password) sign-in and OIDC when configured.
+ * @returns {{ oidc: { enabled: boolean, label: string } }} Public auth config (oidc.enabled, oidc.label).
+ */
+export function getAuthConfig() {
+  const hasOidcEnv
+    = process.env.OIDC_ISSUER && process.env.OIDC_CLIENT_ID && process.env.OIDC_CLIENT_SECRET
+  const envLabel = process.env.OIDC_LABEL ?? ''
+  const label = envLabel || (hasOidcEnv ? 'Sign in with OIDC' : '')
+  return {
+    oidc: {
+      enabled: !!hasOidcEnv,
+      label,
+    },
+  }
+}