feat: 🎸 Use ini file to configure MFA

2025-08-10 10:22:29 +08:00 · 2025-03-25 22:30:14 +01:00 · 2025-03-25 22:30:14 +01:00 · 94cd54f17e
commit 94cd54f17e
parent 8d7339b50a
2 changed files with 62 additions and 9 deletions
--- a/config-sample.ini
+++ b/config-sample.ini
@ -46,4 +46,30 @@ cookieMaxAge=1814400
 [Sync]
 #syncServerHost=
 #syncServerTimeout=
-#syncServerProxy=
+#syncServerProxy=
+
+[MultiFactorAuthentication]
+# Set to true to enable TOTP authentication
+# This will require users to enter a one-time password in addition to their password to log in to Trilium
+# This is a security feature that adds an extra layer of protection to your account
+totpEnabled=false
+
+# Set the secret key for TOTP authentication
+# This is a security feature that adds an extra layer of protection to your account
+totpSecret=
+
+# Set to true to enable OAuth/OpenID authentication
+# This will allow users to log in to Trilium using an account from another service, like Google, to verify their identity
+ssoEnabled=false
+
+# Set the base URL for OAuth/OpenID authentication
+# This is the URL of the service that will be used to verify the user's identity
+oauthBaseUrl=
+
+# Set the client ID for OAuth/OpenID authentication
+# This is the ID of the client that will be used to verify the user's identity
+oauthClientId=
+
+# Set the client secret for OAuth/OpenID authentication
+# This is the secret of the client that will be used to verify the user's identity
+oauthClientSecret=
--- a/src/services/config.ts
+++ b/src/services/config.ts
@ -41,6 +41,14 @@ export interface TriliumConfig {
        syncServerTimeout: string;
        syncProxy: string;
    };
+    MultiFactorAuthentication: {
+        totpEnabled: boolean;
+        totpSecret: string;
+        ssoEnabled: boolean;
+        oauthBaseUrl: string;
+        oauthClientId: string;
+        oauthClientSecret: string;
+    };
 }

 //prettier-ignore
@ -50,13 +58,13 @@ const config: TriliumConfig = {
        instanceName:
            process.env.TRILIUM_GENERAL_INSTANCENAME || iniConfig.General.instanceName || "",

-        noAuthentication: 
+        noAuthentication:
            envToBoolean(process.env.TRILIUM_GENERAL_NOAUTHENTICATION) || iniConfig.General.noAuthentication || false,

-        noBackup: 
+        noBackup:
            envToBoolean(process.env.TRILIUM_GENERAL_NOBACKUP) || iniConfig.General.noBackup || false,

-        noDesktopIcon: 
+        noDesktopIcon:
            envToBoolean(process.env.TRILIUM_GENERAL_NODESKTOPICON) || iniConfig.General.noDesktopIcon || false
    },

@ -67,14 +75,14 @@ const config: TriliumConfig = {
        port:
            process.env.TRILIUM_NETWORK_PORT || iniConfig.Network.port || "3000",

-        https: 
+        https:
            envToBoolean(process.env.TRILIUM_NETWORK_HTTPS) || iniConfig.Network.https || false,

-        certPath: 
+        certPath:
            process.env.TRILIUM_NETWORK_CERTPATH || iniConfig.Network.certPath || "",

-        keyPath: 
-            process.env.TRILIUM_NETWORK_KEYPATH  || iniConfig.Network.keyPath || "",
+        keyPath:
+            process.env.TRILIUM_NETWORK_KEYPATH || iniConfig.Network.keyPath || "",

        trustedReverseProxy:
            process.env.TRILIUM_NETWORK_TRUSTEDREVERSEPROXY || iniConfig.Network.trustedReverseProxy || false
@ -98,8 +106,27 @@ const config: TriliumConfig = {
        syncProxy:
            // additionally checking in iniConfig for inconsistently named syncProxy for backwards compatibility
            process.env.TRILIUM_SYNC_SERVER_PROXY || iniConfig?.Sync?.syncProxy || iniConfig?.Sync?.syncServerProxy || ""
-    }
+    },

+    MultiFactorAuthentication: {
+        totpEnabled:
+            envToBoolean(process.env.TRILIUM_TOTPENABLED) || iniConfig?.MultiFactorAuthentication?.totpEnabled || false,
+
+        totpSecret:
+            process.env.TRILIUM_TOTPSECRET || iniConfig?.MultiFactorAuthentication?.totpSecret || "",
+
+        ssoEnabled:
+            envToBoolean(process.env.TRILIUM_SSO_ENABLED) || iniConfig?.MultiFactorAuthentication?.ssoEnabled || false,
+
+        oauthBaseUrl:
+            process.env.TRILIUM_OAUTH_BASEURL || iniConfig?.MultiFactorAuthentication?.oauthBaseUrl || "",
+
+        oauthClientId:
+            process.env.TRILIUM_OAUTH_CLIENTID || iniConfig?.MultiFactorAuthentication?.oauthClientId || "",
+
+        oauthClientSecret:
+            process.env.TRILIUM_OAUTH_CLIENTSECRET || iniConfig?.MultiFactorAuthentication?.oauthClientSecret || ""
+    }
 };

 export default config;