feat(SSO): JWTやSAMLでのSingle Sign-Onの実装 (MisskeyIO#519)

packages/backend/src/models/RepositoryModule.ts

@@ -58,6 +58,7 @@ import {
 	MiRole,
 	MiRoleAssignment,
 	MiSignin,
+	MiSingleSignOnServiceProvider,
 	MiSwSubscription,
 	MiUsedUsername,
 	MiUser,
@@ -325,6 +326,12 @@ const $signinsRepository: Provider = {
 	inject: [DI.db],
 };
 
+const $singleSignOnServiceProviderRepository: Provider = {
+	provide: DI.singleSignOnServiceProviderRepository,
+	useFactory: (db: DataSource) => db.getRepository(MiSingleSignOnServiceProvider),
+	inject: [DI.db],
+};
+
 const $pagesRepository: Provider = {
 	provide: DI.pagesRepository,
 	useFactory: (db: DataSource) => db.getRepository(MiPage),
@@ -538,6 +545,7 @@ const $abuseReportResolversRepository: Provider = {
 		$authSessionsRepository,
 		$accessTokensRepository,
 		$signinsRepository,
+		$singleSignOnServiceProviderRepository,
 		$pagesRepository,
 		$pageLikesRepository,
 		$galleryPostsRepository,
@@ -609,6 +617,7 @@ const $abuseReportResolversRepository: Provider = {
 		$authSessionsRepository,
 		$accessTokensRepository,
 		$signinsRepository,
+		$singleSignOnServiceProviderRepository,
 		$pagesRepository,
 		$pageLikesRepository,
 		$galleryPostsRepository,

packages/backend/src/models/SingleSignOnServiceProvider.ts

@@ -0,0 +1,76 @@
+/*
+ * SPDX-FileCopyrightText: syuilo and misskey-project
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+
+import { PrimaryColumn, Entity, Column, Index } from 'typeorm';
+
+@Entity('sso_service_provider')
+export class MiSingleSignOnServiceProvider {
+	@PrimaryColumn('varchar', {
+		length: 36,
+	})
+	public id: string;
+
+	@Index()
+	@Column('timestamp with time zone', {
+		default: () => 'CURRENT_TIMESTAMP',
+	})
+	public createdAt: Date;
+
+	@Column('varchar', {
+		length: 256, nullable: true,
+	})
+	public name: string | null;
+
+	@Column('enum', {
+		enum: ['saml', 'jwt'],
+		nullable: false,
+	})
+	public type: 'saml' | 'jwt';
+
+	@Column('varchar', {
+		length: 512,
+	})
+	public issuer: string;
+
+	@Column('varchar', {
+		array: true, length: 512, default: '{}',
+	})
+	public audience: string[];
+
+	@Column('varchar', {
+		length: 512,
+	})
+	public acsUrl: string;
+
+	@Column('varchar', {
+		length: 4096,
+	})
+	public publicKey: string;
+
+	@Column('varchar', {
+		length: 4096, nullable: true,
+	})
+	public privateKey: string | null;
+
+	@Column('varchar', {
+		length: 100,
+	})
+	public signatureAlgorithm: string;
+
+	@Column('varchar', {
+		length: 100, nullable: true,
+	})
+	public cipherAlgorithm: string | null;
+
+	@Column('boolean', {
+		default: false,
+	})
+	public wantAuthnRequestsSigned: boolean;
+
+	@Column('boolean', {
+		default: true,
+	})
+	public wantAssertionsSigned: boolean;
+}

packages/backend/src/models/_.ts

@@ -49,6 +49,7 @@ import { MiRegistrationTicket } from '@/models/RegistrationTicket.js';
 import { MiRegistryItem } from '@/models/RegistryItem.js';
 import { MiRelay } from '@/models/Relay.js';
 import { MiSignin } from '@/models/Signin.js';
+import { MiSingleSignOnServiceProvider } from '@/models/SingleSignOnServiceProvider.js';
 import { MiSwSubscription } from '@/models/SwSubscription.js';
 import { MiUsedUsername } from '@/models/UsedUsername.js';
 import { MiUser } from '@/models/User.js';
@@ -121,6 +122,7 @@ export {
 	MiRegistryItem,
 	MiRelay,
 	MiSignin,
+	MiSingleSignOnServiceProvider,
 	MiSwSubscription,
 	MiUsedUsername,
 	MiUser,
@@ -192,6 +194,7 @@ export type RegistrationTicketsRepository = Repository<MiRegistrationTicket>;
 export type RegistryItemsRepository = Repository<MiRegistryItem>;
 export type RelaysRepository = Repository<MiRelay>;
 export type SigninsRepository = Repository<MiSignin>;
+export type SingleSignOnServiceProviderRepository = Repository<MiSingleSignOnServiceProvider>;
 export type SwSubscriptionsRepository = Repository<MiSwSubscription>;
 export type UsedUsernamesRepository = Repository<MiUsedUsername>;
 export type UsersRepository = Repository<MiUser>;