feat: add ALLOWED_SPOTIFY_IDS login allowlist#211
Merged
Conversation
Mirrors the existing ADMIN_SPOTIFY_IDS pattern: when set, the OAuth verify callback rejects users whose Spotify ID isn't on the list and no user row is created. Unset/empty preserves the current open-login behavior so this is a no-op for prod until the env var is added. Primary use case is locking down staging without involving Caddy basic_auth or a separate identity provider.
Inline comment in the verify callback to make it obvious that locking down staging via .env doesn't affect prod, since each Compose stack loads its own .env file.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Mirrors the existing
ADMIN_SPOTIFY_IDSpattern with a parallelALLOWED_SPOTIFY_IDSenv var that gates OAuth login itself. When set, the verify callback rejects unknown Spotify IDs (no user row created, redirect to the login page). When unset or empty, login stays open to anyone with a Spotify account — so this is a no-op for prod until the env var is added.Primary use case: lock down staging without standing up Caddy basic_auth or an external identity provider.
Testing
isLoginAllowedcovering unset, empty, whitespace-only, hit, miss, and dirty-formatting casespassportStrategytests verifying that rejected logins calldone(null, false)without invokingfindOrCreateUser, and that allowlisted IDs still flow through normallypnpm --filter spune-server test --runpasses all 27 files / 92 testspnpm server:lintand the server type check are clean