Function buildSecurityConfig

Returns {
    authentication_portals?: {
        cookie_config?: {
            domains?: Record<
                string,
                { insecure?: boolean; lifetime?: number; same_site?: string },
            >;
            insecure?: boolean;
            lifetime?: number;
            path?: string;
            same_site?: string;
        };
        identity_providers?: string[];
        identity_stores?: string[];
        name: string;
        ui?: { custom_css?: string; logo_url?: string; theme?: string };
        user_transformer_configs?: Record<string, unknown>[];
    }[];
    authorization_policies?: {
        access_list_rules?: {
            action?: "allow"
            | "deny";
            comment?: string;
            conditions?: string[];
        }[];
        bypass_configs?: { match_type: string; uri?: string }[];
        crypto_key_configs?: { source?: string; token_name?: string }[];
        name: string;
    }[];
    credentials?: { generic?: Record<string, unknown> };
    identity_providers?: {
        kind: "oauth";
        name: string;
        params:
            | objectOutputType<
                {
                    authorization_url: ZodOptional<ZodString>;
                    client_id: ZodOptional<ZodString>;
                    client_secret: ZodOptional<ZodString>;
                    driver: ZodOptional<ZodString>;
                    realm: ZodOptional<ZodString>;
                    scopes: ZodOptional<ZodArray<ZodString, "many">>;
                    token_url: ZodOptional<ZodString>;
                },
                ZodTypeAny,
                "passthrough",
            >
            | objectOutputType<
                {
                    client_id: ZodOptional<ZodString>;
                    client_secret: ZodOptional<ZodString>;
                    driver: ZodOptional<ZodString>;
                    metadata_url: ZodOptional<ZodString>;
                    realm: ZodOptional<ZodString>;
                    scopes: ZodOptional<ZodArray<ZodString, "many">>;
                },
                ZodTypeAny,
                "passthrough",
            >;
    }[];
    identity_stores?: (
        | {
            kind: "local";
            name: string;
            params: { path: string; realm?: string };
        }
        | {
            kind: "ldap";
            name: string;
            params: {
                bind_password?: string;
                bind_username?: string;
                groups?: { dn: string; roles?: (...)
                | (...) }[];
                realm?: string;
                search_base_dn?: string;
                search_user_filter?: string;
                servers?: { address: string; port?: (...) | (...) }[];
            } & { [k: string]: unknown };
        }
    )[];
}

Validated security configuration

import {
  buildSecurityConfig,
  buildLocalIdentityStore,
  buildAuthenticationPortal,
  buildAuthorizationPolicy,
} from "@.../caddy-api-client/plugins/caddy-security";

const config = buildSecurityConfig({
  identityStores: [
    buildLocalIdentityStore({ path: "/etc/caddy/users.json" }),
  ],
  portals: [
    buildAuthenticationPortal({
      name: "myportal",
      identityStores: ["local"],
    }),
  ],
  policies: [
    buildAuthorizationPolicy({
      name: "mypolicy",
      accessLists: [{ claim: "roles", values: ["user"] }],
    }),
  ],
});
Copy