Implement register and login with Telegram

Add the concept of authentication methods that authenticate an account where using the telegram login widget is one such method. If a login is done with an authentication method that's not associated with any account the session ends up with the data from the authentication method in order to allow registering a new account with the authentication method. This has to be stored on the session as otherwise it wouldn't be possible to implement authentication methods such as OAuth2 that takes the user to a third-party site and then redirects the browser back.
2025-07-09 15:21:39 +02:00 · 2025-07-09 15:21:39 +02:00 · aaa2faffb1
commit aaa2faffb1
parent 2d6bcebc5a
14 changed files with 357 additions and 8 deletions
--- a/docs/admin/authentication.md
+++ b/docs/admin/authentication.md
@ -0,0 +1,15 @@
+<!--
+	SPDX-FileCopyrightText: © 2025 Hornwitser <code@hornwitser.no>
+	SPDX-License-Identifier: AGPL-3.0-or-later
+-->
+# Authentication
+
+It's possible to configure authentication using a third party Authentication Provider (referred to as AP). Currently only Telegram is supported as an AP.
+
+## Telegram
+
+In order to use Telegram as an AP you need to be hosting Owltide under a domain name over https, using http will not work.
+
+You will also need a bot which can be created by messaging [@BotFather](https://t.me/BotFather), with the domain of the bot set using the `/setdomain` command to the domain Owltide is hosted under.
+
+Once you have the pre-requisites you need to configure `NUXT_TELEGRAM_BOT_TOKEN_FILE` to a path to a file containing the token of the bot with no spaces or new-lines.  `NUXT_PUBLIC_TELEGRAM_BOT_USERNAME` to the username of the bot.  And finally `NUXT_AUTH_TELEGRAM_ENABLED` to `true` to enable authentication via Telegram.
--- a/docs/admin/config.md
+++ b/docs/admin/config.md
@ -19,3 +19,21 @@ Time in seconds before a session need to be rotated over into a new session. Whe
 Time in seconds before a session is deleted from the client and server, resulting in the user having to authenticate again if the session wasn't rotated over into a new session before this timeout.

 This should be several times greater that `NUXT_SESSION_ROTATES_TIMEOUT`.
+
+### NUXT_TELEGRAM_BOT_TOKEN_FILE
+
+Path to a file containing the token for the Telegram bot used for authenticating users via Telegram.
+
+Does nothing if `NUXT_AUTH_TELEGRAM_ENABLED` is not enabled.
+
+### NUXT_PUBLIC_TELEGRAM_BOT_USERNAME
+
+Username of the Telegram bot used for authenticating users via Telegram.
+
+Does nothing if `NUXT_AUTH_TELEGRAM_ENABLED` is not enabled.
+
+### NUXT_AUTH_TELEGRAM_ENABLED
+
+Boolean indicating if authentication via Telegram is enabled or not. Requires `NUXT_PUBLIC_TELEGRAM_BOT_USERNAME` and `NUXT_TELEGRAM_BOT_TOKEN_FILE` to be set in order to work.
+
+Defaults to `false`.