feat: add gui settings field for sso users (#1310)

pujitm · elibosley · web-flow · commit 5ba3fa67a268 · 2025-04-03T09:50:12.000-04:00
&lt;!-- This is an auto-generated comment: release notes by coderabbit.ai
--&gt;
## Summary by CodeRabbit

- **New Features**
- Bulk SSO account management is now supported, allowing users to update
multiple SSO account IDs at once.
- Connect settings now include SSO account identifiers for streamlined
configuration.
- Expanded array management functionality introduces advanced operations
for managing disk arrays.
- New fields for SSO user IDs have been added to various settings and
queries.

- **Style &amp; Documentation**
- Improved formatting and support for rich HTML in form descriptions
enhance clarity and presentation.
&lt;!-- end of auto-generated comment: release notes by coderabbit.ai --&gt;

---------

Co-authored-by: Eli Bosley &lt;ekbosley@gmail.com&gt;
diff --git a/api/src/graphql/generated/api/operations.ts b/api/src/graphql/generated/api/operations.ts
@@ -160,7 +160,8 @@ export function ApiSettingsInputSchema(): z.ZodObject<Properties<ApiSettingsInpu
     extraOrigins: z.array(z.string()).nullish(),
     forwardType: WAN_FORWARD_TYPESchema.nullish(),
     port: z.number().nullish(),
-    sandbox: z.boolean().nullish()
+    sandbox: z.boolean().nullish(),
+    ssoUserIds: z.array(z.string()).nullish()
   })
 }
 
@@ -362,7 +363,8 @@ export function ConnectSettingsValuesSchema(): z.ZodObject<Properties<ConnectSet
     extraOrigins: z.array(z.string()),
     forwardType: WAN_FORWARD_TYPESchema.nullish(),
     port: z.number().nullish(),
-    sandbox: z.boolean()
+    sandbox: z.boolean(),
+    ssoUserIds: z.array(z.string())
   })
 }
 
diff --git a/api/src/graphql/generated/api/types.ts b/api/src/graphql/generated/api/types.ts
@@ -107,6 +107,8 @@ export type ApiSettingsInput = {
    * If false, the GraphQL sandbox will be disabled and only the production API will be available.
    */
   sandbox?: InputMaybe<Scalars['Boolean']['input']>;
+  /** A list of Unique Unraid Account ID's. */
+  ssoUserIds?: InputMaybe<Array<Scalars['String']['input']>>;
 };
 
 export type ArrayType = Node & {
@@ -408,6 +410,8 @@ export type ConnectSettingsValues = {
    * If false, the GraphQL sandbox is disabled and only the production API will be available.
    */
   sandbox: Scalars['Boolean']['output'];
+  /** A list of Unique Unraid Account ID's. */
+  ssoUserIds: Array<Scalars['String']['output']>;
 };
 
 export type ConnectSignInInput = {
@@ -2373,6 +2377,7 @@ export type ConnectSettingsValuesResolvers<ContextType = Context, ParentType ext
   forwardType?: Resolver<Maybe<ResolversTypes['WAN_FORWARD_TYPE']>, ParentType, ContextType>;
   port?: Resolver<Maybe<ResolversTypes['Port']>, ParentType, ContextType>;
   sandbox?: Resolver<ResolversTypes['Boolean'], ParentType, ContextType>;
+  ssoUserIds?: Resolver<Array<ResolversTypes['String']>, ParentType, ContextType>;
   __isTypeOf?: IsTypeOfResolverFn<ParentType, ContextType>;
 }>;
 
diff --git a/api/src/graphql/schema/types/connect/connect.graphql b/api/src/graphql/schema/types/connect/connect.graphql
@@ -39,8 +39,6 @@ input SetupRemoteAccessInput {
     port: Port
 }
 
-
-
 input EnableDynamicRemoteAccessInput {
     url: AccessUrlInput!
     enabled: Boolean!
@@ -59,59 +57,67 @@ type DynamicRemoteAccessStatus {
 }
 
 """
-    Intersection type of ApiSettings and RemoteAccess
+Intersection type of ApiSettings and RemoteAccess
 """
 type ConnectSettingsValues {
     """
-        If true, the GraphQL sandbox is enabled and available at /graphql.
-        If false, the GraphQL sandbox is disabled and only the production API will be available.
+    If true, the GraphQL sandbox is enabled and available at /graphql.
+    If false, the GraphQL sandbox is disabled and only the production API will be available.
     """
     sandbox: Boolean!
     """
-        A list of origins allowed to interact with the API.
+    A list of origins allowed to interact with the API.
     """
     extraOrigins: [String!]!
     """
-        The type of WAN access used for Remote Access.
+    The type of WAN access used for Remote Access.
     """
     accessType: WAN_ACCESS_TYPE!
     """
-        The type of port forwarding used for Remote Access.
+    The type of port forwarding used for Remote Access.
     """
     forwardType: WAN_FORWARD_TYPE
     """
-        The port used for Remote Access.
+    The port used for Remote Access.
     """
     port: Port
+    """
+    A list of Unique Unraid Account ID's.
+    """
+    ssoUserIds: [String!]!
 }
 
 """
-    Input should be a subset of ApiSettings that can be updated.
-    Some field combinations may be required or disallowed. Please refer to each field for more information.
+Input should be a subset of ApiSettings that can be updated.
+Some field combinations may be required or disallowed. Please refer to each field for more information.
 """
 input ApiSettingsInput {
     """
-        If true, the GraphQL sandbox will be enabled and available at /graphql.
-        If false, the GraphQL sandbox will be disabled and only the production API will be available.
+    If true, the GraphQL sandbox will be enabled and available at /graphql.
+    If false, the GraphQL sandbox will be disabled and only the production API will be available.
     """
     sandbox: Boolean
     """
-        A list of origins allowed to interact with the API.
+    A list of origins allowed to interact with the API.
     """
     extraOrigins: [String!]
     """
-        The type of WAN access to use for Remote Access.
+    The type of WAN access to use for Remote Access.
     """
     accessType: WAN_ACCESS_TYPE
     """
-        The type of port forwarding to use for Remote Access.
+    The type of port forwarding to use for Remote Access.
     """
     forwardType: WAN_FORWARD_TYPE
     """
-        The port to use for Remote Access. Not required for UPNP forwardType. Required for STATIC forwardType.
-        Ignored if accessType is DISABLED or forwardType is UPNP.
+    The port to use for Remote Access. Not required for UPNP forwardType. Required for STATIC forwardType.
+    Ignored if accessType is DISABLED or forwardType is UPNP.
     """
     port: Port
+    """
+    A list of Unique Unraid Account ID's.
+    """
+    ssoUserIds: [String!]
 }
 
 type ConnectSettings implements Node {
@@ -140,8 +146,8 @@ type Mutation {
     setAdditionalAllowedOrigins(input: AllowedOriginInput!): [String!]!
     setupRemoteAccess(input: SetupRemoteAccessInput!): Boolean!
     """
-        Update the API settings.
-        Some setting combinations may be required or disallowed. Please refer to each setting for more information.
+    Update the API settings.
+    Some setting combinations may be required or disallowed. Please refer to each setting for more information.
     """
     updateApiSettings(input: ApiSettingsInput!): ConnectSettingsValues!
-}           
+}
diff --git a/api/src/store/modules/config.ts b/api/src/store/modules/config.ts
@@ -219,6 +219,9 @@ export const config = createSlice({
             stateAsArray.push(action.payload);
             state.remote.ssoSubIds = stateAsArray.join(',');
         },
+        setSsoUsers(state, action: PayloadAction<string[]>) {
+            state.remote.ssoSubIds = action.payload.filter((id) => id).join(',');
+        },
         removeSsoUser(state, action: PayloadAction<string | null>) {
             if (action.payload === null) {
                 state.remote.ssoSubIds = '';
@@ -309,6 +312,7 @@ const { actions, reducer } = config;
 
 export const {
     addSsoUser,
+    setSsoUsers,
     updateUserConfig,
     updateAccessTokens,
     updateAllowedOrigins,
@@ -324,6 +328,7 @@ export const {
  */
 export const configUpdateActionsFlash = isAnyOf(
     addSsoUser,
+    setSsoUsers,
     updateUserConfig,
     updateAccessTokens,
     updateAllowedOrigins,
diff --git a/api/src/unraid-api/graph/connect/connect-settings.service.ts b/api/src/unraid-api/graph/connect/connect-settings.service.ts
@@ -18,7 +18,7 @@ import {
     WAN_FORWARD_TYPE,
 } from '@app/graphql/generated/api/types.js';
 import { setupRemoteAccessThunk } from '@app/store/actions/setup-remote-access.js';
-import { updateAllowedOrigins, updateUserConfig } from '@app/store/modules/config.js';
+import { setSsoUsers, updateAllowedOrigins, updateUserConfig } from '@app/store/modules/config.js';
 import { mergeSettingSlices } from '@app/unraid-api/types/json-forms.js';
 import { csvStringToArray } from '@app/utils.js';
 
@@ -50,11 +50,12 @@ export class ConnectSettingsService {
 
     async getCurrentSettings(): Promise<ConnectSettingsValues> {
         const { getters } = await import('@app/store/index.js');
-        const { local, api } = getters.config();
+        const { local, api, remote } = getters.config();
         return {
             ...(await this.dynamicRemoteAccessSettings()),
             sandbox: local.sandbox === 'yes',
             extraOrigins: csvStringToArray(api.extraOrigins),
+            ssoUserIds: csvStringToArray(remote.ssoSubIds),
         };
     }
 
@@ -63,7 +64,7 @@ export class ConnectSettingsService {
      * @param settings - The settings to sync
      * @returns true if a restart is required, false otherwise
      */
-    async syncSettings(settings: Partial<ApiSettingsInput>) {
+    async syncSettings(settings: Partial<ApiSettingsInput>): Promise<boolean> {
         let restartRequired = false;
         const { getters } = await import('@app/store/index.js');
         const { nginx } = getters.emhttp();
@@ -86,13 +87,15 @@ export class ConnectSettingsService {
                 port: settings.port,
             });
         }
-
         if (settings.extraOrigins) {
             await this.updateAllowedOrigins(settings.extraOrigins);
         }
         if (typeof settings.sandbox === 'boolean') {
             restartRequired ||= await this.setSandboxMode(settings.sandbox);
         }
+        if (settings.ssoUserIds) {
+            restartRequired ||= await this.updateSSOUsers(settings.ssoUserIds);
+        }
         const { writeConfigSync } = await import('@app/store/sync/config-disk-sync.js');
         writeConfigSync('flash');
         return restartRequired;
@@ -117,6 +120,32 @@ export class ConnectSettingsService {
         return true;
     }
 
+    /**
+     * Updates the SSO users and returns true if a restart is required
+     * @param userIds - The list of SSO user IDs
+     * @returns true if a restart is required, false otherwise
+     */
+    private async updateSSOUsers(userIds: string[]): Promise<boolean> {
+        const { ssoUserIds } = await this.getCurrentSettings();
+        const currentUserSet = new Set(ssoUserIds);
+        const newUserSet = new Set(userIds);
+        if (newUserSet.symmetricDifference(currentUserSet).size === 0) {
+            // there's no change, so no need to update
+            return false;
+        }
+        // make sure we aren't adding invalid user ids
+        const uuidRegex =
+            /^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}$/;
+        const invalidUserIds = userIds.filter((id) => !uuidRegex.test(id));
+        if (invalidUserIds.length > 0) {
+            throw new GraphQLError(`Invalid SSO user ID's: ${invalidUserIds.join(', ')}`);
+        }
+        const { store } = await import('@app/store/index.js');
+        store.dispatch(setSsoUsers(userIds));
+        // request a restart if we're there were no sso users before
+        return currentUserSet.size === 0;
+    }
+
     private async updateRemoteAccess(input: SetupRemoteAccessInput): Promise<boolean> {
         const { store } = await import('@app/store/index.js');
         await store.dispatch(setupRemoteAccessThunk(input)).unwrap();
@@ -151,6 +180,7 @@ export class ConnectSettingsService {
             await this.remoteAccessSlice(),
             await this.sandboxSlice(),
             this.flashBackupSlice(),
+            this.ssoUsersSlice(),
             // Because CORS is effectively disabled, this setting is no longer necessary
             // keeping it here for in case it needs to be re-enabled
             //
@@ -344,4 +374,32 @@ export class ConnectSettingsService {
             ],
         };
     }
+
+    /**
+     * Extra origins settings slice
+     */
+    ssoUsersSlice(): SettingSlice {
+        return {
+            properties: {
+                ssoUserIds: {
+                    type: 'array',
+                    items: {
+                        type: 'string',
+                    },
+                    title: 'Unraid API SSO Users',
+                    description: `Provide a list of Unique Unraid Account ID's. Find yours at <a href="https://account.unraid.net/settings" target="_blank">account.unraid.net/settings</a>`,
+                },
+            },
+            elements: [
+                {
+                    type: 'Control',
+                    scope: '#/properties/ssoUserIds',
+                    options: {
+                        inputType: 'text',
+                        placeholder: 'UUID',
+                    },
+                },
+            ],
+        };
+    }
 }
diff --git a/api/src/unraid-api/graph/connect/connect.resolver.ts b/api/src/unraid-api/graph/connect/connect.resolver.ts
@@ -69,11 +69,11 @@ export class ConnectResolver implements ConnectResolvers {
         const restartRequired = await this.connectSettingsService.syncSettings(settings);
         const currentSettings = await this.connectSettingsService.getCurrentSettings();
         if (restartRequired) {
-            const restartDelayMs = 3_000;
             setTimeout(async () => {
+                // Send restart out of band to avoid blocking the return of this resolver
                 this.logger.log('Restarting API');
                 await this.connectService.restartApi();
-            }, restartDelayMs);
+            }, 300);
         }
         return currentSettings;
     }
diff --git a/unraid-ui/src/forms/StringArrayField.vue b/unraid-ui/src/forms/StringArrayField.vue
@@ -44,7 +44,7 @@ const placeholder = computed(() => control.value.uischema?.options?.placeholder
 <template>
   <ControlLayout v-if="control.visible" :label="control.label" :errors="control.errors">
     <div class="space-y-4">
-      <p v-if="control.description">{{ control.description }}</p>
+      <p v-if="control.description" v-html="control.description" />
       <div v-for="(item, index) in items" :key="index" class="flex gap-2">
         <Input
           :type="inputType"
diff --git a/web/components/ConnectSettings/graphql/settings.query.ts b/web/components/ConnectSettings/graphql/settings.query.ts
@@ -14,6 +14,7 @@ export const getConnectSettingsForm = graphql(/* GraphQL */ `
           accessType
           forwardType
           port
+          ssoUserIds
         }
       }
     }
@@ -28,6 +29,7 @@ export const updateConnectSettings = graphql(/* GraphQL */ `
       accessType
       forwardType
       port
+      ssoUserIds
     }
   }
 `);
diff --git a/web/composables/gql/gql.ts b/web/composables/gql/gql.ts
@@ -14,8 +14,8 @@ import type { TypedDocumentNode as DocumentNode } from '@graphql-typed-document-
  * Learn more about it here: https://the-guild.dev/graphql/codegen/plugins/presets/preset-client#reducing-bundle-size
  */
 type Documents = {
-    "\n  query GetConnectSettingsForm {\n    connect {\n      id\n      settings {\n        id\n        dataSchema\n        uiSchema\n        values {\n          sandbox\n          extraOrigins\n          accessType\n          forwardType\n          port\n        }\n      }\n    }\n  }\n": typeof types.GetConnectSettingsFormDocument,
-    "\n  mutation UpdateConnectSettings($input: ApiSettingsInput!) {\n    updateApiSettings(input: $input) {\n      sandbox\n      extraOrigins\n      accessType\n      forwardType\n      port\n    }\n  }\n": typeof types.UpdateConnectSettingsDocument,
+    "\n  query GetConnectSettingsForm {\n    connect {\n      id\n      settings {\n        id\n        dataSchema\n        uiSchema\n        values {\n          sandbox\n          extraOrigins\n          accessType\n          forwardType\n          port\n          ssoUserIds\n        }\n      }\n    }\n  }\n": typeof types.GetConnectSettingsFormDocument,
+    "\n  mutation UpdateConnectSettings($input: ApiSettingsInput!) {\n    updateApiSettings(input: $input) {\n      sandbox\n      extraOrigins\n      accessType\n      forwardType\n      port\n      ssoUserIds\n    }\n  }\n": typeof types.UpdateConnectSettingsDocument,
     "\n  query LogFiles {\n    logFiles {\n      name\n      path\n      size\n      modifiedAt\n    }\n  }\n": typeof types.LogFilesDocument,
     "\n  query LogFileContent($path: String!, $lines: Int, $startLine: Int) {\n    logFile(path: $path, lines: $lines, startLine: $startLine) {\n      path\n      content\n      totalLines\n      startLine\n    }\n  }\n": typeof types.LogFileContentDocument,
     "\n  subscription LogFileSubscription($path: String!) {\n    logFile(path: $path) {\n      path\n      content\n      totalLines\n    }\n  }\n": typeof types.LogFileSubscriptionDocument,
@@ -40,8 +40,8 @@ type Documents = {
     "\n    mutation setupRemoteAccess($input: SetupRemoteAccessInput!) {\n        setupRemoteAccess(input: $input)\n    }\n": typeof types.setupRemoteAccessDocument,
 };
 const documents: Documents = {
-    "\n  query GetConnectSettingsForm {\n    connect {\n      id\n      settings {\n        id\n        dataSchema\n        uiSchema\n        values {\n          sandbox\n          extraOrigins\n          accessType\n          forwardType\n          port\n        }\n      }\n    }\n  }\n": types.GetConnectSettingsFormDocument,
-    "\n  mutation UpdateConnectSettings($input: ApiSettingsInput!) {\n    updateApiSettings(input: $input) {\n      sandbox\n      extraOrigins\n      accessType\n      forwardType\n      port\n    }\n  }\n": types.UpdateConnectSettingsDocument,
+    "\n  query GetConnectSettingsForm {\n    connect {\n      id\n      settings {\n        id\n        dataSchema\n        uiSchema\n        values {\n          sandbox\n          extraOrigins\n          accessType\n          forwardType\n          port\n          ssoUserIds\n        }\n      }\n    }\n  }\n": types.GetConnectSettingsFormDocument,
+    "\n  mutation UpdateConnectSettings($input: ApiSettingsInput!) {\n    updateApiSettings(input: $input) {\n      sandbox\n      extraOrigins\n      accessType\n      forwardType\n      port\n      ssoUserIds\n    }\n  }\n": types.UpdateConnectSettingsDocument,
     "\n  query LogFiles {\n    logFiles {\n      name\n      path\n      size\n      modifiedAt\n    }\n  }\n": types.LogFilesDocument,
     "\n  query LogFileContent($path: String!, $lines: Int, $startLine: Int) {\n    logFile(path: $path, lines: $lines, startLine: $startLine) {\n      path\n      content\n      totalLines\n      startLine\n    }\n  }\n": types.LogFileContentDocument,
     "\n  subscription LogFileSubscription($path: String!) {\n    logFile(path: $path) {\n      path\n      content\n      totalLines\n    }\n  }\n": types.LogFileSubscriptionDocument,
@@ -83,11 +83,11 @@ export function graphql(source: string): unknown;
 /**
  * The graphql function is used to parse GraphQL queries into a document that can be used by GraphQL clients.
  */
-export function graphql(source: "\n  query GetConnectSettingsForm {\n    connect {\n      id\n      settings {\n        id\n        dataSchema\n        uiSchema\n        values {\n          sandbox\n          extraOrigins\n          accessType\n          forwardType\n          port\n        }\n      }\n    }\n  }\n"): (typeof documents)["\n  query GetConnectSettingsForm {\n    connect {\n      id\n      settings {\n        id\n        dataSchema\n        uiSchema\n        values {\n          sandbox\n          extraOrigins\n          accessType\n          forwardType\n          port\n        }\n      }\n    }\n  }\n"];
+export function graphql(source: "\n  query GetConnectSettingsForm {\n    connect {\n      id\n      settings {\n        id\n        dataSchema\n        uiSchema\n        values {\n          sandbox\n          extraOrigins\n          accessType\n          forwardType\n          port\n          ssoUserIds\n        }\n      }\n    }\n  }\n"): (typeof documents)["\n  query GetConnectSettingsForm {\n    connect {\n      id\n      settings {\n        id\n        dataSchema\n        uiSchema\n        values {\n          sandbox\n          extraOrigins\n          accessType\n          forwardType\n          port\n          ssoUserIds\n        }\n      }\n    }\n  }\n"];
 /**
  * The graphql function is used to parse GraphQL queries into a document that can be used by GraphQL clients.
  */
-export function graphql(source: "\n  mutation UpdateConnectSettings($input: ApiSettingsInput!) {\n    updateApiSettings(input: $input) {\n      sandbox\n      extraOrigins\n      accessType\n      forwardType\n      port\n    }\n  }\n"): (typeof documents)["\n  mutation UpdateConnectSettings($input: ApiSettingsInput!) {\n    updateApiSettings(input: $input) {\n      sandbox\n      extraOrigins\n      accessType\n      forwardType\n      port\n    }\n  }\n"];
+export function graphql(source: "\n  mutation UpdateConnectSettings($input: ApiSettingsInput!) {\n    updateApiSettings(input: $input) {\n      sandbox\n      extraOrigins\n      accessType\n      forwardType\n      port\n      ssoUserIds\n    }\n  }\n"): (typeof documents)["\n  mutation UpdateConnectSettings($input: ApiSettingsInput!) {\n    updateApiSettings(input: $input) {\n      sandbox\n      extraOrigins\n      accessType\n      forwardType\n      port\n      ssoUserIds\n    }\n  }\n"];
 /**
  * The graphql function is used to parse GraphQL queries into a document that can be used by GraphQL clients.
  */
diff --git a/web/composables/gql/graphql.ts b/web/composables/gql/graphql.ts

Original file line number	Diff line number	Diff line change
`@@ -69,11 +69,11 @@ export class ConnectResolver implements ConnectResolvers {`
`69`	`69`	`const restartRequired = await this.connectSettingsService.syncSettings(settings);`
`70`	`70`	`const currentSettings = await this.connectSettingsService.getCurrentSettings();`
`71`	`71`	`if (restartRequired) {`
`72`		`- const restartDelayMs = 3_000;`
`73`	`72`	`setTimeout(async () => {`
	`73`	`+ // Send restart out of band to avoid blocking the return of this resolver`
`74`	`74`	`this.logger.log('Restarting API');`
`75`	`75`	`await this.connectService.restartApi();`
`76`		`- }, restartDelayMs);`
	`76`	`+ }, 300);`
`77`	`77`	`}`
`78`	`78`	`return currentSettings;`
`79`	`79`	`}`
Original file line number	Diff line number	Diff line change
@@ -14,6 +14,7 @@ export const getConnectSettingsForm = graphql(/* GraphQL */ `
`14`	`14`	`accessType`
`15`	`15`	`forwardType`
`16`	`16`	`port`
	`17`	`+ ssoUserIds`
`17`	`18`	`}`
`18`	`19`	`}`
`19`	`20`	`}`
@@ -28,6 +29,7 @@ export const updateConnectSettings = graphql(/* GraphQL */ `
`28`	`29`	`accessType`
`29`	`30`	`forwardType`
`30`	`31`	`port`
	`32`	`+ ssoUserIds`
`31`	`33`	`}`
`32`	`34`	`}`
`33`	`35`	`);