feat(auth): Allow SSO login only for whitelisted addresses (localhost) (#5815)

## Summary Hide Google/GitHub SSO login options when the UI is accessed from **non‑local** addresses. This PR also adds a **static whitelist** (editable in code) so we can allow additional hosts if needed. Default whitelisted addresses: 1. `localhost` and any subdomain: `*.localhost` 2. IPv4 loopback `127.0.0.0/8` (e.g., `127.x.y.z`) 4. IPv6 loopback `::1` (including equivalent textual forms such as `::0001`) ## Changes - **What**: * Add `src/utils/hostWhitelist.ts` with `normalizeHost` and `isHostWhitelisted` helpers. * Update `SignInContent.vue` to **hide** SSO options when `isHostWhitelisted(normalizeHost(window.location.hostname))` returns `false`. - **Breaking**: * Users accessing from Runpod or other previously allowed **non‑local** hosts will **lose** SSO login options. If we need to keep SSO there, we should add those hosts to the whitelist in `hostWhitelist.ts`. ## Review Focus 1. Verify that logging in from local addresses (`localhost`, `*.localhost`, `127.0.0.1`, `::1`) **does not change** the current behavior: SSO is visible. 2. Verify that from a **non‑local** address, SSO options are **not** displayed. ## Screenshots (if applicable) UI opened from `192.168.2.109` address: <img width="500" height="990" alt="Screenshot From 2025-09-27 13-22-15" src="https://github.com/user-attachments/assets/c97b10a1-b069-43e4-a26b-a71eeb228a51" /> UI opened from default `127.0.0.1` address(nothing changed): <img width="462" height="955" alt="Screenshot From 2025-09-27 13-35-27" src="https://github.com/user-attachments/assets/bb2bf21c-dc8d-49cb-b48e-8fc6e408023c" /> ┆Issue is synchronized with this [Notion page](https://www.notion.so/PR-5815-feat-auth-Allow-SSO-login-only-for-whitelisted-addresses-localhost-27b6d73d365081ccbe84c034cf8e416d) by [Unito](https://www.unito.io)
2026-03-09 07:00:06 +00:00 · 2025-10-02 09:09:11 +03:00
parent c662c77305
commit 9c97fb359d
3 changed files with 247 additions and 29 deletions
--- a/src/components/dialog/content/SignInContent.vue
+++ b/src/components/dialog/content/SignInContent.vue
@@ -45,37 +45,39 @@
        <span class="text-muted">{{ t('auth.login.orContinueWith') }}</span>
      </Divider>

-      <!-- Social Login Buttons -->
+      <!-- Social Login Buttons (hidden if host not whitelisted) -->
      <div class="flex flex-col gap-6">
-        <Button
-          type="button"
-          class="h-10"
-          severity="secondary"
-          outlined
-          @click="signInWithGoogle"
-        >
-          <i class="pi pi-google mr-2"></i>
-          {{
-            isSignIn
-              ? t('auth.login.loginWithGoogle')
-              : t('auth.signup.signUpWithGoogle')
-          }}
-        </Button>
+        <template v-if="ssoAllowed">
+          <Button
+            type="button"
+            class="h-10"
+            severity="secondary"
+            outlined
+            @click="signInWithGoogle"
+          >
+            <i class="pi pi-google mr-2"></i>
+            {{
+              isSignIn
+                ? t('auth.login.loginWithGoogle')
+                : t('auth.signup.signUpWithGoogle')
+            }}
+          </Button>

-        <Button
-          type="button"
-          class="h-10"
-          severity="secondary"
-          outlined
-          @click="signInWithGithub"
-        >
-          <i class="pi pi-github mr-2"></i>
-          {{
-            isSignIn
-              ? t('auth.login.loginWithGithub')
-              : t('auth.signup.signUpWithGithub')
-          }}
-        </Button>
+          <Button
+            type="button"
+            class="h-10"
+            severity="secondary"
+            outlined
+            @click="signInWithGithub"
+          >
+            <i class="pi pi-github mr-2"></i>
+            {{
+              isSignIn
+                ? t('auth.login.loginWithGithub')
+                : t('auth.signup.signUpWithGithub')
+            }}
+          </Button>
+        </template>

        <Button
          type="button"
@@ -149,6 +151,7 @@ import { useI18n } from 'vue-i18n'
 import { useFirebaseAuthActions } from '@/composables/auth/useFirebaseAuthActions'
 import { COMFY_PLATFORM_BASE_URL } from '@/config/comfyApi'
 import type { SignInData, SignUpData } from '@/schemas/signInSchema'
+import { isHostWhitelisted, normalizeHost } from '@/utils/hostWhitelist'
 import { isInChina } from '@/utils/networkUtil'

 import ApiKeyForm from './signin/ApiKeyForm.vue'
@@ -164,6 +167,7 @@ const authActions = useFirebaseAuthActions()
 const isSecureContext = window.isSecureContext
 const isSignIn = ref(true)
 const showApiKeyForm = ref(false)
+const ssoAllowed = isHostWhitelisted(normalizeHost(window.location.hostname))

 const toggleState = () => {
  isSignIn.value = !isSignIn.value