Consolidate versions for easier extension (#495)

deployment/docker_compose/docker-compose.dev.legacy.yml

@@ -30,10 +30,8 @@ services:
       - TYPESENSE_HOST=search_engine
       - TYPESENSE_API_KEY=${TYPESENSE_API_KEY:-typesense_api_key}
       - LOG_LEVEL=${LOG_LEVEL:-info}
-      - DISABLE_AUTH=${DISABLE_AUTH:-True}
+      - AUTH_TYPE=${AUTH_TYPE:-disabled}
       - QA_TIMEOUT=${QA_TIMEOUT:-}
-      - OAUTH_TYPE=${OAUTH_TYPE:-google}
-      - OPENID_CONFIG_URL=${OPENID_CONFIG_URL:-}
       - GOOGLE_OAUTH_CLIENT_ID=${GOOGLE_OAUTH_CLIENT_ID:-}
       - GOOGLE_OAUTH_CLIENT_SECRET=${GOOGLE_OAUTH_CLIENT_SECRET:-}
       - DISABLE_GENERATIVE_AI=${DISABLE_GENERATIVE_AI:-}
@@ -91,13 +89,14 @@ services:
       dockerfile: Dockerfile
       args:
         - NEXT_PUBLIC_DISABLE_STREAMING=${NEXT_PUBLIC_DISABLE_STREAMING:-false}
+        - NEXT_PUBLIC_AUTH_TYPE=${AUTH_TYPE:-disabled}
     depends_on:
       - api_server
     restart: always
     environment:
       - INTERNAL_URL=http://api_server:8080
       - WEB_DOMAIN=${WEB_DOMAIN:-}
-      - DISABLE_AUTH=${DISABLE_AUTH:-True}
+      - AUTH_TYPE=${AUTH_TYPE:-disabled}
       - OAUTH_NAME=${OAUTH_NAME:-}
   relational_db:
     image: postgres:15.2-alpine

deployment/docker_compose/docker-compose.dev.yml

@@ -24,11 +24,9 @@ services:
       - NUM_DOCUMENT_TOKENS_FED_TO_GENERATIVE_MODEL=${NUM_DOCUMENT_TOKENS_FED_TO_GENERATIVE_MODEL:-}
       - POSTGRES_HOST=relational_db
       - VESPA_HOST=index
-      - DISABLE_AUTH=${DISABLE_AUTH:-True}
+      - AUTH_TYPE=${AUTH_TYPE:-disabled}
       - QA_TIMEOUT=${QA_TIMEOUT:-}
       - VALID_EMAIL_DOMAINS=${VALID_EMAIL_DOMAINS:-}
-      - OAUTH_TYPE=${OAUTH_TYPE:-google}
-      - OPENID_CONFIG_URL=${OPENID_CONFIG_URL:-}
       - GOOGLE_OAUTH_CLIENT_ID=${GOOGLE_OAUTH_CLIENT_ID:-}
       - GOOGLE_OAUTH_CLIENT_SECRET=${GOOGLE_OAUTH_CLIENT_SECRET:-}
       - DISABLE_GENERATIVE_AI=${DISABLE_GENERATIVE_AI:-}
@@ -77,6 +75,7 @@ services:
       - AZURE_DEPLOYMENT_ID=${AZURE_DEPLOYMENT_ID:-}
       - CONTINUE_ON_CONNECTOR_FAILURE=${CONTINUE_ON_CONNECTOR_FAILURE:-}
       - NUM_INDEXING_WORKERS=${NUM_INDEXING_WORKERS:-}
+      # Danswer SlackBot Configs
       - DANSWER_BOT_SLACK_APP_TOKEN=${DANSWER_BOT_SLACK_APP_TOKEN:-}
       - DANSWER_BOT_SLACK_BOT_TOKEN=${DANSWER_BOT_SLACK_BOT_TOKEN:-}
       - DANSWER_BOT_DISABLE_DOCS_ONLY_ANSWER=${DANSWER_BOT_DISABLE_DOCS_ONLY_ANSWER:-}
@@ -104,13 +103,14 @@ services:
       dockerfile: Dockerfile
       args:
         - NEXT_PUBLIC_DISABLE_STREAMING=${NEXT_PUBLIC_DISABLE_STREAMING:-false}
+        - NEXT_PUBLIC_AUTH_TYPE=${AUTH_TYPE:-disabled}
     depends_on:
       - api_server
     restart: always
     environment:
       - INTERNAL_URL=http://api_server:8080
       - WEB_DOMAIN=${WEB_DOMAIN:-}
-      - DISABLE_AUTH=${DISABLE_AUTH:-True}
+      - AUTH_TYPE=${AUTH_TYPE:-disabled}
       - OAUTH_NAME=${OAUTH_NAME:-}
   relational_db:
     image: postgres:15.2-alpine

deployment/docker_compose/docker-compose.prod.legacy.yml

@@ -17,6 +17,7 @@ services:
     env_file:
       - .env
     environment:
+      - AUTH_TYPE=${AUTH_TYPE:-google_oauth}
       - DOCUMENT_INDEX_TYPE=split
       - POSTGRES_HOST=relational_db
       - QDRANT_HOST=vector_db
@@ -40,6 +41,7 @@ services:
     env_file:
       - .env
     environment:
+      - AUTH_TYPE=${AUTH_TYPE:-google_oauth}
       - DOCUMENT_INDEX_TYPE=split
       - POSTGRES_HOST=relational_db
       - QDRANT_HOST=vector_db
@@ -55,12 +57,16 @@ services:
     build:
       context: ../../web
       dockerfile: Dockerfile
+      args:
+        - NEXT_PUBLIC_DISABLE_STREAMING=${NEXT_PUBLIC_DISABLE_STREAMING:-false}
+        - NEXT_PUBLIC_AUTH_TYPE=${AUTH_TYPE:-google_oauth}
     depends_on:
       - api_server
     restart: always
     env_file:
       - .env
     environment:
+      - AUTH_TYPE=${AUTH_TYPE:-google_oauth}
       - INTERNAL_URL=http://api_server:8080
   relational_db:
     image: postgres:15.2-alpine

deployment/docker_compose/docker-compose.prod.yml

@@ -16,6 +16,7 @@ services:
     env_file:
       - .env
     environment:
+      - AUTH_TYPE=${AUTH_TYPE:-google_oauth}
       - POSTGRES_HOST=relational_db
       - VESPA_HOST=index
     volumes:
@@ -37,6 +38,7 @@ services:
     env_file:
       - .env
     environment:
+      - AUTH_TYPE=${AUTH_TYPE:-google_oauth}
       - POSTGRES_HOST=relational_db
       - VESPA_HOST=index
     volumes:
@@ -50,12 +52,16 @@ services:
     build:
       context: ../../web
       dockerfile: Dockerfile
+      args:
+        - NEXT_PUBLIC_DISABLE_STREAMING=${NEXT_PUBLIC_DISABLE_STREAMING:-false}
+        - NEXT_PUBLIC_AUTH_TYPE=${AUTH_TYPE:-google_oauth}
     depends_on:
       - api_server
     restart: always
     env_file:
       - .env
     environment:
+      - AUTH_TYPE=${AUTH_TYPE:-google_oauth}
       - INTERNAL_URL=http://api_server:8080
   relational_db:
     image: postgres:15.2-alpine

deployment/docker_compose/env.prod.template

@@ -1,10 +1,10 @@
 # Fill in the values and copy the contents of this file to .env in the deployment directory.
 # Some valid default values are provided where applicable, delete the variables which you don't set values for.
-# Only applicable when using the docker-compose.prod.yml compose file.
+# This is only necessary when using the docker-compose.prod.yml compose file.
 
 
-# Insert your OpenAI API key here, currently the only Generative AI endpoint for QA that we support is OpenAI
-# If not provided here, UI will prompt on setup
+# Insert your OpenAI API key here If not provided here, UI will prompt on setup.
+# This env variable takes precedence over UI settings.
 GEN_AI_API_KEY=
 # Choose between "openai-chat-completion" and "openai-completion"
 INTERNAL_MODEL_VERSION=openai-chat-completion
@@ -17,21 +17,12 @@ API_TYPE_OPENAI=
 API_VERSION_OPENAI=
 AZURE_DEPLOYMENT_ID=
 
-# Could be something like danswer.companyname.com. Requires additional setup if not localhost
+# Could be something like danswer.companyname.com
 WEB_DOMAIN=http://localhost:3000
 
-# If you want to make the postgres / typesense instances a little more secure, modify the below
-# Note that the postgres / typesense / qdrant containers do not expose any ports to the outside world,
-# so they are already unaccessible unless someone has ssh access to the machine that Danswer is running on
+# Default values here are what Postgres uses by default, feel free to change.
 POSTGRES_USER=postgres
 POSTGRES_PASSWORD=password
-TYPESENSE_API_KEY=typesense_api_key
-
-# Currently frontend page doesn't have basic auth, use OAuth if user auth is enabled.
-ENABLE_OAUTH=True
-# The two settings below are only required if ENABLE_OAUTH is true
-GOOGLE_OAUTH_CLIENT_ID=
-GOOGLE_OAUTH_CLIENT_SECRET=
 
 # If you want to setup a slack bot to answer questions automatically in Slack 
 # channels it is added to, you must specify the below. 
@@ -45,15 +36,25 @@ SECRET=
 # How long before user needs to reauthenticate, default to 1 day. (cookie expiration time)
 SESSION_EXPIRE_TIME_SECONDS=86400
 
-# used to specify a list of allowed user domains
+# The following are for configuring User Authentication, supported flows are:
+# disabled
+# simple (email/password + user account creation in Danswer)
+# google_oauth (login with google/gmail account)
+# oidc (only in Danswer enterprise edition)
+# saml (only in Danswer enterprise edition)
+AUTH_TYPE=
+
+# Set the two below to use with Google OAuth
+GOOGLE_OAUTH_CLIENT_ID=
+GOOGLE_OAUTH_CLIENT_SECRET=
+
+# OpenID Connect (OIDC)
+OPENID_CONFIG_URL=
+
+# SAML config directory for OneLogin compatible setups
+SAML_CONF_DIR=
+
+# used to specify a list of allowed user domains, only checked if user Auth is turned on
 # e.g. `VALID_EMAIL_DOMAINS=example.com,example.org` will only allow users
 # with an @example.com or an @example.org email
 VALID_EMAIL_DOMAINS=
-
-# Only relevant if using basic auth (not supported on frontend yet)
-REQUIRE_EMAIL_VERIFICATION=True
-# The four settings below are only required if REQUIRE_EMAIL_VERIFICATION is True
-SMTP_SERVER=
-SMTP_PORT=
-SMTP_USER=
-SMTP_PASS=