www/pocket-id: New port: OIDC provider that allows users to authenticate with their passkeys

Pocket ID is a simple OIDC provider that allows users to authenticate
with their passkeys to your services.

The goal of Pocket ID is to be a simple and easy-to-use. There are
other self-hosted OIDC providers like Keycloak or ORY Hydra but
they are often too complex for simple use cases.

Additionally, what makes Pocket ID special is that it only supports
passkey authentication, which means you don't need a password. Some
people might not like this idea at first, but I believe passkeys
are the future, and once you try them, you'll love them. For example,
you can now use a physical Yubikey to sign in to all your self-hosted
services easily and securely

Approved by:    acm (mentor)

GIDs

@@ -775,7 +775,7 @@ cirrus:*:828:
 # free: 831
 beehive:*:832:
 # free: 833
-# free: 834
+pocket-id:*:834:
 filebrowser:*:835:
 # free: 836
 # free: 837

UIDs

@@ -781,7 +781,7 @@ cirrus:*:828:828::0:0:Cirrus CI:/usr/local/cirrus:/bin/sh
 # free: 831
 beehive:*:832:832::0:0:beehive user:/nonexistent:/usr/sbin/nologin
 # free: 833
-# free: 834
+pocket-id:*:834:834::0:0:OIDC provider that allows users to authenticate with their passkeys:/var/db/pocket-id:/usr/sbin/nologin
 filebrowser:*:835:835::0:0:Web File Browser:/var/db/filebrowser:/usr/sbin/nologin
 # free: 836
 # free: 837

www/Makefile

@@ -1453,6 +1453,7 @@
     SUBDIR += plasma6-plasma-browser-integration
     SUBDIR += pmwiki
     SUBDIR += pnews
+    SUBDIR += pocket-id
     SUBDIR += podcastamatic
     SUBDIR += pomerium
     SUBDIR += pound

www/pocket-id/Makefile

@@ -0,0 +1,39 @@
+PORTNAME=	pocket-id
+DISTVERSIONPREFIX=	v
+DISTVERSION=	1.4.0
+CATEGORIES=	www
+MASTER_SITES=	LOCAL/dtxdf/${PORTNAME}/
+DISTFILES=	${PORTNAME}-${DISTVERSION}.frontend${EXTRACT_SUFX}
+
+MAINTAINER=	dtxdf@FreeBSD.org
+COMMENT=	OIDC provider that allows users to authenticate with their passkeys
+WWW=		https://pocket-id.org
+
+LICENSE=	BSD2CLAUSE
+
+USES=		go:modules
+USE_GITHUB=	yes
+USE_RC_SUBR=	${PORTNAME}
+
+GO_MOD_DIST=	github
+GO_MODULE=	https://github.com/pocket-id/${PORTNAME}
+GO_TARGET=	./cmd:${PORTNAME}
+GO_BUILDFLAGS=	-ldflags "-X github.com/pocket-id/pocket-id/backend/internal/common.Version=${DISTVERSION} -buildid=${DISTVERSION}"
+
+SUB_FILES=	pkg-message
+SUB_LIST=	USER=${USERS:[1]}
+
+WRKSRC_SUBDIR=	backend
+
+USERS=		${POCKET_ID_USER}
+GROUPS=		${POCKET_ID_GROUP}
+
+PLIST_FILES=	bin/${PORTNAME}
+
+POCKET_ID_USER=		${PORTNAME}
+POCKET_ID_GROUP=	${POCKET_ID_USER}
+
+pre-build:
+	@cd ${WRKDIR}/pocket-id-frontend && ${COPYTREE_SHARE} . ${WRKSRC}/frontend/dist
+
+.include <bsd.port.mk>

www/pocket-id/distinfo

@@ -0,0 +1,7 @@
+TIMESTAMP = 1750475934
+SHA256 (go/www_pocket-id/pocket-id-pocket-id-v1.4.0_GH0/pocket-id-1.4.0.frontend.tar.gz) = 28d9a1e390d4caa1d210fb1cd36c2f2839d89e82905e88953847b18a25aeb44d
+SIZE (go/www_pocket-id/pocket-id-pocket-id-v1.4.0_GH0/pocket-id-1.4.0.frontend.tar.gz) = 940695
+SHA256 (go/www_pocket-id/pocket-id-pocket-id-v1.4.0_GH0/go.mod) = 746b88f292ef6becb08abe2aa09185c44bf44d7679e281534821b0d8cfc4828c
+SIZE (go/www_pocket-id/pocket-id-pocket-id-v1.4.0_GH0/go.mod) = 6612
+SHA256 (go/www_pocket-id/pocket-id-pocket-id-v1.4.0_GH0/pocket-id-pocket-id-v1.4.0_GH0.tar.gz) = ad76903ab02cd739fb3171df8d18a3192b131dc55dd52fe223634c79d9d82f53
+SIZE (go/www_pocket-id/pocket-id-pocket-id-v1.4.0_GH0/pocket-id-pocket-id-v1.4.0_GH0.tar.gz) = 5506002

www/pocket-id/files/pkg-message.in

@@ -0,0 +1,17 @@
+[
+{ type: install
+  message: <<EOM
+Pocket ID is installed
+
+1) Configure it in %%PREFIX%%/etc/pocket-id.env
+
+2) Enable it with
+
+     sysrc pocket_id_enable=YES
+
+3) Start it with
+
+     service pocket-id start
+EOM
+}
+]

www/pocket-id/files/pocket-id.in

@@ -0,0 +1,36 @@
+#!/bin/sh
+
+# PROVIDE: pocket_id
+# REQUIRE: LOGIN
+# KEYWORD: shutdown
+#
+# Configuration settings for pocket-id in /etc/rc.conf
+#
+# pocket_id_enable (bool):     Enable pocket-id. (Default=NO)
+# pocket_id_env_file (str):    Path containing the environment variables
+#                              to be used by pocket-id. (Default: /usr/local/etc/pocket-id.env)
+# pocket_id_logfile (str):     Log file used to store the pocket-id's output. (Default: /var/log/pocket-id.log)
+# pocket_id_pidfile (str):     File used by pocket-id to store the process ID. (Default: /var/run/pocket-id.pid)
+# pocket_id_runas (str):       User to run pocket-id as. (Default: %%USER%%)
+
+. /etc/rc.subr
+
+name="pocket_id"
+desc="OIDC provider that allows users to authenticate with their passkeys"
+rcvar="pocket_id_enable"
+
+load_rc_config $name
+
+: ${pocket_id_enable:="NO"}
+: ${pocket_id_env_file:="/usr/local/etc/pocket-id.env"}
+: ${pocket_id_logfile:="/var/log/pocket-id.log"}
+: ${pocket_id_pidfile:="/var/run/pocket-id.pid"}
+: ${pocket_id_runas:="%%USER%%"}
+
+pocket_id_chdir="/var/db/pocket-id"
+pidfile="${pocket_id_pidfile}"
+procname="/usr/local/bin/pocket-id"
+command="/usr/sbin/daemon"
+command_args="-o '${pocket_id_logfile}' -p '${pidfile}' -u '${pocket_id_runas}' -t '${desc}' -- '${procname}'"
+
+run_rc_command "$1"

www/pocket-id/pkg-descr

@@ -0,0 +1,13 @@
+Pocket ID is a simple OIDC provider that allows users to authenticate
+with their passkeys to your services.
+
+The goal of Pocket ID is to be a simple and easy-to-use. There are
+other self-hosted OIDC providers like Keycloak or ORY Hydra but
+they are often too complex for simple use cases.
+
+Additionally, what makes Pocket ID special is that it only supports
+passkey authentication, which means you don't need a password. Some
+people might not like this idea at first, but I believe passkeys
+are the future, and once you try them, you'll love them. For example,
+you can now use a physical Yubikey to sign in to all your self-hosted
+services easily and securely