Intégration d'hydra/hydra-passwordless/fake-smtp dans l'infra Docker
This commit is contained in:
parent
7f7b187296
commit
59806edc10
5
Makefile
5
Makefile
|
@ -5,7 +5,7 @@ deps:
|
||||||
cd frontend && npm install
|
cd frontend && npm install
|
||||||
|
|
||||||
up: build
|
up: build
|
||||||
( cd frontend && npm run server ) & USER_ID=$(shell id -u) docker-compose up && wait
|
( cd frontend && NODE_ENV=development npm run server ) & USER_ID=$(shell id -u) docker-compose up && wait
|
||||||
|
|
||||||
sg:
|
sg:
|
||||||
docker-compose exec -u $(shell id -u) super-graph sh
|
docker-compose exec -u $(shell id -u) super-graph sh
|
||||||
|
@ -18,3 +18,6 @@ down:
|
||||||
|
|
||||||
db-shell:
|
db-shell:
|
||||||
docker-compose exec postgres psql -Usupergraph
|
docker-compose exec postgres psql -Usupergraph
|
||||||
|
|
||||||
|
hydra-shell:
|
||||||
|
docker-compose exec hydra /bin/sh
|
|
@ -28,6 +28,9 @@ Les services suivants devraient être disponibles après démarrage de l'environ
|
||||||
|Application React|HTTP (UI)|http://localhost:8081/|Page d'accueil de l'application React (serveur Webpack)|
|
|Application React|HTTP (UI)|http://localhost:8081/|Page d'accueil de l'application React (serveur Webpack)|
|
||||||
|Interface Web GraphQL|HTTP (UI)|http://localhost:8080/|Interface Web de développement de l'API GraphQL|
|
|Interface Web GraphQL|HTTP (UI)|http://localhost:8080/|Interface Web de développement de l'API GraphQL|
|
||||||
|Serveur GraphQL|HTTP (GraphQL)|http://localhost:8080/api/v1/graphql|Point d'entrée de l'API GraphQL|
|
|Serveur GraphQL|HTTP (GraphQL)|http://localhost:8080/api/v1/graphql|Point d'entrée de l'API GraphQL|
|
||||||
|
|Serveur Hydra|HTTP (ReST)|http://localhost:4444|Point d'entrée pour l'API OAuth2 d'[Hydra](https://www.ory.sh/hydra/docs/)|
|
||||||
|
|Serveur Hydra Passwordless|HTTP|http://localhost:3000|Point d'entrée pour la ["Login/Consent App"](https://www.ory.sh/hydra/docs/implementing-consent) [hydra-passwordless](https://forge.cadoles.com/wpetit/hydra-passwordless)|
|
||||||
|
|Serveur FakeSMTP|HTTP|http://localhost:8082|Interface web du serveur [FakeSMTP](https://forge.cadoles.com/wpetit/fake-smtp)
|
||||||
|Serveur PostgreSQL|TCP/IP (PostgreSQL)|`127.0.0.1:5432`|Port de connexion à la base de données PostgreSQL de développement|
|
|Serveur PostgreSQL|TCP/IP (PostgreSQL)|`127.0.0.1:5432`|Port de connexion à la base de données PostgreSQL de développement|
|
||||||
|
|
||||||
#### Fichiers/répertoires notables
|
#### Fichiers/répertoires notables
|
||||||
|
@ -46,6 +49,10 @@ Les services suivants devraient être disponibles après démarrage de l'environ
|
||||||
|`make down`|Stopper et supprimer l'environnement de développement.|
|
|`make down`|Stopper et supprimer l'environnement de développement.|
|
||||||
|`make db-shell`|Ouvrir une console `psql` sur la base de données de développement.|
|
|`make db-shell`|Ouvrir une console `psql` sur la base de données de développement.|
|
||||||
|
|
||||||
|
#### Ressources
|
||||||
|
|
||||||
|
- [Execute an Authorization Code Grant Flow with PKCE](https://auth0.com/docs/api-auth/tutorials/authorization-code-grant-pkce)
|
||||||
|
|
||||||
## Licence
|
## Licence
|
||||||
|
|
||||||
AGPL-3.0
|
AGPL-3.0
|
||||||
|
|
|
@ -20,11 +20,69 @@ services:
|
||||||
- postgres
|
- postgres
|
||||||
ports:
|
ports:
|
||||||
- 8080:8080
|
- 8080:8080
|
||||||
|
|
||||||
postgres:
|
postgres:
|
||||||
image: postgres:12-alpine
|
build:
|
||||||
|
context: ./misc/containers/postgres
|
||||||
|
args:
|
||||||
|
- HTTP_PROXY=${HTTP_PROXY}
|
||||||
|
- HTTPS_PROXY=${HTTPS_PROXY}
|
||||||
|
- http_proxy=${http_proxy}
|
||||||
|
- https_proxy=${https_proxy}
|
||||||
environment:
|
environment:
|
||||||
- POSTGRES_PASSWORD=daddy
|
- POSTGRES_PASSWORD=postgres
|
||||||
- POSTGRES_USER=daddy
|
|
||||||
- POSTGRES_DB=daddy
|
|
||||||
ports:
|
ports:
|
||||||
- 5432:5432
|
- 5432:5432
|
||||||
|
volumes:
|
||||||
|
- postgres_data:/var/lib/postgresql/data
|
||||||
|
|
||||||
|
hydra:
|
||||||
|
build:
|
||||||
|
context: ./misc/containers/hydra
|
||||||
|
environment:
|
||||||
|
DSN: postgres://hydra:hydra@postgres:5432/hydra
|
||||||
|
URLS_LOGIN: http://localhost:3000/login
|
||||||
|
URLS_CONSENT: http://localhost:3000/consent
|
||||||
|
URLS_LOGOUT: http://localhost:3000/logout
|
||||||
|
SUPPORTED_SCOPES: email
|
||||||
|
SUPPORTED_CLAIMS: email,email_verified
|
||||||
|
SECRETS_SYSTEM: fAAya66yXNib52lbXpo16bxy1jD4NZrX
|
||||||
|
HYDRA_ADMIN_URL: http://localhost:4445
|
||||||
|
ports:
|
||||||
|
- 4444:4444
|
||||||
|
command: hydra serve all --dangerous-force-http
|
||||||
|
|
||||||
|
hydra-passwordless:
|
||||||
|
image: bornholm/hydra-passwordless
|
||||||
|
ports:
|
||||||
|
- 3000:3000
|
||||||
|
environment:
|
||||||
|
- HTTP_COOKIE_AUTHENTICATION_KEY=XNFEWQwYB9WiVSnkHoFnMtNDL6X88apR4DmDBwh7gVgdJ3LTdLRLwGZAALnVN2yg
|
||||||
|
- HTTP_COOKIE_ENCRYPTION_KEY=xtHEd36Uo4DFeS2JgPPm94fPBfinY3xi
|
||||||
|
- HTTP_TOKEN_AUTHENTICATION_KEY=sGToi4yiP5yWrZzKdKaDA3XNpkcg9CRAaycuhr5gy2XnPKzUS7N6wGEFhMq9WPuf
|
||||||
|
- HTTP_TOKEN_ENCRYPTION_KEY=LAbuEWUeNDCLniRcyjiBCZ8ecgwN9Van
|
||||||
|
- SMTP_HOST=smtp
|
||||||
|
- SMTP_PORT=2525
|
||||||
|
- SMTP_USE_START_TLS=false
|
||||||
|
- SMTP_USER=
|
||||||
|
- SMTP_PASSWORD=
|
||||||
|
- SMTP_INSECURE_SKIP_VERIFY=true
|
||||||
|
- HYDRA_BASE_URL=http://hydra:4445
|
||||||
|
- HYDRA_FAKE_SSL_TERMINATION=false
|
||||||
|
|
||||||
|
smtp:
|
||||||
|
image: bornholm/fake-smtp
|
||||||
|
ports:
|
||||||
|
- 8082:8080
|
||||||
|
- 2525:2525
|
||||||
|
environment:
|
||||||
|
- FAKESMTP_SMTP_ADDRESS=:2525
|
||||||
|
- FAKESMTP_SMTP_DEBUG=true
|
||||||
|
- FAKESMTP_SMTP_USERNAME=
|
||||||
|
- FAKESMTP_SMTP_PASSWORD=
|
||||||
|
- FAKESMTP_SMTP_ALLOWINSECUREAUTH=true
|
||||||
|
volumes:
|
||||||
|
- /etc/localtime:/etc/localtime:ro
|
||||||
|
- /etc/timezone:/etc/timezone:ro
|
||||||
|
volumes:
|
||||||
|
postgres_data:
|
|
@ -0,0 +1,18 @@
|
||||||
|
FROM oryd/hydra:v1.4.2-alpine
|
||||||
|
|
||||||
|
USER root
|
||||||
|
|
||||||
|
COPY docker-entrypoint.sh /usr/local/bin/docker-entrypoint
|
||||||
|
RUN chmod a+x /usr/local/bin/docker-entrypoint
|
||||||
|
|
||||||
|
COPY first-run.sh /usr/local/bin/docker-first-run
|
||||||
|
RUN chmod a+x /usr/local/bin/docker-first-run
|
||||||
|
|
||||||
|
COPY hydra-init.d /hydra-init.d
|
||||||
|
|
||||||
|
RUN mkdir -p /home/ory && chown -R ory: /home/ory
|
||||||
|
USER ory
|
||||||
|
|
||||||
|
ENTRYPOINT ["/usr/local/bin/docker-entrypoint"]
|
||||||
|
|
||||||
|
CMD ["hydra", "serve", "all"]
|
|
@ -0,0 +1,14 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
set -xeo pipefail
|
||||||
|
|
||||||
|
LIFECYCLEFLAGS_DIR="$HOME/.container-lifecycle"
|
||||||
|
|
||||||
|
mkdir -p "$LIFECYCLEFLAGS_DIR"
|
||||||
|
|
||||||
|
if [ ! -f "$LIFECYCLEFLAGS_DIR/first-run" ]; then
|
||||||
|
/usr/local/bin/docker-first-run
|
||||||
|
touch "$LIFECYCLEFLAGS_DIR/first-run"
|
||||||
|
fi
|
||||||
|
|
||||||
|
exec "$@"
|
|
@ -0,0 +1,8 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
hydra migrate sql -e -y
|
||||||
|
|
||||||
|
hydra serve all --dangerous-force-http &
|
||||||
|
HYDRA_PID=$!
|
||||||
|
run-parts --exit-on-error /hydra-init.d
|
||||||
|
kill $HYDRA_PID
|
|
@ -0,0 +1,8 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
hydra clients create \
|
||||||
|
--id daddy \
|
||||||
|
-n Daddy \
|
||||||
|
--secret 'KE9wOXR-~7qCXNKWzw23EpNroq' \
|
||||||
|
-a email,email_verified \
|
||||||
|
-c http://localhost:8081/oauth2/callback
|
|
@ -0,0 +1,3 @@
|
||||||
|
FROM postgres:12-alpine
|
||||||
|
|
||||||
|
COPY ./initdb.d /docker-entrypoint-initdb.d
|
|
@ -0,0 +1,15 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
set -e
|
||||||
|
|
||||||
|
psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL
|
||||||
|
CREATE USER hydra WITH ENCRYPTED PASSWORD 'hydra';
|
||||||
|
CREATE DATABASE hydra;
|
||||||
|
GRANT ALL PRIVILEGES ON DATABASE hydra TO hydra;
|
||||||
|
EOSQL
|
||||||
|
|
||||||
|
psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL
|
||||||
|
CREATE USER daddy WITH ENCRYPTED PASSWORD 'daddy';
|
||||||
|
CREATE DATABASE daddy;
|
||||||
|
GRANT ALL PRIVILEGES ON DATABASE daddy TO daddy;
|
||||||
|
EOSQL
|
Loading…
Reference in New Issue