Authentification via OpenID Connect #6
7
Makefile
7
Makefile
@ -5,7 +5,7 @@ deps:
|
||||
cd frontend && npm install
|
||||
|
||||
up: build
|
||||
( cd frontend && npm run server ) & USER_ID=$(shell id -u) docker-compose up && wait
|
||||
( cd frontend && NODE_ENV=development npm run server ) & USER_ID=$(shell id -u) docker-compose up && wait
|
||||
|
||||
sg:
|
||||
docker-compose exec -u $(shell id -u) super-graph sh
|
||||
@ -17,4 +17,7 @@ down:
|
||||
docker-compose down -v --remove-orphans
|
||||
|
||||
db-shell:
|
||||
docker-compose exec postgres psql -Usupergraph
|
||||
docker-compose exec postgres psql -Usupergraph
|
||||
|
||||
hydra-shell:
|
||||
docker-compose exec hydra /bin/sh
|
@ -28,6 +28,9 @@ Les services suivants devraient être disponibles après démarrage de l'environ
|
||||
|Application React|HTTP (UI)|http://localhost:8081/|Page d'accueil de l'application React (serveur Webpack)|
|
||||
|Interface Web GraphQL|HTTP (UI)|http://localhost:8080/|Interface Web de développement de l'API GraphQL|
|
||||
|Serveur GraphQL|HTTP (GraphQL)|http://localhost:8080/api/v1/graphql|Point d'entrée de l'API GraphQL|
|
||||
|Serveur Hydra|HTTP (ReST)|http://localhost:4444|Point d'entrée pour l'API OAuth2 d'[Hydra](https://www.ory.sh/hydra/docs/)|
|
||||
|Serveur Hydra Passwordless|HTTP|http://localhost:3000|Point d'entrée pour la ["Login/Consent App"](https://www.ory.sh/hydra/docs/implementing-consent) [hydra-passwordless](https://forge.cadoles.com/wpetit/hydra-passwordless)|
|
||||
|Serveur FakeSMTP|HTTP|http://localhost:8082|Interface web du serveur [FakeSMTP](https://forge.cadoles.com/wpetit/fake-smtp)
|
||||
|Serveur PostgreSQL|TCP/IP (PostgreSQL)|`127.0.0.1:5432`|Port de connexion à la base de données PostgreSQL de développement|
|
||||
|
||||
#### Fichiers/répertoires notables
|
||||
@ -46,6 +49,10 @@ Les services suivants devraient être disponibles après démarrage de l'environ
|
||||
|`make down`|Stopper et supprimer l'environnement de développement.|
|
||||
|`make db-shell`|Ouvrir une console `psql` sur la base de données de développement.|
|
||||
|
||||
#### Ressources
|
||||
|
||||
- [Execute an Authorization Code Grant Flow with PKCE](https://auth0.com/docs/api-auth/tutorials/authorization-code-grant-pkce)
|
||||
|
||||
## Licence
|
||||
|
||||
AGPL-3.0
|
||||
|
@ -20,11 +20,69 @@ services:
|
||||
- postgres
|
||||
ports:
|
||||
- 8080:8080
|
||||
|
||||
postgres:
|
||||
image: postgres:12-alpine
|
||||
build:
|
||||
context: ./misc/containers/postgres
|
||||
args:
|
||||
- HTTP_PROXY=${HTTP_PROXY}
|
||||
- HTTPS_PROXY=${HTTPS_PROXY}
|
||||
- http_proxy=${http_proxy}
|
||||
- https_proxy=${https_proxy}
|
||||
environment:
|
||||
- POSTGRES_PASSWORD=daddy
|
||||
- POSTGRES_USER=daddy
|
||||
- POSTGRES_DB=daddy
|
||||
- POSTGRES_PASSWORD=postgres
|
||||
ports:
|
||||
- 5432:5432
|
||||
- 5432:5432
|
||||
volumes:
|
||||
- postgres_data:/var/lib/postgresql/data
|
||||
|
||||
hydra:
|
||||
build:
|
||||
context: ./misc/containers/hydra
|
||||
environment:
|
||||
DSN: postgres://hydra:hydra@postgres:5432/hydra
|
||||
URLS_LOGIN: http://localhost:3000/login
|
||||
URLS_CONSENT: http://localhost:3000/consent
|
||||
URLS_LOGOUT: http://localhost:3000/logout
|
||||
SUPPORTED_SCOPES: email
|
||||
SUPPORTED_CLAIMS: email,email_verified
|
||||
SECRETS_SYSTEM: fAAya66yXNib52lbXpo16bxy1jD4NZrX
|
||||
HYDRA_ADMIN_URL: http://localhost:4445
|
||||
ports:
|
||||
- 4444:4444
|
||||
command: hydra serve all --dangerous-force-http
|
||||
|
||||
hydra-passwordless:
|
||||
image: bornholm/hydra-passwordless
|
||||
ports:
|
||||
- 3000:3000
|
||||
environment:
|
||||
- HTTP_COOKIE_AUTHENTICATION_KEY=XNFEWQwYB9WiVSnkHoFnMtNDL6X88apR4DmDBwh7gVgdJ3LTdLRLwGZAALnVN2yg
|
||||
- HTTP_COOKIE_ENCRYPTION_KEY=xtHEd36Uo4DFeS2JgPPm94fPBfinY3xi
|
||||
- HTTP_TOKEN_AUTHENTICATION_KEY=sGToi4yiP5yWrZzKdKaDA3XNpkcg9CRAaycuhr5gy2XnPKzUS7N6wGEFhMq9WPuf
|
||||
- HTTP_TOKEN_ENCRYPTION_KEY=LAbuEWUeNDCLniRcyjiBCZ8ecgwN9Van
|
||||
- SMTP_HOST=smtp
|
||||
- SMTP_PORT=2525
|
||||
- SMTP_USE_START_TLS=false
|
||||
- SMTP_USER=
|
||||
- SMTP_PASSWORD=
|
||||
- SMTP_INSECURE_SKIP_VERIFY=true
|
||||
- HYDRA_BASE_URL=http://hydra:4445
|
||||
- HYDRA_FAKE_SSL_TERMINATION=false
|
||||
|
||||
smtp:
|
||||
image: bornholm/fake-smtp
|
||||
ports:
|
||||
- 8082:8080
|
||||
- 2525:2525
|
||||
environment:
|
||||
- FAKESMTP_SMTP_ADDRESS=:2525
|
||||
- FAKESMTP_SMTP_DEBUG=true
|
||||
- FAKESMTP_SMTP_USERNAME=
|
||||
- FAKESMTP_SMTP_PASSWORD=
|
||||
- FAKESMTP_SMTP_ALLOWINSECUREAUTH=true
|
||||
volumes:
|
||||
- /etc/localtime:/etc/localtime:ro
|
||||
- /etc/timezone:/etc/timezone:ro
|
||||
volumes:
|
||||
postgres_data:
|
18
misc/containers/hydra/Dockerfile
Normal file
18
misc/containers/hydra/Dockerfile
Normal file
@ -0,0 +1,18 @@
|
||||
FROM oryd/hydra:v1.4.2-alpine
|
||||
|
||||
USER root
|
||||
|
||||
COPY docker-entrypoint.sh /usr/local/bin/docker-entrypoint
|
||||
RUN chmod a+x /usr/local/bin/docker-entrypoint
|
||||
|
||||
COPY first-run.sh /usr/local/bin/docker-first-run
|
||||
RUN chmod a+x /usr/local/bin/docker-first-run
|
||||
|
||||
COPY hydra-init.d /hydra-init.d
|
||||
|
||||
RUN mkdir -p /home/ory && chown -R ory: /home/ory
|
||||
USER ory
|
||||
|
||||
ENTRYPOINT ["/usr/local/bin/docker-entrypoint"]
|
||||
|
||||
CMD ["hydra", "serve", "all"]
|
14
misc/containers/hydra/docker-entrypoint.sh
Normal file
14
misc/containers/hydra/docker-entrypoint.sh
Normal file
@ -0,0 +1,14 @@
|
||||
#!/bin/sh
|
||||
|
||||
set -xeo pipefail
|
||||
|
||||
LIFECYCLEFLAGS_DIR="$HOME/.container-lifecycle"
|
||||
|
||||
mkdir -p "$LIFECYCLEFLAGS_DIR"
|
||||
|
||||
if [ ! -f "$LIFECYCLEFLAGS_DIR/first-run" ]; then
|
||||
/usr/local/bin/docker-first-run
|
||||
touch "$LIFECYCLEFLAGS_DIR/first-run"
|
||||
fi
|
||||
|
||||
exec "$@"
|
8
misc/containers/hydra/first-run.sh
Normal file
8
misc/containers/hydra/first-run.sh
Normal file
@ -0,0 +1,8 @@
|
||||
#!/bin/sh
|
||||
|
||||
hydra migrate sql -e -y
|
||||
|
||||
hydra serve all --dangerous-force-http &
|
||||
HYDRA_PID=$!
|
||||
run-parts --exit-on-error /hydra-init.d
|
||||
kill $HYDRA_PID
|
8
misc/containers/hydra/hydra-init.d/create-client
Executable file
8
misc/containers/hydra/hydra-init.d/create-client
Executable file
@ -0,0 +1,8 @@
|
||||
#!/bin/sh
|
||||
|
||||
hydra clients create \
|
||||
--id daddy \
|
||||
-n Daddy \
|
||||
--secret 'KE9wOXR-~7qCXNKWzw23EpNroq' \
|
||||
-a email,email_verified \
|
||||
-c http://localhost:8081/oauth2/callback
|
3
misc/containers/postgres/Dockerfile
Normal file
3
misc/containers/postgres/Dockerfile
Normal file
@ -0,0 +1,3 @@
|
||||
FROM postgres:12-alpine
|
||||
|
||||
COPY ./initdb.d /docker-entrypoint-initdb.d
|
15
misc/containers/postgres/initdb.d/init-databases.sh
Normal file
15
misc/containers/postgres/initdb.d/init-databases.sh
Normal file
@ -0,0 +1,15 @@
|
||||
#!/bin/bash
|
||||
|
||||
set -e
|
||||
|
||||
psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL
|
||||
CREATE USER hydra WITH ENCRYPTED PASSWORD 'hydra';
|
||||
CREATE DATABASE hydra;
|
||||
GRANT ALL PRIVILEGES ON DATABASE hydra TO hydra;
|
||||
EOSQL
|
||||
|
||||
psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL
|
||||
CREATE USER daddy WITH ENCRYPTED PASSWORD 'daddy';
|
||||
CREATE DATABASE daddy;
|
||||
GRANT ALL PRIVILEGES ON DATABASE daddy TO daddy;
|
||||
EOSQL
|
Loading…
Reference in New Issue
Block a user