From 3c3dba768e3db56997169c8222dfbebe88d9ac82 Mon Sep 17 00:00:00 2001 From: rudy Date: Mon, 22 Sep 2025 15:16:05 +0200 Subject: [PATCH] =?UTF-8?q?impl=C3=A9mentaiton=20hydra-dispatcher?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .env | 6 +-- compose.yml | 62 +++++++++++++++------- misc/compose/dispatcher/example.yml | 33 ++++++++++++ src/Controller/MainController.php | 2 +- src/Security/SQLLoginUserAuthenticator.php | 6 +-- 5 files changed, 84 insertions(+), 25 deletions(-) create mode 100644 misc/compose/dispatcher/example.yml diff --git a/.env b/.env index 0c016c0..2e166ff 100644 --- a/.env +++ b/.env @@ -25,7 +25,7 @@ DB_USER="lasql" DB_PASSWORD="lasql" ISSUER_URL="http://localhost:8000" -BASE_URL='http://localhost:8080' +BASE_URL='http://localhost:8083' # connexion hydra HYDRA_ADMIN_BASE_URL='http://hydra:4445' APP_LOCALES="fr,en" @@ -43,7 +43,7 @@ ALTCHA_DEBUG=false ALTCHA_WORKERS=8 ALTCHA_DELAY=100 ALTCHA_MOCK_ERROR=false -ALTCHA_ENABLED=true +ALTCHA_ENABLED=false ENABLED_2FA=true -URL_2FA=http://localhost:8070/2fa \ No newline at end of file +URL_2FA=http://localhost:8084/2fa \ No newline at end of file diff --git a/compose.yml b/compose.yml index 6aad46e..4b4e975 100644 --- a/compose.yml +++ b/compose.yml @@ -1,4 +1,26 @@ services: + hydra-dispatcher: + image: reg.cadoles.com/cadoles/hydra-dispatcher-standalone:2025.9.2-develop.1152.3cd1c49 + ports: + - 8082:80 + environment: + - APP_ENV=prod + - APP_DEBUG=false + - PHP_FPM_MEMORY_LIMIT=256m + - CADDY_HTTP_PORT=80 + - HYDRA_ADMIN_BASE_URL=http://hydra:4445 + - HYDRA_BASE_URL=http://hydra:4444 + - HYDRA_REWRITE_ISSUER=yes + - HYDRA_ORIGINAL_ISSUER=http://localhost:8081 + - HYDRA_NEW_ISSUER=http://localhost:8082 + - DEFAULT_LOCALE=fr + - DISABLE_APP_AUTO_SELECT=false + - APP_LOCALES=fr,en + - HYDRA_ADMIN_AUTHORIZED_HOSTS=10.0.0.0/8,172.16.0.0/12,172.19.0.0/12,192.168.0.0/16 + - REDIS_DSN=redis://redis:6379 + - TRUSTED_PROXIES=REMOTE_ADDR + volumes: + - ./misc/compose/dispatcher/:/app/config/hydra/ hydra-sql: build: context: . @@ -12,7 +34,7 @@ services: - http_proxy=${http_proxy} - https_proxy=${https_proxy} ports: - - 8082:8071 + - 8083:8071 tmpfs: - /var/www/var/logs:uid=${FIXUID:-1000},gid=${FIXGID:-1000} - /var/www/var/cache:uid=${FIXUID:-1000},gid=${FIXGID:-1000} @@ -22,6 +44,7 @@ services: - hydra depends_on: - redis + - hydra-dispatcher extra_hosts: - "localhost:127.0.0.1" - "localhost:host-gateway" @@ -48,10 +71,10 @@ services: - APP_ENV=dev - PHP_FPM_MEMORY_LIMIT=128m - APP_LOCALES=fr,en - - HYDRA_ADMIN_BASE_URL=http://hydra:4445 + - HYDRA_ADMIN_BASE_URL=http://hydra-dispatcher - TRUSTED_PROXIES=127.0.0.1,REMOTE_ADDR,localhost - ISSUER_URL=http://localhost:8000 - - BASE_URL=http://localhost:8082 + - BASE_URL=http://localhost:8083 - DB_USER=lasql - DB_PASSWORD=lasql - DEFAULT_LOCALE=fr @@ -59,6 +82,8 @@ services: - HASH_ALGO_LEGACY="sha256" - SECURITY_PATTERN=password,salt,pepper - CADDY_HTTP_PORT=8071 + - ENABLED_2FA=true + - URL_2FA=http://localhost:8084/2fa oidc-test: image: bornholm/oidc-test:v0.0.0-1-g936a77e environment: @@ -84,8 +109,8 @@ services: - HYDRA_ALLOW_INSECURE=yes - HYDRA_URLS_SELF_ISSUER=http://localhost:8081/ - HYDRA_URLS_LOGOUT=http://localhost:8082/logout - - HYDRA_URLS_LOGIN=http://localhost:8082/ - - HYDRA_URLS_CONSENT=http://localhost:8082/connect/consent + - HYDRA_URLS_LOGIN=http://localhost:8082/login + - HYDRA_URLS_CONSENT=http://localhost:8082/consent - HYDRA_URLS_ERROR=http://localhost:8082/error - HYDRA_LEVEL=debug - HYDRA_DSN=postgres://lasql:lasql@postgres:5432/hydra @@ -103,7 +128,7 @@ services: "wget", "--spider", "-q", - "http://127.0.0.1:4444/.well-known/openid-configuration", + "http://localhost:4444/.well-known/openid-configuration", ] interval: 10s timeout: 10s @@ -166,20 +191,21 @@ services: environment: - APP_ENV=dev - APP_DEBUG=1 # Pour mode debug en dev + - CADDY_GLOBAL_OPTIONS=debug # Activer le mode debug ports: - - "8070:80" # Mappe le port 80 du conteneur sur 8081 de l'hôte + - "8084:80" # Mappe le port 80 du conteneur sur 8081 de l'hôte depends_on: - - postgres # Si tu utilises la DB partagée - pgweb: - container_name: pgweb - restart: always - image: sosedoff/pgweb - ports: - - "8095:8081" - environment: - - PGWEB_DATABASE_URL=postgres://lasql:lasql@postgres:5432/lasql?sslmode=disable - depends_on: - - postgres + - postgres # Si tu utilises la DB partagée + # pgweb: + # container_name: pgweb + # restart: always + # image: sosedoff/pgweb + # ports: + # - "8085:8081" + # environment: + # - PGWEB_DATABASE_URL=postgres://lasql:lasql@postgres:5432/lasql?sslmode=disable + # depends_on: + # - postgres volumes: postgres: mariadb: diff --git a/misc/compose/dispatcher/example.yml b/misc/compose/dispatcher/example.yml new file mode 100644 index 0000000..b6ef191 --- /dev/null +++ b/misc/compose/dispatcher/example.yml @@ -0,0 +1,33 @@ +hydra: + apps: + - id: hydra-sql + title: + fr: Hydra Sql + en: Hydra Sql En + description: + fr: Authentification via adresse courriel + en: Authentication by email address + icon_url: http://placehold.jp/84x123.png + login_url: http://localhost:8083/login + consent_url: http://localhost:8083/consent + options: + text_libre: + fr: "Connexion avec mot de passe" + en: "Login with password" + logout_url: http://localhost:8083/logout + attributes_rewrite_configuration: + mail: + replace: email + rules: + - "property_exists(consent.session.id_token, 'email') ? consent.session.id_token.email : null" + webhook: + enabled: false + api_url: http://hydra-dispatcher/test + api_key: ~ + api_method: POST + webhook_post_login: + enabled: false + api_url: http://hydra-dispatcher/test + api_key: ~ + api_method: POST + connected_user_redirect_url: '/' \ No newline at end of file diff --git a/src/Controller/MainController.php b/src/Controller/MainController.php index 2a692db..c0c44df 100644 --- a/src/Controller/MainController.php +++ b/src/Controller/MainController.php @@ -75,7 +75,7 @@ class MainController extends AbstractController } #[Route('/connect/consent', name: 'app_consent')] - public function consent(Request $request): RedirectResponse + public function consent(Request $request): Response { return $this->hydra->handleConsentRequest($request); } diff --git a/src/Security/SQLLoginUserAuthenticator.php b/src/Security/SQLLoginUserAuthenticator.php index d3ff9e0..db03f05 100644 --- a/src/Security/SQLLoginUserAuthenticator.php +++ b/src/Security/SQLLoginUserAuthenticator.php @@ -32,7 +32,7 @@ class SQLLoginUserAuthenticator extends AbstractLoginFormAuthenticator private readonly SQLLoginService $sqlLoginService, private readonly PasswordEncoder $passwordHasher, private readonly SQLLoginRequest $sqlLoginRequest - ){ + ) { } /** @@ -101,10 +101,10 @@ class SQLLoginUserAuthenticator extends AbstractLoginFormAuthenticator if ($user->getLogin() !== $userIdentifier) { throw new UserNotFoundException(sprintf('User "%s" not found.', $userIdentifier)); } - + return $user; }; - + $passport = new SelfValidatingPassport(new UserBadge($login, $loader)); $passport->setAttribute('attributes', $user->getAttributes());