-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
alternative login button, all localhost urls to 127.0.0.1 and update …
…the schemas and configs
- Loading branch information
1 parent
d563354
commit 6839d47
Showing
7 changed files
with
278 additions
and
57 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -6,10 +6,15 @@ services: | |
| # Management Portal # | ||
| #---------------------------------------------------------------------------# | ||
| managementportal: | ||
| image: radarbase/management-portal:2.0.0 | ||
| # image: radarbase/management-portal:2.0.0 | ||
| image: managementportal | ||
| depends_on: | ||
| - mp-postgresql | ||
| environment: | ||
| MANAGEMENTPORTAL_IDENTITYSERVER_SERVERURL: http://kratos | ||
| MANAGEMENTPORTAL_IDENTITYSERVER_ADMINEMAIL: [email protected] | ||
| MANAGEMENTPORTAL_OAUTH_REQUIREAAL2: false | ||
| SPRING_LIQUIBASE_CONTEXTS: dev #includes testing_data, remove for production builds | ||
| SPRING_PROFILES_ACTIVE: prod | ||
| SPRING_DATASOURCE_URL: jdbc:postgresql://mp-postgresql:5432/managementportal | ||
| SPRING_DATASOURCE_USERNAME: radarcns | ||
|
|
@@ -21,7 +26,7 @@ services: | |
| MANAGEMENTPORTAL_CATALOGUE_SERVER_ENABLE_AUTO_IMPORT: 'false' | ||
| MANAGEMENTPORTAL_OAUTH_SIGNING_KEY_ALIAS: 'radarbase-managementportal-ec' | ||
| SERVER_SERVLET_SESSION_COOKIE_SECURE: "false" | ||
| JAVA_OPTS: -Xmx256m # maximum heap size for the JVM running ManagementPortal, increase this as necessary | ||
| JAVA_OPTS: -Xmx512m # maximum heap size for the JVM running ManagementPortal, increase this as necessary | ||
| volumes: | ||
| - ./etc/mp-config/:/mp-includes/config | ||
| labels: | ||
|
|
@@ -70,7 +75,10 @@ services: | |
| app-config-frontend: | ||
| build: | ||
| context: radar-app-config-frontend | ||
| image: radarbase/radar-app-config-frontend:dev | ||
| # image: radarbase/radar-app-config-frontend:dev | ||
| environment: | ||
| - AUTH_URL=http://127.0.0.1:8080/managementportal/oauth | ||
| - AUTH_CALLBACK_URL=http://127.0.0.1:8080/appconfig/login | ||
| depends_on: | ||
| - app-config | ||
| labels: | ||
|
|
@@ -84,3 +92,64 @@ services: | |
| command: --api.insecure=true --providers.docker | ||
| ports: | ||
| - "8080:80" | ||
|
|
||
| ## ORY | ||
|
|
||
| # Kratos | ||
| kratos-selfservice-ui-node: | ||
| image: | ||
| oryd/kratos-selfservice-ui-node | ||
| environment: | ||
| - LOG_LEAK_SENSITIVE_VALUES=true | ||
| - KRATOS_PUBLIC_URL=http://kratos:4433 | ||
| - KRATOS_ADMIN_URL=http://kratos:4434 | ||
| - SECURITY_MODE=standalone | ||
| - KRATOS_BROWSER_URL=http://127.0.0.1:4433 | ||
| - COOKIE_SECRET=unsafe_cookie_secret | ||
| - CSRF_COOKIE_NAME=radar | ||
| - CSRF_COOKIE_SECRET=unsafe_csrf_cookie_secret | ||
| ports: | ||
| - "3000:3000" | ||
| volumes: | ||
| - /tmp/ui-node/logs:/root/.npm/_logs | ||
|
|
||
| kratos: | ||
| depends_on: | ||
| - kratos-migrate | ||
| image: oryd/kratos:v1.0.0 | ||
| ports: | ||
| - "4433:4433" # public | ||
| - "4434:4434" # admin, should be closed in production | ||
| restart: unless-stopped | ||
| environment: | ||
| - DSN=postgres://kratos:secret@postgresd-kratos/kratos?sslmode=disable&max_conns=20&max_idle_conns=4 | ||
| command: serve -c /etc/config/kratos/kratos.yml --dev --watch-courier | ||
| volumes: | ||
| - type: bind | ||
| source: ./etc/mp-config/kratos | ||
| target: /etc/config/kratos | ||
|
|
||
| kratos-migrate: | ||
| image: | ||
| oryd/kratos:v1.0.0 | ||
| environment: | ||
| - DSN=postgres://kratos:secret@postgresd-kratos/kratos?sslmode=disable&max_conns=20&max_idle_conns=4 | ||
| volumes: | ||
| - type: bind | ||
| source: ./etc/mp-config/kratos | ||
| target: /etc/config/kratos | ||
| command: -c /etc/config/kratos/kratos.yml migrate sql -e --yes | ||
| restart: on-failure | ||
|
|
||
| postgresd-kratos: | ||
| image: postgres:11.8 | ||
| environment: | ||
| - POSTGRES_USER=kratos | ||
| - POSTGRES_PASSWORD=secret | ||
| - POSTGRES_DB=kratos | ||
|
|
||
| mailslurper: | ||
| image: oryd/mailslurper:latest-smtps | ||
| ports: | ||
| - "4436:4436" | ||
| - "4437:4437" | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,37 @@ | ||
| { | ||
| "$schema": "http://json-schema.org/draft-07/schema#", | ||
| "$id": "user", | ||
| "title": "user", | ||
| "type": "object", | ||
| "properties": { | ||
| "traits": { | ||
| "type": "object", | ||
| "properties": { | ||
| "email": { | ||
| "type": "string", | ||
| "format": "email", | ||
| "title": "E-Mail", | ||
| "minLength": 5, | ||
| "ory.sh/kratos": { | ||
| "credentials": { | ||
| "password": { | ||
| "identifier": true | ||
| }, | ||
| "totp": { | ||
| "account_name": true | ||
| } | ||
| }, | ||
| "verification": { | ||
| "via": "email" | ||
| }, | ||
| "recovery": { | ||
| "via": "email" | ||
| } | ||
| } | ||
| } | ||
| }, | ||
| "required": ["email"] | ||
| } | ||
| }, | ||
| "additionalProperties": false | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,107 @@ | ||
| dsn: memory | ||
|
|
||
|
|
||
|
|
||
|
|
||
| serve: | ||
| public: | ||
| base_url: http://127.0.0.1:4433/ | ||
| cors: | ||
| enabled: true | ||
| admin: | ||
| base_url: http://kratos:4434/ | ||
|
|
||
| selfservice: | ||
| default_browser_return_url: http://127.0.0.1:3000/ | ||
| allowed_return_urls: | ||
| - http://127.0.0.1:3000/ | ||
| - http://127.0.0.1:8081/ | ||
| - http://127.0.0.1:8080/ | ||
|
|
||
| methods: | ||
| password: | ||
| enabled: true | ||
| oidc: | ||
| config: | ||
| providers: | ||
| # social sign-in for google. This needs to be tied to a google account. values below were added by bastiaan | ||
| - id: google_d292689d # this is `<provider-id>` in the Authorization callback URL. DO NOT CHANGE IT ONCE SET! current google callback: http://127.0.0.1:4433/self-service/methods/oidc/callback/google_d292689d | ||
| provider: google | ||
| client_id: 922854293804-r3fhl9tom6uutcq5c8fm4592l1t6s3mh.apps.googleusercontent.com # Replace this with the Client ID | ||
| client_secret: # Replace this with the Client secret | ||
| issuer_url: https://accounts.google.com # Replace this with the providers issuer URL | ||
| mapper_url: "base64://bG9jYWwgY2xhaW1zID0gewogIGVtYWlsX3ZlcmlmaWVkOiBmYWxzZSwKfSArIHN0ZC5leHRWYXIoJ2NsYWltcycpOwoKewogIGlkZW50aXR5OiB7CiAgICB0cmFpdHM6IHsKICAgICAgW2lmICdlbWFpbCcgaW4gY2xhaW1zICYmIGNsYWltcy5lbWFpbF92ZXJpZmllZCB0aGVuICdlbWFpbCcgZWxzZSBudWxsXTogY2xhaW1zLmVtYWlsLAogICAgfSwKICB9LAp9" | ||
| # currently: GitHub example from: https://www.ory.sh/docs/kratos/social-signin/data-mapping | ||
| # Alternatively, use an URL: | ||
| # mapper_url: https://storage.googleapis.com/abc-cde-prd/9cac9717f007808bf17 | ||
| scope: | ||
| # supported scopes can be found in your providers dev docs | ||
| enabled: true | ||
| totp: | ||
| config: | ||
| issuer: Kratos | ||
| enabled: true | ||
| link: | ||
| enabled: true | ||
|
|
||
| flows: | ||
| error: | ||
| ui_url: http://127.0.0.1:3000/error | ||
|
|
||
| settings: | ||
| ui_url: http://127.0.0.1:3000/settings | ||
|
|
||
| recovery: | ||
| enabled: true | ||
| ui_url: http://127.0.0.1:3000/recovery | ||
| use: link | ||
|
|
||
| verification: | ||
| # our current flow necessitates that users reset their password after they activate an account in managementportal, | ||
| # this works as verification | ||
| ui_url: http://127.0.0.1:3000/verification | ||
| enabled: true | ||
| use: link | ||
| after: | ||
| default_browser_return_url: http://127.0.0.1:3000 | ||
|
|
||
| logout: | ||
| after: | ||
| default_browser_return_url: http://127.0.0.1:3000/login | ||
|
|
||
| login: | ||
| ui_url: http://127.0.0.1:3000/login | ||
|
|
||
| registration: | ||
| ui_url: http://127.0.0.1:3000/registration | ||
| after: | ||
| password: | ||
| hooks: | ||
| - hook: session | ||
| oidc: | ||
| hooks: | ||
| - hook: session | ||
|
|
||
| log: | ||
| level: debug | ||
| format: text | ||
|
|
||
| hashers: | ||
| argon2: | ||
| parallelism: 1 | ||
| memory: 128KB | ||
| iterations: 2 | ||
| salt_length: 16 | ||
| key_length: 16 | ||
|
|
||
| identity: | ||
| default_schema_id: user | ||
| schemas: | ||
| - id: user | ||
| url: file:///etc/config/kratos/identities/identity.schema.user.json | ||
|
|
||
| courier: | ||
| smtp: | ||
| connection_uri: smtps://test:test@mailslurper:1025/?skip_ssl_verify=true&disable_starttls=true | ||
| from_address: [email protected] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,5 +1,5 @@ | ||
| client_id;resource_ids;client_secret;scope;authorized_grant_types;redirect_uri;authorities;access_token_validity;refresh_token_validity;additional_information;autoapprove | ||
| pRMT;res_ManagementPortal,res_gateway;;MEASUREMENT.CREATE,SUBJECT.UPDATE,SUBJECT.READ,PROJECT.READ,SOURCETYPE.READ,SOURCE.READ,SOURCETYPE.READ,SOURCEDATA.READ,USER.READ,ROLE.READ;refresh_token,authorization_code;;;43200;7948800;{"dynamic_registration": true}; | ||
| appconfig;res_ManagementPortal,res_appconfig;test;SOURCETYPE.READ,MEASUREMENT.CREATE,PROJECT.READ,SUBJECT.READ,OAUTHCLIENTS.READ;client_credentials;;;3600;78000;; | ||
| appconfig_frontend;res_appconfig;;SOURCETYPE.READ,MEASUREMENT.CREATE,PROJECT.READ,PROJECT.CREATE,PROJECT.UPDATE,SUBJECT.READ,SUBJECT.UPDATE,OAUTHCLIENTS.READ;authorization_code,refresh_token;http://localhost:8080/appconfig/login,http://localhost:4200/login;;3600;78000;; | ||
| appconfig_frontend;res_appconfig;;SOURCETYPE.READ,MEASUREMENT.CREATE,PROJECT.READ,PROJECT.CREATE,PROJECT.UPDATE,SUBJECT.READ,SUBJECT.UPDATE,OAUTHCLIENTS.READ;authorization_code,refresh_token;http://localhost:8080/appconfig/login,http://127.0.0.1:8080/appconfig/login,http://localhost:4200/login;;3600;78000;; | ||
| appconfig_cli;res_appconfig;test;SOURCETYPE.READ,MEASUREMENT.CREATE,PROJECT.READ,SUBJECT.READ,OAUTHCLIENTS.READ,PROJECT.UPDATE,PROJECT.CREATE;password;;;3600;78000;; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters