Skip to content

Commit

Permalink
feat: add oathkeeper/kratos testing setup and validate auth flow (#10)
Browse files Browse the repository at this point in the history 
* chore: test changes

* chore: poc logout functionality

* chore: changes

* chore: add oathkeeper/kratos for local testing

* chore: change up some things

* chore: remove code

* chore: edit

* chore: refactor, rename, remove unneeded docker args/env

* chore: switch to updated redus-utils
  • Loading branch information
@kleyow
kleyow authored Oct 26, 2021
1 parent fecc632 commit c9acc55
Show file tree
Hide file tree
Showing 23 changed files with 601 additions and 74 deletions.
8 changes: 5 additions & 3 deletions .env
View file
Original file line number Diff line number Diff line change
@@ -1,9 +1,11 @@
REACT_APP_AUTH_ENABLED=true
REACT_APP_AUTH_API_BASE_URL=/api
REACT_APP_AUTH_MOCK_API=true
# Oathkeeper endpoint
REACT_APP_AUTH_API_BASE_URL=http://127.0.0.1:4455/.ory/kratos/public
REACT_APP_AUTH_MOCK_API=false
REACT_APP_REMOTE_API_BASE_URL=/remote
REACT_APP_REMOTE_MOCK_API=true
# Roles Microfrontend
REMOTE_1_URL=http://localhost:3012
# Transfers Microfrontend
REMOTE_2_URL=http://localhost:3013
DEV_PORT=3010
PUBLIC_PATH=http://localhost:3010/
32 changes: 0 additions & 32 deletions Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -68,39 +68,7 @@ RUN chmod +x /usr/share/nginx/html/createJSONConfig.sh
RUN chmod +x /usr/share/nginx/html/createRemoteConfig.sh
RUN chmod +x /usr/share/nginx/html/loadRuntimeConfig.sh

# Provide environment variables for setting endpoints dynamically
ARG REMOTE_API_BASE_URL
ENV REMOTE_API_BASE_URL=$REMOTE_API_BASE_URL

ARG REMOTE_MOCK_API
ENV REMOTE_MOCK_API=$REMOTE_MOCK_API

ARG AUTH_API_BASE_URL
ENV AUTH_API_BASE_URL=$AUTH_API_BASE_URL

ARG AUTH_MOCK_API
ENV AUTH_MOCK_API=$AUTH_MOCK_API

ARG AUTH_ENABLED
ENV AUTH_ENABLED=$AUTH_ENABLED

ARG LOGIN_URL
ENV LOGIN_URL=$LOGIN_URL

ARG LOGOUT_URL
ENV LOGOUT_URL=$LOGOUT_URL

ARG AUTH_TOKEN_ENDPOINT
ENV AUTH_TOKEN_ENDPOINT=$AUTH_TOKEN_ENDPOINT

ARG REMOTE_1_URL
ENV REMOTE_1_URL=$REMOTE_1_URL

ARG REMOTE_2_URL
ENV REMOTE_2_URL=$REMOTE_2_URL

USER appuser

EXPOSE 8080
ENTRYPOINT ["/usr/share/nginx/html/entrypoint.sh"]
CMD ["sh", "/usr/share/nginx/start.sh"]
Expand Down
123 changes: 114 additions & 9 deletions docker-compose.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,26 +1,27 @@
version: "3.7"

# docker-compose --profile ory --profile shell up
version: '3.7'
networks:
mojaloop-net:
name: mojaloop-net

services:
reporting-hub-bop-shell:
profiles: ["shell"]
container_name: reporting-hub-bop-shell
image: mojaloop/reporting-hub-bop-shell
build:
context: .
cache_from:
- mojaloop/reporting-hub-bop-shell
environment:
# - AUTH_API_BASE_URL=/api
- AUTH_MOCK_API=false
- REMOTE_API_BASE_URL=/remote
- REMOTE_MOCK_API=true
- LOGIN_URL=http://127.0.0.1:4433/self-service/login/browser
- LOGOUT_URL=http://127.0.0.1:4433/self-service/logout
- LOGIN_URL=http://127.0.0.1:4455/.ory/kratos/public/self-service/login
- LOGOUT_URL=http://127.0.0.1:4455/.ory/kratos/public/self-service/logout/browser
- AUTH_TOKEN_URL=http://127.0.0.1:4455/.ory/kratos/public/sessions/whoami
- AUTH_ENABLED=true
- AUTH_TOKEN_ENDPOINT=http://127.0.0.1:4433/sessions/whoami
- AUTH_API_BASE_URL=/
- AUTH_MOCK_API=false
- REMOTE_API_BASE_URL=/
- REMOTE_MOCK_API=false
- REMOTE_1_URL=http://localhost:8081
- REMOTE_2_URL=http://localhost:8082
ports:
Expand All @@ -32,3 +33,107 @@ services:
timeout: 20s
retries: 30
interval: 15s
psql:
profiles: ["ory"]
image: 'postgres:13.2'
restart: unless-stopped
environment:
POSTGRES_USER: ory-user
POSTGRES_PASSWORD: ory-pass
POSTGRES_DB: ory-data
ports:
- '5432:5432'
networks:
- mojaloop-net
kratos-migrate:
profiles: ["ory"]
depends_on:
- psql
image: 'oryd/kratos:v0.7.1-alpha.1'
restart: on-failure
command: migrate -c /etc/config/kratos/kratos.yml sql -e --yes
environment:
DSN: >-
postgres://ory-user:ory-pass@psql:5432/ory-data?sslmode=disable&max_conns=20&max_idle_conns=4
LOG_LEVEL: debug
volumes:
- type: bind
source: ./docker/kratos
target: /etc/config/kratos
networks:
- mojaloop-net
kratos:
profiles: ["ory"]
depends_on:
- kratos-migrate
image: 'oryd/kratos:v0.7.1-alpha.1'
restart: unless-stopped
command: serve -c /etc/config/kratos/kratos.yml --dev
environment:
DSN: >-
postgres://ory-user:ory-pass@psql:5432/ory-data?sslmode=disable&max_conns=20&max_idle_conns=4
LOG_LEVEL: trace
SERVE_PUBLIC_BASE_URL: 'http://127.0.0.1:4455/.ory/kratos/public/'
volumes:
- type: bind
source: ./docker/kratos
target: /etc/config/kratos
ports:
- '4433:4433'
- '4434:4434'
networks:
- mojaloop-net
kratos-selfservice-ui-node:
profiles: ["ory"]
depends_on:
- kratos
image: 'oryd/kratos-selfservice-ui-node:v0.7.1-alpha.1'
environment:
- 'JWKS_URL=http://oathkeeper:4456/.well-known/jwks.json'
- 'KRATOS_PUBLIC_URL=http://kratos:4433/'
- 'KRATOS_ADMIN_URL=http://kratos:4434/'
- 'KRATOS_BROWSER_URL=http://127.0.0.1:4455/.ory/kratos/public'
- PORT=4435
- SECURITY_MODE=jwks
networks:
- mojaloop-net
mailslurper:
profiles: ["ory"]
image: 'oryd/mailslurper:latest-smtps'
ports:
- '4436:4436'
- '4437:4437'
networks:
- mojaloop-net
oathkeeper:
profiles: ["ory"]
depends_on:
- psql
image: 'oryd/oathkeeper:v0.38.14-beta.1'
restart: unless-stopped
command: serve --config=/etc/config/oathkeeper/oathkeeper.yml
environment:
LOG_LEVEL: debug
LOG_LEAK_SENSITIVE_VALUES: 'true'
TRACING_PROVIDER: jaeger
TRACING_SERVICE_NAME: Oathkeeper
TRACING_PROVIDER_JAEGER_SAMPLING_SERVER_URL: 'http://jaeger:5778/sampling'
TRACING_PROVIDER_JAEGER_LOCAL_AGENT_ADDRESS: 'jaeger:6831'
TRACING_PROVIDER_JAEGER_SAMPLING_TYPE: const
TRACING_PROVIDER_JAEGER_SAMPLING_VALUE: 1
volumes:
- type: bind
source: ./docker/oathkeeper
target: /etc/config/oathkeeper
ports:
- '4455:4455'
- '4456:4456'
networks:
- mojaloop-net
jaeger:
profiles: ["ory"]
image: jaegertracing/all-in-one:1.22
ports:
- 16686:16686
networks:
- mojaloop-net
4 changes: 2 additions & 2 deletions docker/createJSONConfig.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,9 +7,9 @@ echo "{
\"REMOTE_API_BASE_URL\": \"${REMOTE_API_BASE_URL}\",
\"REMOTE_MOCK_API\": \"${REMOTE_MOCK_API}\",
\"AUTH_ENABLED\": \"${AUTH_ENABLED}\",
\"AUTH_TOKEN_ENDPOINT\": \"${AUTH_TOKEN_ENDPOINT}\",
\"LOGIN_URL\": \"${LOGIN_URL}\",
\"LOGOUT_URL\": \"${LOGOUT_URL}\"
\"LOGOUT_URL\": \"${LOGOUT_URL}\",
\"AUTH_TOKEN_URL\": \"${AUTH_TOKEN_URL}\"
}" | jq '.' > /usr/share/nginx/html/config.json

# This will exec the CMD from your Dockerfile, i.e. "npm start"
Expand Down
48 changes: 48 additions & 0 deletions docker/kratos/identity.schema.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,48 @@
{
"$id": "https://schemas.ory.sh/presets/kratos/quickstart/email-password/identity.schema.json",
"$schema": "http://json-schema.org/draft-07/schema#",
"title": "Person",
"type": "object",
"properties": {
"traits": {
"type": "object",
"properties": {
"email": {
"type": "string",
"format": "email",
"title": "E-Mail",
"minLength": 3,
"ory.sh/kratos": {
"credentials": {
"password": {
"identifier": true
}
},
"verification": {
"via": "email"
},
"recovery": {
"via": "email"
}
}
},
"name": {
"type": "object",
"properties": {
"first": {
"type": "string"
},
"last": {
"type": "string"
}
}
}
},
"required": [
"email"
],
"additionalProperties": false
}
}
}

101 changes: 101 additions & 0 deletions docker/kratos/kratos.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,101 @@
courier:
smtp:
connection_uri: smtps://test:test@mailslurper:1025/?skip_ssl_verify=true

hashers:
algorithm: bcrypt
bcrypt:
cost: 12

identity:
default_schema_url: file:///etc/config/kratos/identity.schema.json

log:
level: debug
format: text
leak_sensitive_values: true

secrets:
cookie:
- PLEASE-CHANGE-ME-I-AM-VERY-INSECURE

selfservice:
default_browser_return_url: http://127.0.0.1:4455/
# Important to configure!
whitelisted_return_urls:
- http://127.0.0.1:4455
- http://127.0.0.1:3010
- http://localhost:3010
- http://127.0.0.1:8080
- http://localhost:8080
methods:
password:
enabled: true
flows:
error:
ui_url: http://127.0.0.1:4455/error
settings:
ui_url: http://127.0.0.1:4455/settings
privileged_session_max_age: 15m
recovery:
enabled: true
ui_url: http://127.0.0.1:4455/recovery
verification:
enabled: true
ui_url: http://127.0.0.1:4455/verify
after:
default_browser_return_url: http://127.0.0.1:4455/
logout:
after:
default_browser_return_url: http://127.0.0.1:4455/auth/login
login:
ui_url: http://127.0.0.1:4455/auth/login
after:
# Important to configure!
default_browser_return_url: http://127.0.0.1:8080
lifespan: 10m
registration:
lifespan: 10m
ui_url: http://127.0.0.1:4455/auth/registration
after:
password:
hooks:
- hook: session

serve:
public:
base_url: http://127.0.0.1:4433/
cors:
# Important to configure!
allowed_origins:
- http://127.0.0.1:3010
- http://localhost:3010
- http://127.0.0.1:8080
- http://localhost:8080
- http://127.0.0.1:4455
allowed_methods:
- POST
- GET
- PUT
- PATCH
- DELETE
allowed_headers:
- Authorization
- Cookie
- Content-Type
- X-Session-Token
exposed_headers:
- Content-Type
- Set-Cookie
allow_credentials: true
options_passthrough: false
debug: true
enabled: true
host: "0.0.0.0"
port: 4433
admin:
base_url: http://kratos:4434/
host: "0.0.0.0"
port: 4434

sqa-opt-out: false
Empty file added docker/oathkeeper/jwks.json
View file
Empty file.
Loading

0 comments on commit c9acc55

Please sign in to comment.