From 4d17cee46cc8f0f254d49bbc033417da5bb871cc Mon Sep 17 00:00:00 2001 From: Aleksander Cynarski Date: Wed, 14 Oct 2020 20:55:43 +0200 Subject: [PATCH] =?UTF-8?q?Wst=C4=99pna=20implementacja=20JWT=20-=20tak=20?= =?UTF-8?q?tego=20nie=20r=C3=B3b!?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .gitignore | 1 + README.md | 6 ++++++ docker-compose.yml | 37 +++++++++++++++++++++++++++++++++++++ krakend/krakend.json | 17 +++++++++++++++++ 4 files changed, 61 insertions(+) create mode 100644 .gitignore diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..4c49bd7 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.env diff --git a/README.md b/README.md index 9935d1b..6acf0e5 100644 --- a/README.md +++ b/README.md @@ -9,3 +9,9 @@ Całość oparta do docker. Proste zmokowane api oraz krakend config-watcher (restertujący usługę po zmianie pliku konfiguracyjnego). Fajny patent wykorzystujący [Reflex](https://github.com/cespare/reflex). +- etap2 (JWT) + +Tutaj już będzie deko więcej roboty. + + + diff --git a/docker-compose.yml b/docker-compose.yml index 53ac580..c9d4354 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -13,6 +13,43 @@ services: - ./api-mocks:/opt/lwan/wwwroot ports: - "8000:8080" + + hydra-migrate: + image: oryd/hydra:v1.8.5 + environment: + - DSN=postgres://hydra:secret@postgres:5432/hydra?sslmode=disable&max_conns=20&max_idle_conns=4 + command: + migrate sql -e --yes + restart: on-failure + + hydra: + image: oryd/hydra:v1.8.5 + ports: + - "4444:4444" # Public port + - "4445:4445" # Admin port + - "5555:5555" # Port for hydra token user + command: + serve all --dangerous-force-http + environment: + - TRACING_PROVIDER=jaeger + - TRACING_PROVIDERS_JAEGER_SAMPLING_SERVER_URL=http://jaeger:5778/sampling + - TRACING_PROVIDERS_JAEGER_LOCAL_AGENT_ADDRESS=jaeger:6831 + - TRACING_PROVIDERS_JAEGER_SAMPLING_TYPE=const + - TRACING_PROVIDERS_JAEGER_SAMPLING_VALUE=1 + - URLS_SELF_ISSUER=http://127.0.0.1:4444 + - URLS_CONSENT=http://127.0.0.1:3000/consent + - URLS_LOGIN=http://127.0.0.1:3000/login + - URLS_LOGOUT=http://127.0.0.1:3000/logout + - DSN=memory + - STRATEGIES_ACCESS_TOKEN=jwt + - SECRETS_SYSTEM=dUjs9EV7BuyXUcckKBVrYOdacsggIkna + - OIDC_SUBJECT_IDENTIFIERS_SUPPORTED_TYPES=public + - OIDC_SUBJECT_IDENTIFIERS_PAIRWISE_SALT=dUjs9EV7BuyXUcckKBVrYOdacsggIkna + - SERVE_COOKIES_SAME_SITE_MODE=Lax + - DSN=postgres://hydra:secret@postgres:5432/hydra?sslmode=disable&max_conns=20&max_idle_conns=4 + restart: unless-stopped + depends_on: + - hydra-migrate kraken: image: devopsfaith/krakend:config-watcher diff --git a/krakend/krakend.json b/krakend/krakend.json index 71963a8..db0294f 100644 --- a/krakend/krakend.json +++ b/krakend/krakend.json @@ -73,6 +73,23 @@ "sequential": true } } + }, + { + "endpoint": "/jwt_access", + "backend": [ + { + "url_pattern": "/users/1.json" + } + ], + "extra_config": { + "github.com/devopsfaith/krakend-jose/validator": { + "alg": "RS256", + "issuer": "http://127.0.0.1:4444/", + "jwk-url": "http://hydra:4444/.well-known/jwks.json", + "disable_jwk_security": true + } + } } ] } + \ No newline at end of file