Wstępna implementacja JWT - tak tego nie rób!

This commit is contained in:
Aleksander Cynarski 2020-10-14 20:55:43 +02:00
parent 6655736a69
commit 4d17cee46c
4 changed files with 61 additions and 0 deletions

1
.gitignore vendored Normal file
View File

@ -0,0 +1 @@
.env

View File

@ -9,3 +9,9 @@ Całość oparta do docker.
Proste zmokowane api oraz krakend config-watcher (restertujący usługę po zmianie pliku konfiguracyjnego). Fajny patent wykorzystujący [Reflex](https://github.com/cespare/reflex). Proste zmokowane api oraz krakend config-watcher (restertujący usługę po zmianie pliku konfiguracyjnego). Fajny patent wykorzystujący [Reflex](https://github.com/cespare/reflex).
- etap2 (JWT)
Tutaj już będzie deko więcej roboty.

View File

@ -14,6 +14,43 @@ services:
ports: ports:
- "8000:8080" - "8000:8080"
hydra-migrate:
image: oryd/hydra:v1.8.5
environment:
- DSN=postgres://hydra:secret@postgres:5432/hydra?sslmode=disable&max_conns=20&max_idle_conns=4
command:
migrate sql -e --yes
restart: on-failure
hydra:
image: oryd/hydra:v1.8.5
ports:
- "4444:4444" # Public port
- "4445:4445" # Admin port
- "5555:5555" # Port for hydra token user
command:
serve all --dangerous-force-http
environment:
- TRACING_PROVIDER=jaeger
- TRACING_PROVIDERS_JAEGER_SAMPLING_SERVER_URL=http://jaeger:5778/sampling
- TRACING_PROVIDERS_JAEGER_LOCAL_AGENT_ADDRESS=jaeger:6831
- TRACING_PROVIDERS_JAEGER_SAMPLING_TYPE=const
- TRACING_PROVIDERS_JAEGER_SAMPLING_VALUE=1
- URLS_SELF_ISSUER=http://127.0.0.1:4444
- URLS_CONSENT=http://127.0.0.1:3000/consent
- URLS_LOGIN=http://127.0.0.1:3000/login
- URLS_LOGOUT=http://127.0.0.1:3000/logout
- DSN=memory
- STRATEGIES_ACCESS_TOKEN=jwt
- SECRETS_SYSTEM=dUjs9EV7BuyXUcckKBVrYOdacsggIkna
- OIDC_SUBJECT_IDENTIFIERS_SUPPORTED_TYPES=public
- OIDC_SUBJECT_IDENTIFIERS_PAIRWISE_SALT=dUjs9EV7BuyXUcckKBVrYOdacsggIkna
- SERVE_COOKIES_SAME_SITE_MODE=Lax
- DSN=postgres://hydra:secret@postgres:5432/hydra?sslmode=disable&max_conns=20&max_idle_conns=4
restart: unless-stopped
depends_on:
- hydra-migrate
kraken: kraken:
image: devopsfaith/krakend:config-watcher image: devopsfaith/krakend:config-watcher
volumes: volumes:

View File

@ -73,6 +73,23 @@
"sequential": true "sequential": true
} }
} }
},
{
"endpoint": "/jwt_access",
"backend": [
{
"url_pattern": "/users/1.json"
}
],
"extra_config": {
"github.com/devopsfaith/krakend-jose/validator": {
"alg": "RS256",
"issuer": "http://127.0.0.1:4444/",
"jwk-url": "http://hydra:4444/.well-known/jwks.json",
"disable_jwk_security": true
}
}
} }
] ]
} }