Wstępna implementacja JWT - tak tego nie rób!

2020-10-14 20:55:43 +02:00 · 2020-10-14 20:55:43 +02:00 · 4d17cee46c
commit 4d17cee46c
parent 6655736a69
4 changed files with 61 additions and 0 deletions
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1 @@
 .env
--- a/README.md
+++ b/README.md
@ -9,3 +9,9 @@ Całość oparta do docker.
 Proste zmokowane api oraz krakend config-watcher (restertujący usługę po zmianie pliku konfiguracyjnego). Fajny patent wykorzystujący [Reflex](https://github.com/cespare/reflex).
 - etap2 (JWT)
 Tutaj już będzie deko więcej roboty.
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -13,6 +13,43 @@ services:
      - ./api-mocks:/opt/lwan/wwwroot
    ports:
      - "8000:8080"
  hydra-migrate:
    image: oryd/hydra:v1.8.5
    environment:
      - DSN=postgres://hydra:secret@postgres:5432/hydra?sslmode=disable&max_conns=20&max_idle_conns=4
    command:
      migrate sql -e --yes
    restart: on-failure
  hydra:
    image: oryd/hydra:v1.8.5
    ports:
      - "4444:4444" # Public port
      - "4445:4445" # Admin port
      - "5555:5555" # Port for hydra token user
    command:
      serve all --dangerous-force-http
    environment:      
      - TRACING_PROVIDER=jaeger
      - TRACING_PROVIDERS_JAEGER_SAMPLING_SERVER_URL=http://jaeger:5778/sampling
      - TRACING_PROVIDERS_JAEGER_LOCAL_AGENT_ADDRESS=jaeger:6831
      - TRACING_PROVIDERS_JAEGER_SAMPLING_TYPE=const
      - TRACING_PROVIDERS_JAEGER_SAMPLING_VALUE=1
      - URLS_SELF_ISSUER=http://127.0.0.1:4444
      - URLS_CONSENT=http://127.0.0.1:3000/consent
      - URLS_LOGIN=http://127.0.0.1:3000/login
      - URLS_LOGOUT=http://127.0.0.1:3000/logout
      - DSN=memory
      - STRATEGIES_ACCESS_TOKEN=jwt
      - SECRETS_SYSTEM=dUjs9EV7BuyXUcckKBVrYOdacsggIkna
      - OIDC_SUBJECT_IDENTIFIERS_SUPPORTED_TYPES=public
      - OIDC_SUBJECT_IDENTIFIERS_PAIRWISE_SALT=dUjs9EV7BuyXUcckKBVrYOdacsggIkna
      - SERVE_COOKIES_SAME_SITE_MODE=Lax
      - DSN=postgres://hydra:secret@postgres:5432/hydra?sslmode=disable&max_conns=20&max_idle_conns=4
    restart: unless-stopped
    depends_on:
      - hydra-migrate
  kraken:
    image: devopsfaith/krakend:config-watcher
--- a/krakend/krakend.json
+++ b/krakend/krakend.json
@ -73,6 +73,23 @@
          "sequential": true
        }
      }
    },
        {
      "endpoint": "/jwt_access",
      "backend": [
        {
          "url_pattern": "/users/1.json"
        }
      ],
      "extra_config": {
        "github.com/devopsfaith/krakend-jose/validator": {
          "alg": "RS256",
          "issuer": "http://127.0.0.1:4444/",
          "jwk-url": "http://hydra:4444/.well-known/jwks.json",
          "disable_jwk_security": true
        }
      }
    }
  ]
 }