Wstępna implementacja JWT - tak tego nie rób!

2020-10-14 20:55:43 +02:00 · 2020-10-14 20:55:43 +02:00 · 4d17cee46c
commit 4d17cee46c
parent 6655736a69
4 changed files with 61 additions and 0 deletions
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1 @@
+.env
--- a/README.md
+++ b/README.md
@ -9,3 +9,9 @@ Całość oparta do docker.
 Proste zmokowane api oraz krakend config-watcher (restertujący usługę po zmianie pliku konfiguracyjnego). Fajny patent wykorzystujący [Reflex](https://github.com/cespare/reflex).


+- etap2 (JWT)
+
+Tutaj już będzie deko więcej roboty.
+
+
+
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -14,6 +14,43 @@ services:
    ports:
      - "8000:8080"
  
+  hydra-migrate:
+    image: oryd/hydra:v1.8.5
+    environment:
+      - DSN=postgres://hydra:secret@postgres:5432/hydra?sslmode=disable&max_conns=20&max_idle_conns=4
+    command:
+      migrate sql -e --yes
+    restart: on-failure
+
+  hydra:
+    image: oryd/hydra:v1.8.5
+    ports:
+      - "4444:4444" # Public port
+      - "4445:4445" # Admin port
+      - "5555:5555" # Port for hydra token user
+    command:
+      serve all --dangerous-force-http
+    environment:      
+      - TRACING_PROVIDER=jaeger
+      - TRACING_PROVIDERS_JAEGER_SAMPLING_SERVER_URL=http://jaeger:5778/sampling
+      - TRACING_PROVIDERS_JAEGER_LOCAL_AGENT_ADDRESS=jaeger:6831
+      - TRACING_PROVIDERS_JAEGER_SAMPLING_TYPE=const
+      - TRACING_PROVIDERS_JAEGER_SAMPLING_VALUE=1
+      - URLS_SELF_ISSUER=http://127.0.0.1:4444
+      - URLS_CONSENT=http://127.0.0.1:3000/consent
+      - URLS_LOGIN=http://127.0.0.1:3000/login
+      - URLS_LOGOUT=http://127.0.0.1:3000/logout
+      - DSN=memory
+      - STRATEGIES_ACCESS_TOKEN=jwt
+      - SECRETS_SYSTEM=dUjs9EV7BuyXUcckKBVrYOdacsggIkna
+      - OIDC_SUBJECT_IDENTIFIERS_SUPPORTED_TYPES=public
+      - OIDC_SUBJECT_IDENTIFIERS_PAIRWISE_SALT=dUjs9EV7BuyXUcckKBVrYOdacsggIkna
+      - SERVE_COOKIES_SAME_SITE_MODE=Lax
+      - DSN=postgres://hydra:secret@postgres:5432/hydra?sslmode=disable&max_conns=20&max_idle_conns=4
+    restart: unless-stopped
+    depends_on:
+      - hydra-migrate
+
  kraken:
    image: devopsfaith/krakend:config-watcher
    volumes:
--- a/krakend/krakend.json
+++ b/krakend/krakend.json
@ -73,6 +73,23 @@
          "sequential": true
        }
      }
+    },
+        {
+      "endpoint": "/jwt_access",
+      "backend": [
+        {
+          "url_pattern": "/users/1.json"
+        }
+      ],
+      "extra_config": {
+        "github.com/devopsfaith/krakend-jose/validator": {
+          "alg": "RS256",
+          "issuer": "http://127.0.0.1:4444/",
+          "jwk-url": "http://hydra:4444/.well-known/jwks.json",
+          "disable_jwk_security": true
+        }
+      }
    }
  ]
 }
+