From bf4cbe994f03cdbf0848e0d251fc56b3cce8cacd Mon Sep 17 00:00:00 2001 From: airghy Date: Sat, 10 Aug 2024 22:32:31 +0200 Subject: [PATCH] book-api Signed-off-by: airghy --- Dockerfile-books | 6 +- Dockerfile-metrics | 2 +- cmd/book-api/internal/handlers/user.go | 2 + cmd/book-api/main.go | 50 ++- cmd/book-api/oidc/config.json | 10 +- cmd/book-api/oidc/keycloack.json | 598 ++++++++++++------------- docker-compose.yml | 75 ++-- 7 files changed, 391 insertions(+), 352 deletions(-) diff --git a/Dockerfile-books b/Dockerfile-books index d48fdc7..5ddc9fd 100644 --- a/Dockerfile-books +++ b/Dockerfile-books @@ -1,5 +1,5 @@ # Build the Go Binary. -FROM golang:1.13 as build_books-api +FROM golang:1.22.2 as build_books-api ENV CGO_ENABLED 0 ARG VCS_REF ARG PACKAGE_NAME @@ -36,7 +36,7 @@ ARG BUILD_DATE ARG VCS_REF ARG PACKAGE_NAME ARG PACKAGE_PREFIX -COPY --from=build_books-api /book-library/private.pem /app-library/private.pem +COPY --from=build_books-api /book-library/cmd/book-api/oidc /app-library/oidc COPY --from=build_books-api /book-library/cmd/${PACKAGE_PREFIX}admin/admin /app-library/book-api COPY --from=build_books-api /book-library/cmd/${PACKAGE_PREFIX}${PACKAGE_NAME}/${PACKAGE_NAME} /app-library/book-api WORKDIR /app-library @@ -44,6 +44,6 @@ CMD ["./book-api"] LABEL org.opencontainers.image.created="${BUILD_DATE}" \ org.opencontainers.image.title="book-api" \ - org.opencontainers.image.authors="Hergy Tchuinkou " \ + org.opencontainers.image.authors="Hergy Fongue" \ org.opencontainers.image.source="https://github.com/rjtch/book-library/cmd/book-api" \ org.opencontainers.image.revision="${VCS_REF}" \ No newline at end of file diff --git a/Dockerfile-metrics b/Dockerfile-metrics index ebddb01..bf9d527 100644 --- a/Dockerfile-metrics +++ b/Dockerfile-metrics @@ -36,6 +36,6 @@ CMD ["./metrics"] LABEL org.opencontainers.image.created="${BUILD_DATE}" \ org.opencontainers.image.title="metrics" \ - org.opencontainers.image.authors="Hergy Tchuinkou " \ + org.opencontainers.image.authors="Hergy Fongue" \ org.opencontainers.image.source="https://github.com/rjtch/book-library/cmd/sidecar/metrics" \ org.opencontainers.image.revision="${VCS_REF}" \ No newline at end of file diff --git a/cmd/book-api/internal/handlers/user.go b/cmd/book-api/internal/handlers/user.go index f4ab2fd..95096d5 100644 --- a/cmd/book-api/internal/handlers/user.go +++ b/cmd/book-api/internal/handlers/user.go @@ -2,6 +2,7 @@ package handlers import ( "context" + "log" "net/http" "time" @@ -35,6 +36,7 @@ func (u *User) List(ctx context.Context, w http.ResponseWriter, r *http.Request, defer span.End() claims, ok := ctx.Value(auth.Key).(auth.Claims) + log.Println("parameters %s", params) if !ok { if !claims.HasRole(auth.RoleAdmin) { return errors.New("claims missing from context") diff --git a/cmd/book-api/main.go b/cmd/book-api/main.go index 2ca51fa..a4dfddb 100644 --- a/cmd/book-api/main.go +++ b/cmd/book-api/main.go @@ -2,12 +2,16 @@ package main import ( "context" + "crypto/rand" + "encoding/base64" "expvar" + "io" "log" "net/http" "os" "os/signal" "syscall" + "time" "contrib.go.opencensus.io/exporter/zipkin" "github.com/book-library/cmd/book-api/internal/handlers" @@ -20,6 +24,7 @@ import ( _ "github.com/rakyll/statik/fs" "github.com/spf13/viper" "go.opencensus.io/trace" + "golang.org/x/oauth2" ) // build is the git version of this program. It is set using build flags in the makefile. @@ -35,6 +40,25 @@ func main() { } } +func randString(nByte int) (string, error) { + b := make([]byte, nByte) + if _, err := io.ReadFull(rand.Reader, b); err != nil { + return "", err + } + return base64.RawURLEncoding.EncodeToString(b), nil +} + +func setCallbackCookie(w http.ResponseWriter, r *http.Request, name, value string) { + c := &http.Cookie{ + Name: name, + Value: value, + MaxAge: int(time.Hour.Seconds()), + Secure: r.TLS != nil, + HttpOnly: true, + } + http.SetCookie(w, c) +} + func run() error { ctx := context.Background() @@ -43,7 +67,6 @@ func run() error { log := log.New(os.Stdout, "BOOKS : ", log.LstdFlags|log.Lmicroseconds|log.Lshortfile) // read config files - // viper.SetConfigFile(configFile) viper.AddConfigPath(configPath) viper.SetConfigName(configName) viper.SetConfigType(configType) @@ -51,8 +74,6 @@ func run() error { if err != nil { return errors.Wrap(err, "generating config usage failed") } - scopes := make([]string, 6) - scopes = append(scopes, viper.GetString("oauth.scopes")) // ========================================================================= // Configuration oauth := auth.OAuthenticator{ @@ -61,7 +82,7 @@ func run() error { Endpoint: viper.GetString("oauth.endpoint"), RedirectUrl: viper.GetString("oauth.redirectUrl"), Issuer: viper.GetString("oauth.issuer"), - Scopes: scopes, + Scopes: viper.GetStringSlice("oauth.scopes"), } db := auth.DB{ @@ -87,8 +108,21 @@ func run() error { Probability: viper.GetFloat64("zipkin.probability"), } - provider := oidc.InsecureIssuerURLContext(ctx, viper.GetString("oauth.issuer")) - log.Printf("main : provider context version %q", provider) + provider, err := oidc.NewProvider(ctx, oauth.Issuer) + if err != nil { + return errors.Wrap(err, "Provider could not been found") + } + oidcConfig := &oidc.Config{ + ClientID: oauth.ClientID, + } + verifier := provider.Verifier(oidcConfig) + config := oauth2.Config{ + ClientID: oauth.ClientID, + ClientSecret: oauth.ClientSecret, + Endpoint: provider.Endpoint(), + RedirectURL: oauth.RedirectUrl, + Scopes: oauth.Scopes, + } // ========================================================================= // App Starting @@ -101,9 +135,11 @@ func run() error { log.Println("main : Started : Initializing authentication support") - authenticator, err := auth.OAuthenticate(oauth.ClientID, oauth.ClientSecret, oauth.Endpoint, oauth.RedirectUrl, oauth.Issuer, oauth.Scopes) + authenticator, err := auth.OAuthenticate(config.ClientID, config.ClientSecret, config.Endpoint.TokenURL, config.RedirectURL, oauth.Issuer, config.Scopes) if err != nil { return errors.Wrap(err, "constructing authenticator") + } else { + log.Println("Verifier %s", verifier) } // ========================================================================= diff --git a/cmd/book-api/oidc/config.json b/cmd/book-api/oidc/config.json index a5d3e76..492cec4 100644 --- a/cmd/book-api/oidc/config.json +++ b/cmd/book-api/oidc/config.json @@ -2,11 +2,11 @@ { "oauth": { - "clientSecret": "eyJhbGciOiJIUzUxMiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICIwZGU2YWRkZC1mZjZiLTRjZDAtODFjYi1iMDFiY2ViZDkzODEifQ.eyJleHAiOjE3Mjg5ODg1MDEsImlhdCI6MTcyMjA3NjUwMSwianRpIjoiZDcwYmYyNzItNzhiYS00ZDQ2LWFlYTctYWU5OTg4MTQ2ODZhIiwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo4MDgwL3JlYWxtcy9ib29rLXJlYWxtIiwiYXVkIjoiaHR0cDovL2xvY2FsaG9zdDo4MDgwL3JlYWxtcy9ib29rLXJlYWxtIiwidHlwIjoiSW5pdGlhbEFjY2Vzc1Rva2VuIn0.s5c-u1tFCZejsIWBwwitwjFsSWaQQx5TyxA3ilUp7ju_kjAQddheGNsnOHyxIRWT5uqeYl0bxGkQR2cGvhKtXQ", - "clientID": "d70bf272-78ba-4d46-aea7-ae998814686a", - "endpoint": "http://localhost:8080/realms/book-realm/protocol/openid-connect/token", - "issuer": "http://localhost:8080/realms/book-realm", - "redirectUrl": "http://localhost:8080/realms/book-realm/auth/callback", + "clientSecret": "eyJhbGciOiJIUzUxMiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJiNDI5YTFkMy00ZjA1LTRkY2QtYTlkYy1iYTllNTJjMjRhOTcifQ.eyJleHAiOjE3MzE5NTc2NDMsImlhdCI6MTcyMzMxNzY0MywianRpIjoiYmVhZmM2ODEtZDY2Ny00YjMzLWJhYTctNzBhNzdjMjk3YzkzIiwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo4MDgwL3JlYWxtcy9ib29rLXJlYWxtIiwiYXVkIjoiaHR0cDovL2xvY2FsaG9zdDo4MDgwL3JlYWxtcy9ib29rLXJlYWxtIiwidHlwIjoiSW5pdGlhbEFjY2Vzc1Rva2VuIn0.vLIJZWF0j9HJ7F-Gc1O74fNHamuxx2TPs10uXuOiv0Ur8K7TCkgtXvzSJQygHsHGh91P3kw7yJK2NQ5hTs2P-A", + "clientID": "book-auth", + "endpoint": "http://0.0.0.0:8080/realms/book-realm/protocol/openid-connect/token", + "issuer": "http://0.0.0.0:8080/realms/book-realm", + "redirectUrl": "http://0.0.0.0:8080/realms/book-realm/auth/callback", "scopes": ["oidc","profile", "email"] }, "web": { diff --git a/cmd/book-api/oidc/keycloack.json b/cmd/book-api/oidc/keycloack.json index 550e6e2..b3294db 100644 --- a/cmd/book-api/oidc/keycloack.json +++ b/cmd/book-api/oidc/keycloack.json @@ -1,300 +1,300 @@ { - "issuer": "http://localhost:8080/realms/book-realm", - "authorization_endpoint": "http://localhost:8080/realms/book-realm/protocol/openid-connect/auth", - "token_endpoint": "http://localhost:8080/realms/book-realm/protocol/openid-connect/token", - "introspection_endpoint": "http://localhost:8080/realms/book-realm/protocol/openid-connect/token/introspect", - "userinfo_endpoint": "http://localhost:8080/realms/book-realm/protocol/openid-connect/userinfo", - "end_session_endpoint": "http://localhost:8080/realms/book-realm/protocol/openid-connect/logout", - "frontchannel_logout_session_supported": true, - "frontchannel_logout_supported": true, - "jwks_uri": "http://localhost:8080/realms/book-realm/protocol/openid-connect/certs", - "check_session_iframe": "http://localhost:8080/realms/book-realm/protocol/openid-connect/login-status-iframe.html", - "grant_types_supported": [ - "authorization_code", - "implicit", - "refresh_token", - "password", - "client_credentials", - "urn:openid:params:grant-type:ciba", - "urn:ietf:params:oauth:grant-type:device_code" - ], - "acr_values_supported": [ - "0", - "1" - ], - "response_types_supported": [ - "code", - "none", - "id_token", - "token", - "id_token token", - "code id_token", - "code token", - "code id_token token" - ], - "subject_types_supported": [ - "public", - "pairwise" - ], - "id_token_signing_alg_values_supported": [ - "PS384", - "RS384", - "EdDSA", - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512" - ], - "id_token_encryption_alg_values_supported": [ - "RSA-OAEP", - "RSA-OAEP-256", - "RSA1_5" - ], - "id_token_encryption_enc_values_supported": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512" - ], - "userinfo_signing_alg_values_supported": [ - "PS384", - "RS384", - "EdDSA", - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - "none" - ], - "userinfo_encryption_alg_values_supported": [ - "RSA-OAEP", - "RSA-OAEP-256", - "RSA1_5" - ], - "userinfo_encryption_enc_values_supported": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512" - ], - "request_object_signing_alg_values_supported": [ - "PS384", - "RS384", - "EdDSA", - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - "none" - ], - "request_object_encryption_alg_values_supported": [ - "RSA-OAEP", - "RSA-OAEP-256", - "RSA1_5" - ], - "request_object_encryption_enc_values_supported": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512" - ], - "response_modes_supported": [ - "query", - "fragment", - "form_post", - "query.jwt", - "fragment.jwt", - "form_post.jwt", - "jwt" - ], - "registration_endpoint": "http://localhost:8080/realms/book-realm/clients-registrations/openid-connect", - "token_endpoint_auth_methods_supported": [ - "private_key_jwt", - "client_secret_basic", - "client_secret_post", - "tls_client_auth", - "client_secret_jwt" - ], - "token_endpoint_auth_signing_alg_values_supported": [ - "PS384", - "RS384", - "EdDSA", - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512" - ], - "introspection_endpoint_auth_methods_supported": [ - "private_key_jwt", - "client_secret_basic", - "client_secret_post", - "tls_client_auth", - "client_secret_jwt" - ], - "introspection_endpoint_auth_signing_alg_values_supported": [ - "PS384", - "RS384", - "EdDSA", - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512" - ], - "authorization_signing_alg_values_supported": [ - "PS384", - "RS384", - "EdDSA", - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512" - ], - "authorization_encryption_alg_values_supported": [ - "RSA-OAEP", - "RSA-OAEP-256", - "RSA1_5" - ], - "authorization_encryption_enc_values_supported": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512" - ], - "claims_supported": [ - "aud", - "sub", - "iss", - "auth_time", - "name", - "given_name", - "family_name", - "preferred_username", - "email", - "acr" - ], - "claim_types_supported": [ - "normal" - ], - "claims_parameter_supported": true, - "scopes_supported": [ - "openid", - "acr", - "microprofile-jwt", - "email", - "roles", - "basic", - "phone", - "web-origins", - "offline_access", - "address", - "profile" - ], - "request_parameter_supported": true, - "request_uri_parameter_supported": true, - "require_request_uri_registration": true, - "code_challenge_methods_supported": [ - "plain", - "S256" - ], - "tls_client_certificate_bound_access_tokens": true, - "revocation_endpoint": "http://localhost:8080/realms/book-realm/protocol/openid-connect/revoke", - "revocation_endpoint_auth_methods_supported": [ - "private_key_jwt", - "client_secret_basic", - "client_secret_post", - "tls_client_auth", - "client_secret_jwt" - ], - "revocation_endpoint_auth_signing_alg_values_supported": [ - "PS384", - "RS384", - "EdDSA", - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512" - ], - "backchannel_logout_supported": true, - "backchannel_logout_session_supported": true, - "device_authorization_endpoint": "http://localhost:8080/realms/book-realm/protocol/openid-connect/auth/device", - "backchannel_token_delivery_modes_supported": [ - "poll", - "ping" - ], - "backchannel_authentication_endpoint": "http://localhost:8080/realms/book-realm/protocol/openid-connect/ext/ciba/auth", - "backchannel_authentication_request_signing_alg_values_supported": [ - "PS384", - "RS384", - "EdDSA", - "ES384", - "ES256", - "RS256", - "ES512", - "PS256", - "PS512", - "RS512" - ], - "require_pushed_authorization_requests": false, - "pushed_authorization_request_endpoint": "http://localhost:8080/realms/book-realm/protocol/openid-connect/ext/par/request", - "mtls_endpoint_aliases": { - "token_endpoint": "http://localhost:8080/realms/book-realm/protocol/openid-connect/token", - "revocation_endpoint": "http://localhost:8080/realms/book-realm/protocol/openid-connect/revoke", - "introspection_endpoint": "http://localhost:8080/realms/book-realm/protocol/openid-connect/token/introspect", - "device_authorization_endpoint": "http://localhost:8080/realms/book-realm/protocol/openid-connect/auth/device", - "registration_endpoint": "http://localhost:8080/realms/book-realm/clients-registrations/openid-connect", - "userinfo_endpoint": "http://localhost:8080/realms/book-realm/protocol/openid-connect/userinfo", - "pushed_authorization_request_endpoint": "http://localhost:8080/realms/book-realm/protocol/openid-connect/ext/par/request", - "backchannel_authentication_endpoint": "http://localhost:8080/realms/book-realm/protocol/openid-connect/ext/ciba/auth" - }, - "authorization_response_iss_parameter_supported": true - } \ No newline at end of file + "issuer": "http://0.0.0.0:8080/realms/book-realm", + "authorization_endpoint": "http://0.0.0.0:8080/realms/book-realm/protocol/openid-connect/auth", + "token_endpoint": "http://0.0.0.0:8080/realms/book-realm/protocol/openid-connect/token", + "introspection_endpoint": "http://0.0.0.0:8080/realms/book-realm/protocol/openid-connect/token/introspect", + "userinfo_endpoint": "http://0.0.0.0:8080/realms/book-realm/protocol/openid-connect/userinfo", + "end_session_endpoint": "http://0.0.0.0:8080/realms/book-realm/protocol/openid-connect/logout", + "frontchannel_logout_session_supported": true, + "frontchannel_logout_supported": true, + "jwks_uri": "http://0.0.0.0:8080/realms/book-realm/protocol/openid-connect/certs", + "check_session_iframe": "http://0.0.0.0:8080/realms/book-realm/protocol/openid-connect/login-status-iframe.html", + "grant_types_supported": [ + "authorization_code", + "implicit", + "refresh_token", + "password", + "client_credentials", + "urn:openid:params:grant-type:ciba", + "urn:ietf:params:oauth:grant-type:device_code" + ], + "acr_values_supported": [ + "0", + "1" + ], + "response_types_supported": [ + "code", + "none", + "id_token", + "token", + "id_token token", + "code id_token", + "code token", + "code id_token token" + ], + "subject_types_supported": [ + "public", + "pairwise" + ], + "id_token_signing_alg_values_supported": [ + "PS384", + "RS384", + "EdDSA", + "ES384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512" + ], + "id_token_encryption_alg_values_supported": [ + "RSA-OAEP", + "RSA-OAEP-256", + "RSA1_5" + ], + "id_token_encryption_enc_values_supported": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512" + ], + "userinfo_signing_alg_values_supported": [ + "PS384", + "RS384", + "EdDSA", + "ES384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + "none" + ], + "userinfo_encryption_alg_values_supported": [ + "RSA-OAEP", + "RSA-OAEP-256", + "RSA1_5" + ], + "userinfo_encryption_enc_values_supported": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512" + ], + "request_object_signing_alg_values_supported": [ + "PS384", + "RS384", + "EdDSA", + "ES384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + "none" + ], + "request_object_encryption_alg_values_supported": [ + "RSA-OAEP", + "RSA-OAEP-256", + "RSA1_5" + ], + "request_object_encryption_enc_values_supported": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512" + ], + "response_modes_supported": [ + "query", + "fragment", + "form_post", + "query.jwt", + "fragment.jwt", + "form_post.jwt", + "jwt" + ], + "registration_endpoint": "http://0.0.0.0:8080/realms/book-realm/clients-registrations/openid-connect", + "token_endpoint_auth_methods_supported": [ + "private_key_jwt", + "client_secret_basic", + "client_secret_post", + "tls_client_auth", + "client_secret_jwt" + ], + "token_endpoint_auth_signing_alg_values_supported": [ + "PS384", + "RS384", + "EdDSA", + "ES384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512" + ], + "introspection_endpoint_auth_methods_supported": [ + "private_key_jwt", + "client_secret_basic", + "client_secret_post", + "tls_client_auth", + "client_secret_jwt" + ], + "introspection_endpoint_auth_signing_alg_values_supported": [ + "PS384", + "RS384", + "EdDSA", + "ES384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512" + ], + "authorization_signing_alg_values_supported": [ + "PS384", + "RS384", + "EdDSA", + "ES384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512" + ], + "authorization_encryption_alg_values_supported": [ + "RSA-OAEP", + "RSA-OAEP-256", + "RSA1_5" + ], + "authorization_encryption_enc_values_supported": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512" + ], + "claims_supported": [ + "aud", + "sub", + "iss", + "auth_time", + "name", + "given_name", + "family_name", + "preferred_username", + "email", + "acr" + ], + "claim_types_supported": [ + "normal" + ], + "claims_parameter_supported": true, + "scopes_supported": [ + "openid", + "offline_access", + "acr", + "roles", + "basic", + "profile", + "phone", + "microprofile-jwt", + "email", + "address", + "web-origins" + ], + "request_parameter_supported": true, + "request_uri_parameter_supported": true, + "require_request_uri_registration": true, + "code_challenge_methods_supported": [ + "plain", + "S256" + ], + "tls_client_certificate_bound_access_tokens": true, + "revocation_endpoint": "http://0.0.0.0:8080/realms/book-realm/protocol/openid-connect/revoke", + "revocation_endpoint_auth_methods_supported": [ + "private_key_jwt", + "client_secret_basic", + "client_secret_post", + "tls_client_auth", + "client_secret_jwt" + ], + "revocation_endpoint_auth_signing_alg_values_supported": [ + "PS384", + "RS384", + "EdDSA", + "ES384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512" + ], + "backchannel_logout_supported": true, + "backchannel_logout_session_supported": true, + "device_authorization_endpoint": "http://0.0.0.0:8080/realms/book-realm/protocol/openid-connect/auth/device", + "backchannel_token_delivery_modes_supported": [ + "poll", + "ping" + ], + "backchannel_authentication_endpoint": "http://0.0.0.0:8080/realms/book-realm/protocol/openid-connect/ext/ciba/auth", + "backchannel_authentication_request_signing_alg_values_supported": [ + "PS384", + "RS384", + "EdDSA", + "ES384", + "ES256", + "RS256", + "ES512", + "PS256", + "PS512", + "RS512" + ], + "require_pushed_authorization_requests": false, + "pushed_authorization_request_endpoint": "http://0.0.0.0:8080/realms/book-realm/protocol/openid-connect/ext/par/request", + "mtls_endpoint_aliases": { + "token_endpoint": "http://0.0.0.0:8080/realms/book-realm/protocol/openid-connect/token", + "revocation_endpoint": "http://0.0.0.0:8080/realms/book-realm/protocol/openid-connect/revoke", + "introspection_endpoint": "http://0.0.0.0:8080/realms/book-realm/protocol/openid-connect/token/introspect", + "device_authorization_endpoint": "http://0.0.0.0:8080/realms/book-realm/protocol/openid-connect/auth/device", + "registration_endpoint": "http://0.0.0.0:8080/realms/book-realm/clients-registrations/openid-connect", + "userinfo_endpoint": "http://0.0.0.0:8080/realms/book-realm/protocol/openid-connect/userinfo", + "pushed_authorization_request_endpoint": "http://0.0.0.0:8080/realms/book-realm/protocol/openid-connect/ext/par/request", + "backchannel_authentication_endpoint": "http://0.0.0.0:8080/realms/book-realm/protocol/openid-connect/ext/ciba/auth" + }, + "authorization_response_iss_parameter_supported": true +} \ No newline at end of file diff --git a/docker-compose.yml b/docker-compose.yml index e203d65..ce3a1c3 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -7,42 +7,42 @@ networks: services: # This sidecar allows for the viewing of traces. - # zipkin: - # container_name: zipkin - # networks: - # - shared-network - # image: openzipkin/zipkin:2.11 - # ports: - # - 9411:9411 + zipkin: + container_name: zipkin + networks: + - shared-network + image: openzipkin/zipkin:2.11 + ports: + - 9411:9411 - # # This sidecar publishes metrics to the console by default. - # metrics: - # container_name: metrics - # networks: - # - shared-network - # image: book-metrics-kit - # ports: - # - 3001:3001 # EXPVAR API - # - 4001:4001 # DEBUG API - # depends_on: - # - books-api + # This sidecar publishes metrics to the console by default. + metrics: + container_name: metrics + networks: + - shared-network + image: book-metrics-kit + ports: + - 3001:3001 # EXPVAR API + - 4001:4001 # DEBUG API + depends_on: + - books-api - # # #This is the core CRUD based service. - # books-api: - # container_name: books-api - # networks: - # - shared-network - # image: book-api-kit - # ports: - # - 3000:3000 # CRUD API - # - 4000:4000 # DEBUG API - # environment: - # - BOOKS_DB_HOST=book_db - # - BOOKS_DB_DISABLE_TLS=1 # This is only disabled for our development enviroment. - # # - GODEBUG=gctrace=1 - # depends_on: - # - zipkin - # - db + # #This is the core CRUD based service. + books-api: + container_name: books-api + networks: + - shared-network + image: book-api-kit + ports: + - 3000:3000 # CRUD API + - 4000:4000 # DEBUG API + environment: + - BOOKS_DB_HOST=postgres + - BOOKS_DB_DISABLE_TLS=1 # This is only disabled for our development enviroment. + # - GODEBUG=gctrace=1 + depends_on: + - zipkin + - postgres keycloack: image: quay.io/keycloak/keycloak:25.0.1 @@ -50,12 +50,12 @@ services: command: ["start-dev"] environment: - KC_LOG_LEVEL=info - - KC_HOSTNAME=localhost + - KC_HOSTNAME=0.0.0.0 - KC_HOSTNAME_PORT=8080 - KEYCLOAK_ADMIN=admin - KEYCLOAK_ADMIN_PASSWORD=admin healthcheck: - test: ["CMD", "curl", "-f", "http://localhost:8080/health/ready"] + test: ["CMD", "curl", "-f", "http://0.0.0.0:8080/health/ready"] interval: 15s timeout: 2s retries: 15 @@ -71,7 +71,7 @@ services: - ADMINER_DEFAULT_DB_DRIVER=pgsql - ADMINER_DEFAULT_DB_NAME=book ports: - - 5499:8080 + - 5499:5499 # # This starts a local PostgreSQL DB. postgres: @@ -79,6 +79,7 @@ services: restart: always # platform: linux/amd64 shm_size: 128mb + user: postgres environment: POSTGRES_USER: book POSTGRES_PASSWORD: postgres-password