feat(auth): add support for OIDC

closes #33
NeuraLegion · Jun 2, 2021 · d56090b · d56090b
1 parent 1212a38
commit d56090b
Show file tree

Hide file tree

Showing 29 changed files with 5,258 additions and 2,054 deletions.
diff --git a/.env b/.env
@@ -9,3 +9,10 @@ MAILGUN_API=fhlakjshdf8932pidkjshfasdjfy89234ks83pikanzkjahslka
 JWT_PRIVATE_KEY_LOCATION=config/keys/jwtRS256.key
 JWT_PUBLIC_KEY_LOCATION=config/keys/jwtRS256.key.pub.pem
 JWT_SECRET_KEY=123
+
+KEYCLOAK_SERVER_URI=https://auth.brokencrystals.neuralegion.com/auth
+KEYCLOAK_REALM=brokencrystals
+KEYCLOAK_ADMIN_CLIENT_ID=admin-cli
+KEYCLOAK_ADMIN_CLIENT_SECRET=3abff4a7-6649-4bae-a105-9bd1fb52a2cd
+KEYCLOAK_PUBLIC_CLIENT_ID=brokencrystals-client
+KEYCLOAK_PUBLIC_CLIENT_SECRET=4bfb5df6-4647-46dd-bad1-c8b8ffd7caf4
diff --git a/.gitignore b/.gitignore
@@ -32,7 +32,5 @@ lerna-debug.log*
 
 # IDE - VSCode
 .vscode/*
-!.vscode/settings.json
-!.vscode/tasks.json
-!.vscode/launch.json
-!.vscode/extensions.json
+
+keycloak/db
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -10,6 +10,7 @@ services:
       POSTGRES_PASSWORD: bc
     volumes:
     - ./pg.sql:/docker-entrypoint-initdb.d/pg.sql
+
   nodejs:
     image: neuralegion/brokencrystals
     container_name: nodejs
@@ -24,6 +25,8 @@ services:
         max-size: "10m"
     depends_on:
       - db
+      - keycloak
+
   proxy:
     image: neuralegion/brokencrystals-client
     restart: always
@@ -37,6 +40,7 @@ services:
     volumes:
       - ./nginx-config:/etc/nginx/user.conf.d:ro
       - letsencrypt:/etc/letsencrypt
+
   watchtower:
     image: containrrr/watchtower
     restart: always
@@ -47,5 +51,40 @@ services:
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock
     command: --interval 300 --debug
+
+  keycloak-db:
+    image: "postgres:12.2-alpine"
+    environment:
+      POSTGRES_DB: keycloak
+      POSTGRES_USER: keycloak
+      POSTGRES_PASSWORD: password
+    restart: on-failure
+    stdin_open: true
+    tty: true
+    volumes:
+      - "./keycloak/db:/var/lib/postgresql/data/"
+
+  keycloak:
+    image: jboss/keycloak:latest
+    volumes:
+      - "./keycloak/imports/realm-export.json:/opt/jboss/keycloak/imports/realm-export.json"
+    environment:
+      DB_VENDOR: POSTGRES
+      DB_ADDR: keycloak-db
+      DB_DATABASE: keycloak
+      DB_USER: keycloak
+      DB_SCHEMA: public
+      DB_PASSWORD: password
+      KEYCLOAK_USER: admin
+      KEYCLOAK_PASSWORD: Pa55w0rd
+      KEYCLOAK_IMPORT: /opt/jboss/keycloak/imports/realm-export.json -Dkeycloak.profile.feature.upload_scripts=enabled
+    healthcheck:
+      test: [ "CMD", "curl", "-f", "http://localhost:8080/auth/realms/brokencrystals/health/check/database" ]
+      timeout: 10s
+      interval: 30s
+      retries: 3
+    depends_on:
+      - keycloak-db
+
 volumes:
   letsencrypt: