feature: Adding keyclock as authentication & authorization tool.

LerianStudio · Jun 25, 2024 · 7a693c9 · 7a693c9
1 parent a33e069
commit 7a693c9
Show file tree

Hide file tree

Showing 2 changed files with 33 additions and 196 deletions.
diff --git a/components/auth/.env.example b/components/auth/.env.example
@@ -1,29 +1,6 @@
-# AUTH
-# Kratos
-ENV_NAME=production
-KRATOS_DB_USER=kratos
-KRATOS_DB_PASSWORD=kratos
-KRATOS_DB_NAME=kratos
-KRATOS_DB_PORT=5432
-KRATOS_ADMIN_URL=http://kratos:4434/
-KRATOS_PUBLIC_URL=http://kratos:4433/
-# generate a random secret to replace this example
-KRATOS_COOKIE_SECRET= #< to create a secreat you may run this command to generate a new secret: pwgen -s -n 30 7 >
-# generate a random secret to replace this example
-KRATOS_CIPHER_SECRET= #< to create a secreat you may run this command to generate a new secret: pwgen -s -n 30 7 >
-SMTP_USER=test
-SMTP_PASSWORD=test
-SMTP_ADDRESS=mailslurper
-SMTP_PORT=1025
-# Hydra
-HYDRA_ADDRESS=http://hydra:4445/
-HYDRA_DB_USER=hydra
-HYDRA_DB_PASSWORD=hydra
-HYDRA_DB_NAME=hydra
-HYDRA_DB_PORT=5432
-# generate a random secret to replace this example
-HYDRA_SYSTEM_SECRET= #< to create a secreat you may run this command to generate a new secret: pwgen -s -n 30 7 >
-# generate a random secret to replace this example
-HYDRA_COOKIE_SECRET= #< to create a secreat you may run this command to generate a new secret: pwgen -s -n 30 7 >
-# generate a random secret to replace this example
-HYDRA_PAIRWISE_SALT= #< to create a secreat you may run this command to generate a new secret: pwgen -s -n 30 7 >
+#AUTH
+POSTGRES_DB=keycloak_db
+POSTGRES_USER=keycloak_db_user
+POSTGRES_PASSWORD=passowrd
+KEYCLOAK_ADMIN=admin
+KEYCLOAK_ADMIN_PASSWORD=password
diff --git a/components/auth/docker-compose.yml b/components/auth/docker-compose.yml
@@ -1,3 +1,5 @@
+version: '3.8'
+
 x-postgres-common:
   &postgres-common
   image: postgres:16-alpine
@@ -6,184 +8,42 @@ x-postgres-common:
     - .env
   networks:
     - app-tier
+  volumes:
+    - data:/var/lib/postgresql/data
 
 services:
-  keto-db:
+  postgres:
     <<: *postgres-common
-    container_name: keto-db
-    ports:
-      - "5436:5432"
-    environment:
-      - POSTGRES_USER=${KETO_DB_USER}
-      - POSTGRES_PASSWORD=${KETO_DB_PASSWORD}
-      - POSTGRES_DB=${KETO_DB_NAME}
-    healthcheck:
-      test: [ "CMD-SHELL", "pg_isready -U ${KETO_DB_USER} -d ${KETO_DB_NAME}" ]
-      interval: 10s
-      timeout: 5s
-      retries: 5
-
-  kratos:
-    container_name: kratos
-    image: oryd/kratos:v1.1.0
-    env_file:
-      - .env
-    environment:
-      - DSN=postgres://${KRATOS_DB_USER}:${KRATOS_DB_PASSWORD}@kratos-db:${KRATOS_DB_PORT}/${KRATOS_DB_NAME}?sslmode=disable&max_conns=20&max_idle_conns=4
-      - OAUTH2_PROVIDER_URL=${HYDRA_ADDRESS}
-      - OAUTH2_PROVIDER_OVERRIDE_RETURN_TO=true
-      - SECRETS_COOKIE=${KRATOS_COOKIE_SECRET}
-      - SECRETS_CIPHER=${KRATOS_CIPHER_SECRET}
-      - COURIER_SMTP_CONNECTION_URI=smtps://${SMTP_USER}:${SMTP_PASSWORD}@${SMTP_ADDRESS}:${SMTP_PORT}/?skip_ssl_verify=true
-    command: serve -c /etc/kratos/config/kratos.yml --dev --watch-courier
-    depends_on:
-      - kratos-db
-      - kratos-migrate
-    ports:
-      - "4433:4433" #public port
-      - "4434:4434" #admin port
-    volumes:
-      - type: bind
-        source: ../../config/auth
-        target: /etc/kratos/config
-      - type: bind
-        source: ../../config/identity-schemas
-        target: /etc/kratos/identity-schemas
-    networks:
-      - app-tier
-
-  kratos-migrate:
-    depends_on:
-      - kratos-db
-    container_name: kratos-migrate
-    image: oryd/kratos:v1.1.0
-    env_file:
-      - .env
-    environment:
-      - DSN=postgres://${KRATOS_DB_USER}:${KRATOS_DB_PASSWORD}@kratos-db:${KRATOS_DB_PORT}/${KRATOS_DB_NAME}?sslmode=disable&max_conns=20&max_idle_conns=4
-    command: migrate sql -e --yes
-    networks:
-      - app-tier
 
-  hydra:
-    container_name: hydra
-    image: oryd/hydra:v2.2.0
-    env_file:
-      - .env
-    environment:
-      - DSN=postgres://${HYDRA_DB_USER}:${HYDRA_DB_PASSWORD}@hydra-db:${HYDRA_DB_PORT}/${HYDRA_DB_NAME}?sslmode=disable&max_conns=20&max_idle_conns=4
-      - OIDC_SUBJECT_IDENTIFIERS_PAIRWISE_SALT=${HYDRA_PAIRWISE_SALT}
-      - URLS_IDENTITY_PROVIDER_PUBLICURL=${KRATOS_PUBLIC_URL}
-      - URLS_IDENTITY_PROVIDER_URL=${KRATOS_ADMIN_URL}
-      - SECRETS_COOKIE=${HYDRA_COOKIE_SECRET}
-      - SECRETS_SYSTEM=${HYDRA_SYSTEM_SECRET}
-    command: serve -c /etc/hydra/config/hydra.yml all --dev
-    depends_on:
-      - hydra-db
-      - hydra-migrate
+  midaz-keycloak:
+    image: quay.io/keycloak/keycloak:25.0.0
+    command: start
+    environment:
+      KC_HOSTNAME: localhost
+      KC_HOSTNAME_PORT: 8080
+      KC_HOSTNAME_STRICT_BACKCHANNEL: false
+      KC_HTTP_ENABLED: true
+      KC_HOSTNAME_STRICT_HTTPS: false
+      KC_HEALTH_ENABLED: true
+      KEYCLOAK_ADMIN: ${KEYCLOAK_ADMIN}
+      KEYCLOAK_ADMIN_PASSWORD: ${KEYCLOAK_ADMIN_PASSWORD}
+      KC_DB: postgres
+      KC_DB_URL: jdbc:postgresql://postgres/${POSTGRES_DB}
+      KC_DB_USERNAME: ${POSTGRES_USER}
+      KC_DB_PASSWORD: ${POSTGRES_PASSWORD}
     ports:
-      - "4444:4444" #public port
-      - "4445:4445" #admin port
-      - "5555:5555" #hydra token user port
-    restart: on-failure
-    volumes:
-      - type: bind
-        source: ../../config/auth
-        target: /etc/hydra/config
-    networks:
-      - app-tier
-
-  hydra-migrate:
+      - 8080:8080
+    restart: always
     depends_on:
-      - hydra-db
-      - kratos-migrate
-    container_name: hydra-migrate
-    image: oryd/hydra:v2.2.0
-    env_file:
-      - .env
-    environment:
-      - DSN=postgres://${HYDRA_DB_USER}:${HYDRA_DB_PASSWORD}@hydra-db:${HYDRA_DB_PORT}/${HYDRA_DB_NAME}?sslmode=disable&max_conns=20&max_idle_conns=4
-      - SECRETS_SYSTEM=${HYDRA_SYSTEM_SECRET}
-    restart: on-failure
-    command: migrate sql -e --yes
+      - postgres
     networks:
       - app-tier
-
-  keto:
-    container_name: keto
-    image: oryd/keto:v0.11.1-alpha.0
-    links:
-      - keto-db:keto-db
-    command: serve -c /etc/keto/config/keto.yml all
     volumes:
-      - type: bind
-        source: ../../config/auth
-        target: /etc/keto/config
-    ports:
-      - "4466:4466"
-      - "4467:4467"
-    depends_on:
-      - keto-migrate
-    environment:
-      - DSN=postgres://${KETO_DB_USER}:${KETO_DB_PASSWORD}@keto-db:${KETO_DB_PORT}/${KETO_DB_NAME}?sslmode=disable&max_conns=20&max_idle_conns=4
-    restart: on-failure
-    networks:
-      - app-tier
+      - ./my-realm.json:/opt/keycloak/data/import/my-realm.json
 
-  keto-migrate:
-    container_name: keto-migrate
-    image: oryd/keto:v0.12.0-alpha.0
-    links:
-      - keto-db:keto-db
-    volumes:
-      - type: bind
-        source: ../../config/auth
-        target: /home/ory
-    environment:
-      - LOG_LEVEL=debug
-      - DSN=postgres://${KETO_DB_USER}:${KETO_DB_PASSWORD}@keto-db:${KETO_DB_PORT}/${KETO_DB_NAME}?sslmode=disable&max_conns=20&max_idle_conns=4
-    command: ["migrate", "up", "-y"]
-    restart: on-failure
-    networks:
-      - app-tier
 
-  kratos-db:
-    <<: *postgres-common
-    container_name: kratos-db
-    ports:
-      - "5434:5432"
-    environment:
-      - POSTGRES_USER=${KRATOS_DB_USER}
-      - POSTGRES_PASSWORD=${KRATOS_DB_PASSWORD}
-      - POSTGRES_DB=${KRATOS_DB_NAME}
-    healthcheck:
-      test: [ "CMD-SHELL", "pg_isready -U ${KRATOS_DB_USER} -d ${KRATOS_DB_NAME}" ]
-      interval: 10s
-      timeout: 5s
-      retries: 5
-
-  hydra-db:
-    <<: *postgres-common
-    container_name: hydra-db
-    ports:
-      - "5435:5432"
-    environment:
-      - POSTGRES_USER=${HYDRA_DB_USER}
-      - POSTGRES_PASSWORD=${HYDRA_DB_PASSWORD}
-      - POSTGRES_DB=${HYDRA_DB_NAME}
-    healthcheck:
-      test: [ "CMD-SHELL", "pg_isready -U ${HYDRA_DB_USER} -d ${HYDRA_DB_NAME}" ]
-      interval: 10s
-      timeout: 5s
-      retries: 5
-
-  mailslurper:
-    image: oryd/mailslurper:latest-smtps
-    ports:
-      - "4436:4436"
-      - "4437:4437"
-    networks:
-      - app-tier
+volumes:
+  data:
 
 networks:
   app-tier: