Add OAuth

2020-09-24 02:26:17 +02:00 · 2020-09-24 02:26:17 +02:00 · 4ef620c887
parent dc81610de1
commit 4ef620c887
3 changed files with 24 additions and 1 deletions
--- a/.envrc.sample
+++ b/.envrc.sample
@ -6,3 +6,14 @@ export LETS_ENCRYPT_ENV=production

 export DB_ROOT_PASSWORD_VERSION=v1
 export ENTRYPOINT_CONF_VERSION=v1
+
+# OAuth
+
+#export CMD_OAUTH2_PROVIDERNAME="Keycloak"
+#export CMD_OAUTH2_BASEURL="https://keycloak.example.com/realms/realmname/protocol/openid-connect/"
+#export CMD_OAUTH2_CLIENT_ID="codimd"
+#export CMD_OAUTH2_AUTHORIZATION_URL="https://keycloak.example.com/auth/realms/realmname/protocol/openid-connect/auth"
+#export CMD_OAUTH2_TOKEN_URL="https://keycloak.example.com/auth/realms/realmname/protocol/openid-connect/token"
+#export CMD_OAUTH2_USER_PROFILE_URL="https://keycloak.example.com/auth/realms/realmname/protocol/openid-connect/userinfo"
+#
+#export OAUTH_KEY_VERSION=v1
--- a/compose.yml
+++ b/compose.yml
@ -26,10 +26,11 @@ services:
      - CMD_OAUTH2_PROVIDERNAME
      - CMD_OAUTH2_BASEURL
      - CMD_OAUTH2_CLIENT_ID
-      - CMD_OAUTH2_CLIENT_SECRET
+      - CMD_OAUTH2_CLIENT_SECRET_FILE=/run/secrets/oauth_key
      - CMD_OAUTH2_AUTHORIZATION_URL
      - CMD_OAUTH2_TOKEN_URL
      - CMD_OAUTH2_USER_PROFILE_URL
+      - CMD_OAUTH2_USER_PROFILE_USERNAME_ATTR
    depends_on:
      - postgres
    networks:
@ -39,6 +40,7 @@ services:
      - codimd_uploads:/home/hackmd/app/public/uploads
    secrets:
      - db_password
+      - oauth_key
    entrypoint: /docker-entrypoint2.sh
    configs:
      - source: entrypoint2_conf
@ -55,6 +57,12 @@ services:
        - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`)"
        - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
        - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
+    healthcheck:
+      test: ["CMD", "wget", "-qO", "-", "http://localhost:3000"]
+      interval: 30s
+      timeout: 10s
+      retries: 10
+      start_period: 1m

 volumes:
  postgres:
@ -64,6 +72,9 @@ secrets:
  db_password:    
    external: true 
    name: ${STACK_NAME}_db_password_${DB_PASSWORD_VERSION}
+  oauth_key:    
+    external: true 
+    name: ${STACK_NAME}_oauth_key_${OAUTH_KEY_VERSION}

 networks:
  proxy:
--- a/entrypoint.sh.tmpl
+++ b/entrypoint.sh.tmpl
@ -23,6 +23,7 @@ file_env() {

 load_vars() {
 	file_env "CMD_DB_PASSWORD"
+	file_env "CMD_OAUTH2_CLIENT_SECRET"
 }

 main() {