From 4ef620c88751f679ba1f849206c8fa4570712bff Mon Sep 17 00:00:00 2001
From: 3wc <3wc.git@doesthisthing.work>
Date: Thu, 24 Sep 2020 02:26:17 +0200
Subject: [PATCH] Add OAuth

---
 .envrc.sample      | 11 +++++++++++
 compose.yml        | 13 ++++++++++++-
 entrypoint.sh.tmpl |  1 +
 3 files changed, 24 insertions(+), 1 deletion(-)

diff --git a/.envrc.sample b/.envrc.sample
index b7e3d91..ef65fcc 100644
--- a/.envrc.sample
+++ b/.envrc.sample
@@ -6,3 +6,14 @@ export LETS_ENCRYPT_ENV=production
 
 export DB_ROOT_PASSWORD_VERSION=v1
 export ENTRYPOINT_CONF_VERSION=v1
+
+# OAuth
+
+#export CMD_OAUTH2_PROVIDERNAME="Keycloak"
+#export CMD_OAUTH2_BASEURL="https://keycloak.example.com/realms/realmname/protocol/openid-connect/"
+#export CMD_OAUTH2_CLIENT_ID="codimd"
+#export CMD_OAUTH2_AUTHORIZATION_URL="https://keycloak.example.com/auth/realms/realmname/protocol/openid-connect/auth"
+#export CMD_OAUTH2_TOKEN_URL="https://keycloak.example.com/auth/realms/realmname/protocol/openid-connect/token"
+#export CMD_OAUTH2_USER_PROFILE_URL="https://keycloak.example.com/auth/realms/realmname/protocol/openid-connect/userinfo"
+#
+#export OAUTH_KEY_VERSION=v1
diff --git a/compose.yml b/compose.yml
index 51e6885..2f4f5ce 100644
--- a/compose.yml
+++ b/compose.yml
@@ -26,10 +26,11 @@ services:
       - CMD_OAUTH2_PROVIDERNAME
       - CMD_OAUTH2_BASEURL
       - CMD_OAUTH2_CLIENT_ID
-      - CMD_OAUTH2_CLIENT_SECRET
+      - CMD_OAUTH2_CLIENT_SECRET_FILE=/run/secrets/oauth_key
       - CMD_OAUTH2_AUTHORIZATION_URL
       - CMD_OAUTH2_TOKEN_URL
       - CMD_OAUTH2_USER_PROFILE_URL
+      - CMD_OAUTH2_USER_PROFILE_USERNAME_ATTR
     depends_on:
       - postgres
     networks:
@@ -39,6 +40,7 @@ services:
       - codimd_uploads:/home/hackmd/app/public/uploads
     secrets:
       - db_password
+      - oauth_key
     entrypoint: /docker-entrypoint2.sh
     configs:
       - source: entrypoint2_conf
@@ -55,6 +57,12 @@ services:
         - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`)"
         - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
         - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
+    healthcheck:
+      test: ["CMD", "wget", "-qO", "-", "http://localhost:3000"]
+      interval: 30s
+      timeout: 10s
+      retries: 10
+      start_period: 1m
 
 volumes:
   postgres:
@@ -64,6 +72,9 @@ secrets:
   db_password:    
     external: true 
     name: ${STACK_NAME}_db_password_${DB_PASSWORD_VERSION}
+  oauth_key:    
+    external: true 
+    name: ${STACK_NAME}_oauth_key_${OAUTH_KEY_VERSION}
 
 networks:
   proxy:
diff --git a/entrypoint.sh.tmpl b/entrypoint.sh.tmpl
index 77140bd..e087e67 100644
--- a/entrypoint.sh.tmpl
+++ b/entrypoint.sh.tmpl
@@ -23,6 +23,7 @@ file_env() {
 
 load_vars() {
 	file_env "CMD_DB_PASSWORD"
+	file_env "CMD_OAUTH2_CLIENT_SECRET"
 }
 
 main() {