PenaSide/OryKratos
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

added +- work version with oauthkeeper

Browse Source
This commit is contained in:
Pasha 2025-03-06 17:37:47 +03:00
parent 120085977b
commit f2efc502e9
10 changed files with 127 additions and 95 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
Dockerfile Normal file
View File

@ -0,0 +1,8 @@
FROM golang:1.23-alpine
WORKDIR /app
COPY . .
RUN go mod tidy
RUN go build -o app ./cmd
CMD ["./app"]

21
test/srv_test.go → cmd/main.go
View File

@ -1,31 +1,25 @@
package test package main
import ( import (
"context" "context"
"fmt" "fmt"
"github.com/gofiber/fiber/v2" "github.com/gofiber/fiber/v2"
"github.com/ory/client-go" "log"
"ory-kratos-docker/middleware"
"os/signal" "os/signal"
"syscall" "syscall"
"testing"
) )
func handler(c *fiber.Ctx) error { func handler(c *fiber.Ctx) error {
return c.SendString("Hello, World!") return c.SendString("Hello, World!")
} }
func Test_Srv(t *testing.T) { func main() {
ctx, stop := signal.NotifyContext(context.Background(), syscall.SIGINT, syscall.SIGTERM) ctx, stop := signal.NotifyContext(context.Background(), syscall.SIGINT, syscall.SIGTERM)
defer stop() defer stop()
c := client.NewConfiguration()
c.Servers = client.ServerConfigurations{{URL: "http://localhost:4433"}}
ory := client.NewAPIClient(c)
app := fiber.New() app := fiber.New()
app.Use(middleware.KratosMiddleware(ory)) //app.Use(middleware.KratosMiddleware(ory))
app.Get("/", handler) app.Get("/", handler)
app.Get("/public", func(c *fiber.Ctx) error { app.Get("/public", func(c *fiber.Ctx) error {
@ -35,9 +29,14 @@ func Test_Srv(t *testing.T) {
return c.SendString("private content") return c.SendString("private content")
}) })
app.Get("/check", func(c *fiber.Ctx) error {
sessionToken := c.Get("Cookie")
return c.Status(fiber.StatusOK).SendString(sessionToken)
})
go func() { go func() {
if err := app.Listen(":3000"); err != nil { if err := app.Listen(":3000"); err != nil {
t.Fatalf("failed to start server: %v", err) log.Fatalf("failed to start server: %v", err)
} }
}() }()

29
config/oathkeeper.yml
View File

@ -1,29 +0,0 @@
log:
level: debug
serve:
proxy:
port: 4456
api:
port: 4457
access_rules:
repositories:
- file:///etc/config/rules.json
authenticators:
cookie_session:
enabled: true
config:
check_session_url: http://kratos:4433/sessions/whoami
authorizers:
allow:
enabled: true
mutators:
id_token:
enabled: true
config:
issuer_url: http://127.0.0.1:4456/
jwks_url: http://127.0.0.1:4456/.well-known/jwks.json

30
config/rules.json
View File

@ -1,30 +0,0 @@
[
{
"id": "public",
"match": {
"url": "http://localhost:3000/public<.*>",
"methods": ["GET"]
},
"authenticators": [],
"authorizer": {
"handler": "allow"
},
"mutators": []
},
{
"id": "private",
"match": {
"url": "http://localhost:3000/private<.*>",
"methods": ["GET"]
},
"authenticators": [
{
"handler": "cookie_session"
}
],
"authorizer": {
"handler": "allow"
},
"mutators": []
}
]

0
config/identity.schema.json → config_kratos/identity.schema.json
View File

22
config/kratos.yml → config_kratos/kratos.yml
View File

@ -11,9 +11,9 @@ serve:
base_url: http://kratos:4434/ base_url: http://kratos:4434/
selfservice: selfservice:
default_browser_return_url: http://127.0.0.1:4455/welcome default_browser_return_url: http://127.0.0.1:4457/welcome
allowed_return_urls: allowed_return_urls:
- http://127.0.0.1:4455 - http://127.0.0.1:4457
- http://localhost:19006/Callback - http://localhost:19006/Callback
- exp://localhost:8081/--/Callback - exp://localhost:8081/--/Callback
@ -33,36 +33,36 @@ selfservice:
flows: flows:
error: error:
ui_url: http://127.0.0.1:4455/error ui_url: http://127.0.0.1:4457/error
settings: settings:
ui_url: http://127.0.0.1:4455/settings ui_url: http://127.0.0.1:4457/settings
privileged_session_max_age: 15m privileged_session_max_age: 15m
required_aal: highest_available required_aal: highest_available
recovery: recovery:
enabled: true enabled: true
ui_url: http://127.0.0.1:4455/recovery ui_url: http://127.0.0.1:4457/recovery
use: code use: code
verification: verification:
enabled: true enabled: true
ui_url: http://127.0.0.1:4455/verification ui_url: http://127.0.0.1:4457/verification
use: code use: code
after: after:
default_browser_return_url: http://127.0.0.1:4455/welcome default_browser_return_url: http://127.0.0.1:4457/welcome
logout: logout:
after: after:
default_browser_return_url: http://127.0.0.1:4455/login default_browser_return_url: http://127.0.0.1:4457/login
login: login:
ui_url: http://127.0.0.1:4455/login ui_url: http://127.0.0.1:4457/login
lifespan: 10m lifespan: 10m
registration: registration:
lifespan: 10m lifespan: 10m
ui_url: http://127.0.0.1:4455/registration ui_url: http://127.0.0.1:4457/registration
after: after:
password: password:
hooks: hooks:
@ -92,7 +92,7 @@ identity:
default_schema_id: default default_schema_id: default
schemas: schemas:
- id: default - id: default
url: file:///etc/config/kratos/identity.schema.json url: file:///etc/config_kratos/kratos/identity.schema.json
courier: courier:
smtp: smtp:

17
config_oauthkeeper/jwks.json Normal file
View File

@ -0,0 +1,17 @@
{
"keys": [
{
"kty": "RSA",
"kid": "wGO2d4C5hnkUL5kzrurMz8Sdo-rH4GZvuHMx49rIhks",
"use": "sig",
"alg": "RS256",
"n": "30Z0_oDV7xP3qxwU2nUqeje7H0nD4v2rVqCCXqQUtltoggTpFd8L9e0JACXfK-HQp11haUNU5ANzbpat6yGOJKgPLr901IBeoWmkLINrCrR20wgDEf0But7dV97x6_M1zT5hlawbTlMhGIVApvPqSKAeSy8tbH9qSBdn-1yndY1KOjtQxLF6whfHLgawrfCTXSZaOa-6BnhlJtIJMXktkgARbNDO8d1TeO1OVQSOPn5ZKY89Ot-grC4_a_Iy6zQOnUXqCqn4N8Wr2Swsnt-VV7xfYjVScVbJO3VJIMjtZTEiZLi550AdNJt5LRymHUEv4mCfR0l7dpBu0Q4jN1jUMQ",
"e": "AQAB",
"p": "-XN4xrct2Chhcs_rPZfYyhW49FEYsqiWB4OmPmz7LmS3wMCSt4RIcs3XM7xqVssyZ06rQ9BImvGWOWXb8AqMal01k2jSJ8vJ9XzCw0KXL3mc2SYFv-cJB9CXVdPSwaalQwmUfM-R_CAhzgpH-GlRh_E_xe2KkAa2TrVCe4EueW8",
"q": "5SMPkS6Ed_2vMCifkowSNazuFhVOrJWMYgMJeNLi2m2kMQQMdDGDDlUX27-hSNEaOqhVmZkFMyIIPXszzKni_jQsv01MiPQKAIoQvkSPSV8WfltQ_M5gEPxsKDw-DRMHu4FO7dxtg9HecKRTe3gQAtYkESdfTYkQgrouIAw4fF8",
"dp": "VLNlxiu60FPdyutYmCBwRyYbGDJVLYza7JBCKZ49p-IhFr0M1G2BYCIOuY13miMC6VsoAi2-CYaQmMrCZH5gcVlW8Me93C9xUv7a7ww0Y7Vqkb08ZI3hXhrw1_7F6GVaZinhloOwsSiD8f9BstKoEX3URrPCwebVjmIzwdX6Xtc",
"dq": "TKVXtbabtQ90pGVSS1DzXmUEFvr1oCE-HiLp7jKMk4gNXh_-kndlYUvxeR42swbPAUQBrilTZfFCVF57y0Agn-uP9EXFDiKjnd6RDzQbwe0-tvGQu5_E3qmw_Bx6nSD6eywb3NDZCTkQcRlmm2xj3q8GzX4gEO2CSlhAyZOM6X0",
"qi": "bhwBlbJqQGb2aPCf03Xkx2OyaO7p4RdTwGq9IKgIipQkltUZCpQDI-Aat1zwfOf_qhIbMZGa4DoY3zatXVPbOt9F-y0HqIQytw7W2uKqJ903NQRcCq5GgbNDPuJHXbwgmOYQe1STTLVoQqeCb92wKEZkDLMl0pPnUoCTz4weZqE"
}
]
}

31
config_oauthkeeper/oathkeeper.yml Normal file
View File

@ -0,0 +1,31 @@
log:
level: debug
serve:
proxy:
port: 4455
api:
port: 4456
access_rules:
repositories:
- file:///etc/config_oauthkeeper/rules.json
authenticators:
cookie_session:
enabled: true
config:
check_session_url: http://tsrv:3000/check #todo
authorizers:
allow:
enabled: true
mutators:
id_token: #todo
enabled: true
config:
issuer_url: http://oathkeeper:4455/
jwks_url: file:///etc/config_oauthkeeper/jwks.json
noop:
enabled: true

25
config_oauthkeeper/rules.json Normal file
View File

@ -0,0 +1,25 @@
[
{
"id": "test",
"upstream": {
"url": "http://tsrv:3000"
},
"match": {
"url": "http://127.0.0.1:4455/public",
"methods": ["GET"]
},
"authenticators": [
{
"handler": "cookie_session"
}
],
"authorizer": {
"handler": "allow"
},
"mutators": [
{
"handler": "noop"
}
]
}
]

39
docker-compose.yml
View File

@ -8,14 +8,14 @@ services:
- "4433:4433" - "4433:4433"
- "4434:4434" - "4434:4434"
restart: unless-stopped restart: unless-stopped
command: serve -c /etc/config/kratos/kratos.yml --dev --watch-courier command: serve -c /etc/config_kratos/kratos/kratos.yml --dev --watch-courier
volumes: volumes:
- ./config:/etc/config/kratos:ro - ./config_kratos:/etc/config_kratos/kratos:ro
- ./migrations:/etc/migrations:ro - ./migrations:/etc/migrations:ro
environment: environment:
- DSN=postgres://kratos:kratos@db:5432/kratos?sslmode=disable - DSN=postgres://kratos:kratos@db:5432/kratos?sslmode=disable
- LOG_LEVEL=debug - LOG_LEVEL=debug
- KRATOS_CONFIG_FILE=/etc/config/kratos/kratos.yml - KRATOS_CONFIG_FILE=/etc/config_kratos/kratos/kratos.yml
depends_on: depends_on:
- kratos-migrate - kratos-migrate
networks: networks:
@ -56,9 +56,9 @@ services:
depends_on: depends_on:
- db - db
- sql-migrate - sql-migrate
command: migrate sql -e --yes --config /etc/config/kratos/kratos.yml command: migrate sql -e --yes --config /etc/config_kratos/kratos/kratos.yml
volumes: volumes:
- ./config:/etc/config/kratos:ro - ./config_kratos:/etc/config_kratos/kratos:ro
networks: networks:
- kratos_net - kratos_net
@ -72,9 +72,8 @@ services:
kratos-ui: kratos-ui:
image: oryd/kratos-selfservice-ui-node:v1.3.1 image: oryd/kratos-selfservice-ui-node:v1.3.1
ports: ports:
- "4455:4455" - "4457:4455"
environment: environment:
- KRATOS_PUBLIC_URL=http://kratos:4433/ - KRATOS_PUBLIC_URL=http://kratos:4433/
- KRATOS_BROWSER_URL=http://127.0.0.1:4433/ - KRATOS_BROWSER_URL=http://127.0.0.1:4433/
@ -86,7 +85,7 @@ services:
depends_on: depends_on:
- kratos - kratos
volumes: volumes:
- ./config:/etc/config/kratos:ro - ./config_kratos:/etc/config_kratos/kratos:ro
networks: networks:
- kratos_net - kratos_net
@ -94,20 +93,32 @@ services:
image: oryd/oathkeeper:v0.40.6 image: oryd/oathkeeper:v0.40.6
container_name: oathkeeper container_name: oathkeeper
restart: unless-stopped restart: unless-stopped
command: serve -c /etc/config_oauthkeeper/oathkeeper.yml
ports: ports:
- "4455:4455"
- "4456:4456" - "4456:4456"
- "4457:4457"
environment:
- LOG_LEVEL=debug
- OATHKEEPER_CONFIG_FILE=/etc/config/oathkeeper.yml
volumes: volumes:
- ./config/oathkeeper.yml:/etc/config/oathkeeper.yml:ro - ./config_oauthkeeper/oathkeeper.yml:/etc/config_oauthkeeper/oathkeeper.yml
- ./config/rules.json:/etc/config/rules.json:ro - ./config_oauthkeeper/rules.json:/etc/config_oauthkeeper/rules.json
- ./config_oauthkeeper/jwks.json:/etc/config_oauthkeeper/jwks.json
depends_on: depends_on:
- kratos - kratos
networks: networks:
- kratos_net - kratos_net
tsrv:
build:
context: .
dockerfile: Dockerfile
container_name: tsrv
ports:
- "3000:3000"
networks:
- kratos_net
depends_on:
- kratos
- oathkeeper
volumes: volumes:
db_data: db_data:
networks: networks: