OIDC functional

README.md

@@ -3,6 +3,8 @@
 
 Open Source web-based personal expenses tool.
 
+**Note :** This project does not handle authentication itself. Instead, it relies on OpenID to achieve users authentication.
+
 ## Setup prod env
 1. Install prerequisites:
    1. docker
@@ -35,6 +37,8 @@ docker compose up
 
 6. Checkout http://localhost:8000/
 
+> The default credentials are `admin` / `admin`
+
 ## Setup dev env
 1. Install prerequisites:
    1. docker

docker_prod/.env.sample

@@ -4,4 +4,7 @@ DB_USER=db_user
 DB_PASSWORD=db_password
 REDIS_PASS=redis_password
 WEBSITE_ORIGIN=http://localhost:8000
-APP_SECRET=secretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecret
+APP_SECRET=secretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecret
+AUTH_SECRET_KEY=secretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecret
+OIDC_CLIENT_ID=bar
+OIDC_CLIENT_SECRET=foo

docker_prod/.gitignore

@@ -1,2 +1,3 @@
 .env
 storage
+auth/users.json

docker_prod/auth/clients.yaml

@@ -0,0 +1,5 @@
+- id: ${OIDC_CLIENT_ID}
+  name: MoneyMgr
+  description: Money management tool
+  secret: ${OIDC_CLIENT_SECRET}
+  redirect_uri: ${APP_ORIGIN}/oidc_cb

docker_prod/dex/dex.config.yaml

@@ -1,27 +0,0 @@
-issuer: http://localhost:9001/dex
-
-storage:
-  type: memory
-
-web:
-  http: 0.0.0.0:9001
-
-oauth2:
-  # Automate some clicking
-  # Note: this might actually make some tests pass that otherwise wouldn't.
-  skipApprovalScreen: false
-
-connectors:
-  # Note: this might actually make some tests pass that otherwise wouldn't.
-  - type: mockCallback
-    id: mock
-    name: Example
-
-# Basic OP test suite requires two clients.
-staticClients:
-  - id: foo
-    secret: bar
-    redirectURIs:
-      - http://localhost:8000/oidc_cb
-
-    name: Project

docker_prod/docker-compose.yml

@@ -29,15 +29,22 @@ services:
       - ./storage/db:/var/lib/postgresql/data
 
   oidc:
-    image: dexidp/dex
+    image: pierre42100/basic_oidc
     user: "1000"
+    environment:
+      - LISTEN_ADDRESS=0.0.0.0:9001
+      - STORAGE_PATH=/storage
+      - TOKEN_KEY=$AUTH_SECRET_KEY
+      - WEBSITE_ORIGIN=http://localhost:9001
+      - OIDC_CLIENT_ID=$OIDC_CLIENT_ID
+      - OIDC_CLIENT_SECRET=$OIDC_CLIENT_SECRET
+      - APP_ORIGIN=$WEBSITE_ORIGIN
     expose:
       - 9001
     ports:
       - 9001:9001
     volumes:
-      - ./dex:/conf:ro
-    command: [ "dex", "serve", "/conf/dex.config.yaml" ]
+      - ./auth:/storage
 
   redis:
     image: redis:alpine
@@ -61,10 +68,10 @@ services:
       - DB_USERNAME=$DB_USER
       - DB_PASSWORD=$DB_PASSWORD
       - DB_NAME=moneymgr
-      - OIDC_CONFIGURATION_URL=http://oidc:9001/dex/.well-known/openid-configuration
+      - OIDC_CONFIGURATION_URL=http://oidc:9001/.well-known/openid-configuration
       - OIDC_PROVIDER_NAME=OIDC
-      - OIDC_CLIENT_ID=foo
-      - OIDC_CLIENT_SECRET=bar
+      - OIDC_CLIENT_ID=$OIDC_CLIENT_ID
+      - OIDC_CLIENT_SECRET=$OIDC_CLIENT_SECRET
       - S3_ENDPOINT=http://minio:9000
       - S3_ACCESS_KEY=$MINIO_ROOT_USER
       - S3_SECRET_KEY=$MINIO_ROOT_PASSWORD