diff --git a/README.md b/README.md index 547f551..846e6c0 100644 --- a/README.md +++ b/README.md @@ -3,6 +3,8 @@ Open Source web-based personal expenses tool. +**Note :** This project does not handle authentication itself. Instead, it relies on OpenID to achieve users authentication. + ## Setup prod env 1. Install prerequisites: 1. docker @@ -35,6 +37,8 @@ docker compose up 6. Checkout http://localhost:8000/ +> The default credentials are `admin` / `admin` + ## Setup dev env 1. Install prerequisites: 1. docker diff --git a/docker_prod/.env.sample b/docker_prod/.env.sample index 1cd21a2..05facfe 100644 --- a/docker_prod/.env.sample +++ b/docker_prod/.env.sample @@ -4,4 +4,7 @@ DB_USER=db_user DB_PASSWORD=db_password REDIS_PASS=redis_password WEBSITE_ORIGIN=http://localhost:8000 -APP_SECRET=secretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecret \ No newline at end of file +APP_SECRET=secretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecret +AUTH_SECRET_KEY=secretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecret +OIDC_CLIENT_ID=bar +OIDC_CLIENT_SECRET=foo \ No newline at end of file diff --git a/docker_prod/.gitignore b/docker_prod/.gitignore index 51ee488..4e556f1 100644 --- a/docker_prod/.gitignore +++ b/docker_prod/.gitignore @@ -1,2 +1,3 @@ .env storage +auth/users.json \ No newline at end of file diff --git a/docker_prod/auth/clients.yaml b/docker_prod/auth/clients.yaml new file mode 100644 index 0000000..d89537d --- /dev/null +++ b/docker_prod/auth/clients.yaml @@ -0,0 +1,5 @@ +- id: ${OIDC_CLIENT_ID} + name: MoneyMgr + description: Money management tool + secret: ${OIDC_CLIENT_SECRET} + redirect_uri: ${APP_ORIGIN}/oidc_cb \ No newline at end of file diff --git a/docker_prod/dex/dex.config.yaml b/docker_prod/dex/dex.config.yaml deleted file mode 100644 index 6081304..0000000 --- a/docker_prod/dex/dex.config.yaml +++ /dev/null @@ -1,27 +0,0 @@ -issuer: http://localhost:9001/dex - -storage: - type: memory - -web: - http: 0.0.0.0:9001 - -oauth2: - # Automate some clicking - # Note: this might actually make some tests pass that otherwise wouldn't. - skipApprovalScreen: false - -connectors: - # Note: this might actually make some tests pass that otherwise wouldn't. - - type: mockCallback - id: mock - name: Example - -# Basic OP test suite requires two clients. -staticClients: - - id: foo - secret: bar - redirectURIs: - - http://localhost:8000/oidc_cb - - name: Project diff --git a/docker_prod/docker-compose.yml b/docker_prod/docker-compose.yml index 3fc66f3..0f18383 100644 --- a/docker_prod/docker-compose.yml +++ b/docker_prod/docker-compose.yml @@ -29,15 +29,22 @@ services: - ./storage/db:/var/lib/postgresql/data oidc: - image: dexidp/dex + image: pierre42100/basic_oidc user: "1000" + environment: + - LISTEN_ADDRESS=0.0.0.0:9001 + - STORAGE_PATH=/storage + - TOKEN_KEY=$AUTH_SECRET_KEY + - WEBSITE_ORIGIN=http://localhost:9001 + - OIDC_CLIENT_ID=$OIDC_CLIENT_ID + - OIDC_CLIENT_SECRET=$OIDC_CLIENT_SECRET + - APP_ORIGIN=$WEBSITE_ORIGIN expose: - 9001 ports: - 9001:9001 volumes: - - ./dex:/conf:ro - command: [ "dex", "serve", "/conf/dex.config.yaml" ] + - ./auth:/storage redis: image: redis:alpine @@ -61,10 +68,10 @@ services: - DB_USERNAME=$DB_USER - DB_PASSWORD=$DB_PASSWORD - DB_NAME=moneymgr - - OIDC_CONFIGURATION_URL=http://oidc:9001/dex/.well-known/openid-configuration + - OIDC_CONFIGURATION_URL=http://oidc:9001/.well-known/openid-configuration - OIDC_PROVIDER_NAME=OIDC - - OIDC_CLIENT_ID=foo - - OIDC_CLIENT_SECRET=bar + - OIDC_CLIENT_ID=$OIDC_CLIENT_ID + - OIDC_CLIENT_SECRET=$OIDC_CLIENT_SECRET - S3_ENDPOINT=http://minio:9000 - S3_ACCESS_KEY=$MINIO_ROOT_USER - S3_SECRET_KEY=$MINIO_ROOT_PASSWORD