OIDC functional

Update
Fix bad file name
2025-05-19 21:08:51 +02:00 · 2025-05-19 20:58:50 +02:00 · 2025-05-19 19:35:26 +02:00
6 changed files with 137 additions and 3 deletions
--- a/README.md
+++ b/README.md
@ -3,10 +3,46 @@

 Open Source web-based personal expenses tool.

+**Note :** This project does not handle authentication itself. Instead, it relies on OpenID to achieve users authentication.
+
+## Setup prod env
+1. Install prerequisites:
+   1. docker
+   2. docker compose
+   3. git
+
+2. Clone this git repository:
+```bash
+git clone https://gitea.communiquons.org/pierre/MoneyMgr
+cd MoneyMgr/docker_prod
+```
+
+3. Copy and adapt env values
+```bash
+cp .env.sample .env
+nano .env
+```
+
+4. Create required directories:
+
+```bash
+mkdir -p storage/{db,redis-data,redis-conf,minio}
+```
+
+5. Start containers
+
+```bash
+docker compose up
+```
+
+6. Checkout http://localhost:8000/
+
+> The default credentials are `admin` / `admin`
+
 ## Setup dev env
 1. Install prerequisites:
   1. docker
-   2. docker-compose
+   2. docker compose
   3. rust
   4. node

--- a/docker_prod/.env.sample
+++ b/docker_prod/.env.sample
@ -0,0 +1,10 @@
+MINIO_ROOT_USER=rootuser
+MINIO_ROOT_PASSWORD=rootpassword
+DB_USER=db_user
+DB_PASSWORD=db_password
+REDIS_PASS=redis_password
+WEBSITE_ORIGIN=http://localhost:8000
+APP_SECRET=secretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecret
+AUTH_SECRET_KEY=secretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecret
+OIDC_CLIENT_ID=bar
+OIDC_CLIENT_SECRET=foo
--- a/docker_prod/.gitignore
+++ b/docker_prod/.gitignore
@ -0,0 +1,3 @@
+.env
+storage
+auth/users.json
--- a/docker_prod/auth/clients.yaml
+++ b/docker_prod/auth/clients.yaml
@ -0,0 +1,5 @@
+- id: ${OIDC_CLIENT_ID}
+  name: MoneyMgr
+  description: Money management tool
+  secret: ${OIDC_CLIENT_SECRET}
+  redirect_uri: ${APP_ORIGIN}/oidc_cb
--- a/docker_prod/docker-compose.yml
+++ b/docker_prod/docker-compose.yml
@ -0,0 +1,79 @@
+services:
+  minio:
+    image: minio/minio
+    user: "1000"
+    environment:
+      - MINIO_ROOT_USER=$MINIO_ROOT_USER
+      - MINIO_ROOT_PASSWORD=$MINIO_ROOT_PASSWORD
+    volumes:
+      - ./storage/minio:/data
+    command: [ "minio", "server", "/data", "--console-address", ":9090" ]
+    ports:
+      - 9000:9000
+      - 9090:9090
+    expose:
+      - 9000
+
+  db:
+    image: postgres
+    user: "1000"
+    ports:
+      - "5432:5432"
+    expose:
+      - 5432
+    environment:
+      - POSTGRES_USER=$DB_USER
+      - POSTGRES_PASSWORD=$DB_PASSWORD
+      - POSTGRES_DB=moneymgr
+    volumes:
+      - ./storage/db:/var/lib/postgresql/data
+
+  oidc:
+    image: pierre42100/basic_oidc
+    user: "1000"
+    environment:
+      - LISTEN_ADDRESS=0.0.0.0:9001
+      - STORAGE_PATH=/storage
+      - TOKEN_KEY=$AUTH_SECRET_KEY
+      - WEBSITE_ORIGIN=http://localhost:9001
+      - OIDC_CLIENT_ID=$OIDC_CLIENT_ID
+      - OIDC_CLIENT_SECRET=$OIDC_CLIENT_SECRET
+      - APP_ORIGIN=$WEBSITE_ORIGIN
+    expose:
+      - 9001
+    ports:
+      - 9001:9001
+    volumes:
+      - ./auth:/storage
+
+  redis:
+    image: redis:alpine
+    user: "1000"
+    command: redis-server --requirepass ${REDIS_PASS:-secretredis}
+    expose:
+      - 6379
+    volumes:
+      - ./storage/redis-data:/data
+      - ./storage/redis-conf:/usr/local/etc/redis/redis.conf
+
+  moneymgr:
+    image: pierre42100/moneymgr_backend
+    user: "1000"
+    ports:
+      - 8000:8000
+    environment:
+      - WEBSITE_ORIGIN=${WEBSITE_ORIGIN}
+      - SECRET=${APP_SECRET}
+      - DB_HOST=db
+      - DB_USERNAME=$DB_USER
+      - DB_PASSWORD=$DB_PASSWORD
+      - DB_NAME=moneymgr
+      - OIDC_CONFIGURATION_URL=http://oidc:9001/.well-known/openid-configuration
+      - OIDC_PROVIDER_NAME=OIDC
+      - OIDC_CLIENT_ID=$OIDC_CLIENT_ID
+      - OIDC_CLIENT_SECRET=$OIDC_CLIENT_SECRET
+      - S3_ENDPOINT=http://minio:9000
+      - S3_ACCESS_KEY=$MINIO_ROOT_USER
+      - S3_SECRET_KEY=$MINIO_ROOT_PASSWORD
+      - REDIS_HOSTNAME=redis
+      - REDIS_PASSWORD=${REDIS_PASS:-secretredis}
--- a/moneymgr_backend/examples/api_curl.rs
+++ b/moneymgr_backend/examples/api_curl.rs
@ -14,7 +14,7 @@ use std::process::Command;
 struct Args {
    /// URL to Money manager API
    #[arg(short('U'), long, env, default_value = "http://localhost:8000/api")]
-    matrix_gw_url: String,
+    moneymgr_url: String,

    /// Token ID
    #[arg(short('i'), long, env)]
@ -39,7 +39,8 @@ struct Args {
 fn main() {
    let args: Args = Args::parse();

-    let full_url = format!("{}{}", args.matrix_gw_url, args.uri);
+    let full_url = format!("{}{}", args.moneymgr_url, args.uri);
+
    log::debug!("Full URL: {full_url}");

    let key = HS256Key::from_bytes(args.token_secret.as_bytes());
Author	SHA1	Message	Date
Pierre HUBERT	87f017fc42	OIDC functional All checks were successful continuous-integration/drone/push Build is passing Details	2025-05-19 21:08:51 +02:00
Pierre HUBERT	43fb8dcda6	Update	2025-05-19 20:58:50 +02:00
Pierre HUBERT	a3b9c7cdb1	Fix bad file name All checks were successful continuous-integration/drone/push Build is passing Details	2025-05-19 19:35:26 +02:00