Added ory kratos to docker compose file

2022-10-14 12:15:07 +02:00 · 2022-10-14 12:15:07 +02:00 · b2a16e5181
commit b2a16e5181
parent ebf1dd5adc
5 changed files with 195 additions and 7 deletions
--- a/.docker/kratos/identity.schema.json
+++ b/.docker/kratos/identity.schema.json
@ -0,0 +1,38 @@
+{
+  "$id": "https://schemas.ory.sh/presets/kratos/quickstart/email-password/identity.schema.json",
+  "$schema": "http://json-schema.org/draft-07/schema#",
+  "title": "Person",
+  "type": "object",
+  "properties": {
+    "traits": {
+      "type": "object",
+      "properties": {
+        "email": {
+          "type": "string",
+          "format": "email",
+          "title": "E-Mail",
+          "minLength": 3,
+          "ory.sh/kratos": {
+            "credentials": {
+              "password": {
+                "identifier": true
+              }
+            },
+            "verification": {
+              "via": "email"
+            },
+            "recovery": {
+              "via": "email"
+            }
+          }
+        },
+        "username": {
+          "type": "string",
+          "title": "Username"
+        }
+      },
+      "required": ["email", "username"],
+      "additionalProperties": false
+    }
+  }
+}
--- a/.docker/kratos/kratos.yml
+++ b/.docker/kratos/kratos.yml
@ -0,0 +1,83 @@
+version: v0.10.1
+
+dsn: memory
+
+serve:
+  public:
+    base_url: http://127.0.0.1:4433/
+    cors:
+      enabled: true
+  admin:
+    base_url: http://kratos:4434/
+
+selfservice:
+  default_browser_return_url: http://127.0.0.1:4455/
+  allowed_return_urls:
+    - http://127.0.0.1:4455
+
+  methods:
+    password:
+      enabled: true
+
+  flows:
+    error:
+      ui_url: http://127.0.0.1:4455/error
+
+    settings:
+      ui_url: http://127.0.0.1:4455/settings
+      privileged_session_max_age: 15m
+
+    recovery:
+      enabled: true
+      ui_url: http://127.0.0.1:4455/recovery
+
+    verification:
+      enabled: false
+      ui_url: http://127.0.0.1:4455/verification
+      after:
+        default_browser_return_url: http://127.0.0.1:4455/
+
+    logout:
+      after:
+        default_browser_return_url: http://127.0.0.1:4455/login
+
+    login:
+      ui_url: http://127.0.0.1:4455/login
+      lifespan: 10m
+
+    registration:
+      lifespan: 10m
+      ui_url: http://127.0.0.1:4455/registration
+      after:
+        password:
+          hooks:
+            - hook: session
+
+log:
+  level: debug
+  format: text
+  leak_sensitive_values: true
+
+secrets:
+  cookie:
+    - PLEASE-CHANGE-ME-I-AM-VERY-INSECURE
+  cipher:
+    - 32-LONG-SECRET-NOT-SECURE-AT-ALL
+
+ciphers:
+  algorithm: xchacha20-poly1305
+
+hashers:
+  algorithm: bcrypt
+  bcrypt:
+    cost: 8
+
+identity:
+  default_schema_id: default
+  schemas:
+    - id: default
+      url: file:///etc/config/kratos/identity.schema.json
+
+courier:
+  smtp:
+    connection_uri: smtps://test:test@mailslurper:1025/?skip_ssl_verify=true
--- a/.env.sample
+++ b/.env.sample
@ -0,0 +1,13 @@
+# twitch-clone postgres
+POSTGRES_USER=postgres
+POSTGRES_PASSWORD=postgres
+POSTGRES_DB=postgres
+
+# Ory Kratos postgres
+KRATOS_POSTGRES_USER=kratos
+KRATOS_POSTGRES_PASSWORD=secret
+KRATOS_POSTGRES_DB=kratos
+
+# Ory Kratos secrets
+KRATOS_COOKIE_SECRET=secret
+KRATOS_CIPHER_SECRET=secret
--- a/.gitignore
+++ b/.gitignore
@ -22,3 +22,6 @@ go.work

 tmp/
 dist/
+
+# Secrets
+.env
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -2,9 +2,9 @@ version: '3.3'

 services:
  app:
-    build: "."
+    build: '.'
    depends_on:
-      - postgres
+      - app-postgres
    ports:
      - 5000:5000
  rtmp:
@ -12,9 +12,60 @@ services:
    ports:
      - 1935:1935
      - 8080:80
-  postgres:
-    image: postgres:latest
-    environment:
-      - POSTGRES_PASSWORD=postgres
+  app-postgres:
+    image: postgres:9.6
    ports:
-      - 5432:5432
+      - '5432:5432'
+    environment:
+      - POSTGRES_USER=${POSTGRES_USER}
+      - POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
+      - POSTGRES_DB=${POSTGRES_DB}
+  kratos-migrate:
+    image: oryd/kratos:v0.10.1
+    environment:
+      - DSN=postgres://${KRATOS_POSTGRES_USER}:${KRATOS_POSTGRES_PASSWORD}@kratos-postgres:5432/${KRATOS_POSTGRES_DB}?sslmode=disable&max_conns=20&max_idle_conns=4
+    volumes:
+      - type: bind
+        source: .docker/kratos
+        target: /etc/config/kratos
+    command: -c /etc/config/kratos/kratos.yml migrate sql -e --yes
+    restart: on-failure
+  kratos-selfservice-ui-node:
+    image: oryd/kratos-selfservice-ui-node:v0.10.1
+    environment:
+      - KRATOS_PUBLIC_URL=http://kratos:4433/
+      - KRATOS_BROWSER_URL=http://127.0.0.1:4433/
+    restart: on-failure
+    ports:
+      - '4455:3000'
+  kratos:
+    depends_on:
+      - kratos-migrate
+    image: oryd/kratos:v0.10.1
+    ports:
+      - '4433:4433' # public
+      - '4434:4434' # admin
+    restart: unless-stopped
+    environment:
+      - DSN=postgres://${KRATOS_POSTGRES_USER}:${KRATOS_POSTGRES_PASSWORD}@kratos-postgres:5432/${KRATOS_POSTGRES_DB}?sslmode=disable&max_conns=20&max_idle_conns=4
+      - LOG_LEVEL=trace
+      - SECRETS_COOKIE_0=${KRATOS_COOKIE_SECRET}
+      - SECRETS_CIPHER_0=${KRATOS_CIPHER_SECRET}
+    command: serve -c /etc/config/kratos/kratos.yml --dev --watch-courier
+    volumes:
+      - type: bind
+        source: .docker/kratos
+        target: /etc/config/kratos
+  mailslurper:
+    image: oryd/mailslurper:latest-smtps
+    ports:
+      - '4436:4436'
+      - '4437:4437'
+  kratos-postgres:
+    image: postgres:9.6
+    ports:
+      - '5432:5432'
+    environment:
+      - POSTGRES_USER=${KRATOS_POSTGRES_USER}
+      - POSTGRES_PASSWORD=${KRATOS_POSTGRES_PASSWORD}
+      - POSTGRES_DB=${KRATOS_POSTGRES_DB}