From b2a16e5181aed007bca771629f3dedb96c720460 Mon Sep 17 00:00:00 2001 From: strNophix Date: Fri, 14 Oct 2022 12:15:07 +0200 Subject: [PATCH] Added ory kratos to docker compose file --- .docker/kratos/identity.schema.json | 38 +++++++++++++ .docker/kratos/kratos.yml | 83 +++++++++++++++++++++++++++++ .env.sample | 13 +++++ .gitignore | 3 ++ docker-compose.yml | 65 +++++++++++++++++++--- 5 files changed, 195 insertions(+), 7 deletions(-) create mode 100644 .docker/kratos/identity.schema.json create mode 100644 .docker/kratos/kratos.yml create mode 100644 .env.sample diff --git a/.docker/kratos/identity.schema.json b/.docker/kratos/identity.schema.json new file mode 100644 index 0000000..12222ae --- /dev/null +++ b/.docker/kratos/identity.schema.json @@ -0,0 +1,38 @@ +{ + "$id": "https://schemas.ory.sh/presets/kratos/quickstart/email-password/identity.schema.json", + "$schema": "http://json-schema.org/draft-07/schema#", + "title": "Person", + "type": "object", + "properties": { + "traits": { + "type": "object", + "properties": { + "email": { + "type": "string", + "format": "email", + "title": "E-Mail", + "minLength": 3, + "ory.sh/kratos": { + "credentials": { + "password": { + "identifier": true + } + }, + "verification": { + "via": "email" + }, + "recovery": { + "via": "email" + } + } + }, + "username": { + "type": "string", + "title": "Username" + } + }, + "required": ["email", "username"], + "additionalProperties": false + } + } +} diff --git a/.docker/kratos/kratos.yml b/.docker/kratos/kratos.yml new file mode 100644 index 0000000..4b29de3 --- /dev/null +++ b/.docker/kratos/kratos.yml @@ -0,0 +1,83 @@ +version: v0.10.1 + +dsn: memory + +serve: + public: + base_url: http://127.0.0.1:4433/ + cors: + enabled: true + admin: + base_url: http://kratos:4434/ + +selfservice: + default_browser_return_url: http://127.0.0.1:4455/ + allowed_return_urls: + - http://127.0.0.1:4455 + + methods: + password: + enabled: true + + flows: + error: + ui_url: http://127.0.0.1:4455/error + + settings: + ui_url: http://127.0.0.1:4455/settings + privileged_session_max_age: 15m + + recovery: + enabled: true + ui_url: http://127.0.0.1:4455/recovery + + verification: + enabled: false + ui_url: http://127.0.0.1:4455/verification + after: + default_browser_return_url: http://127.0.0.1:4455/ + + logout: + after: + default_browser_return_url: http://127.0.0.1:4455/login + + login: + ui_url: http://127.0.0.1:4455/login + lifespan: 10m + + registration: + lifespan: 10m + ui_url: http://127.0.0.1:4455/registration + after: + password: + hooks: + - hook: session + +log: + level: debug + format: text + leak_sensitive_values: true + +secrets: + cookie: + - PLEASE-CHANGE-ME-I-AM-VERY-INSECURE + cipher: + - 32-LONG-SECRET-NOT-SECURE-AT-ALL + +ciphers: + algorithm: xchacha20-poly1305 + +hashers: + algorithm: bcrypt + bcrypt: + cost: 8 + +identity: + default_schema_id: default + schemas: + - id: default + url: file:///etc/config/kratos/identity.schema.json + +courier: + smtp: + connection_uri: smtps://test:test@mailslurper:1025/?skip_ssl_verify=true diff --git a/.env.sample b/.env.sample new file mode 100644 index 0000000..9a45d74 --- /dev/null +++ b/.env.sample @@ -0,0 +1,13 @@ +# twitch-clone postgres +POSTGRES_USER=postgres +POSTGRES_PASSWORD=postgres +POSTGRES_DB=postgres + +# Ory Kratos postgres +KRATOS_POSTGRES_USER=kratos +KRATOS_POSTGRES_PASSWORD=secret +KRATOS_POSTGRES_DB=kratos + +# Ory Kratos secrets +KRATOS_COOKIE_SECRET=secret +KRATOS_CIPHER_SECRET=secret \ No newline at end of file diff --git a/.gitignore b/.gitignore index deeb166..c97fa9b 100644 --- a/.gitignore +++ b/.gitignore @@ -22,3 +22,6 @@ go.work tmp/ dist/ + +# Secrets +.env diff --git a/docker-compose.yml b/docker-compose.yml index 3371092..830e8c4 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -2,9 +2,9 @@ version: '3.3' services: app: - build: "." + build: '.' depends_on: - - postgres + - app-postgres ports: - 5000:5000 rtmp: @@ -12,9 +12,60 @@ services: ports: - 1935:1935 - 8080:80 - postgres: - image: postgres:latest - environment: - - POSTGRES_PASSWORD=postgres + app-postgres: + image: postgres:9.6 ports: - - 5432:5432 + - '5432:5432' + environment: + - POSTGRES_USER=${POSTGRES_USER} + - POSTGRES_PASSWORD=${POSTGRES_PASSWORD} + - POSTGRES_DB=${POSTGRES_DB} + kratos-migrate: + image: oryd/kratos:v0.10.1 + environment: + - DSN=postgres://${KRATOS_POSTGRES_USER}:${KRATOS_POSTGRES_PASSWORD}@kratos-postgres:5432/${KRATOS_POSTGRES_DB}?sslmode=disable&max_conns=20&max_idle_conns=4 + volumes: + - type: bind + source: .docker/kratos + target: /etc/config/kratos + command: -c /etc/config/kratos/kratos.yml migrate sql -e --yes + restart: on-failure + kratos-selfservice-ui-node: + image: oryd/kratos-selfservice-ui-node:v0.10.1 + environment: + - KRATOS_PUBLIC_URL=http://kratos:4433/ + - KRATOS_BROWSER_URL=http://127.0.0.1:4433/ + restart: on-failure + ports: + - '4455:3000' + kratos: + depends_on: + - kratos-migrate + image: oryd/kratos:v0.10.1 + ports: + - '4433:4433' # public + - '4434:4434' # admin + restart: unless-stopped + environment: + - DSN=postgres://${KRATOS_POSTGRES_USER}:${KRATOS_POSTGRES_PASSWORD}@kratos-postgres:5432/${KRATOS_POSTGRES_DB}?sslmode=disable&max_conns=20&max_idle_conns=4 + - LOG_LEVEL=trace + - SECRETS_COOKIE_0=${KRATOS_COOKIE_SECRET} + - SECRETS_CIPHER_0=${KRATOS_CIPHER_SECRET} + command: serve -c /etc/config/kratos/kratos.yml --dev --watch-courier + volumes: + - type: bind + source: .docker/kratos + target: /etc/config/kratos + mailslurper: + image: oryd/mailslurper:latest-smtps + ports: + - '4436:4436' + - '4437:4437' + kratos-postgres: + image: postgres:9.6 + ports: + - '5432:5432' + environment: + - POSTGRES_USER=${KRATOS_POSTGRES_USER} + - POSTGRES_PASSWORD=${KRATOS_POSTGRES_PASSWORD} + - POSTGRES_DB=${KRATOS_POSTGRES_DB}