-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #10 from MrFriendly-B-V/openid
Openid
- Loading branch information
Showing
61 changed files
with
1,939 additions
and
635 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,51 @@ | ||
name: Cargo CI | ||
|
||
on: | ||
push: | ||
pull_request: | ||
|
||
env: | ||
CARGO_TERM_COLOR: always | ||
|
||
jobs: | ||
fmt: | ||
name: Cargo fmt | ||
runs-on: ubuntu-latest | ||
strategy: | ||
matrix: | ||
toolchain: | ||
- stable | ||
|
||
steps: | ||
- uses: actions/checkout@v4 | ||
- run: rustup update ${{ matrix.toolchain }} && rustup default ${{ matrix.toolchain }} | ||
- run: rustup component add --toolchain ${{ matrix.toolchain }} rustfmt | ||
- run: cd server && cargo fmt --all --check | ||
|
||
build: | ||
name: Cargo build | ||
runs-on: ubuntu-latest | ||
strategy: | ||
matrix: | ||
toolchain: | ||
- stable | ||
- nightly | ||
target: | ||
- x86_64-unknown-linux-gnu | ||
- x86_64-unknown-linux-musl | ||
|
||
steps: | ||
- uses: actions/checkout@v4 | ||
- name: Cache | ||
uses: actions/cache@v2 | ||
with: | ||
path: | | ||
~/.cargo/registry | ||
~/.cargo/git | ||
server/target | ||
key: ${{ runner.os }}-${{ matrix.toolchain }}-${{ matrix.target }}-cargo-${{ hashFiles('server/**/Cargo.lock') }} | ||
|
||
- run: sudo apt install -y musl-tools | ||
- run: rustup update ${{ matrix.toolchain }} && rustup default ${{ matrix.toolchain }} | ||
- run: rustup target add --toolchain ${{ matrix.toolchain }} ${{ matrix.target }} | ||
- run: cd server && cargo build --target ${{ matrix.target }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,48 @@ | ||
name: Release | ||
|
||
on: | ||
push: | ||
tags: | ||
- '*' | ||
|
||
env: | ||
CARGO_TERM_COLOR: always | ||
DOCK_REG: registry.mrfriendly.uk | ||
|
||
jobs: | ||
server: | ||
name: Server build | ||
runs-on: ubuntu-latest | ||
steps: | ||
- uses: actions/checkout@v4 | ||
- run: make build-server | ||
- run: docker tag $DOCK_REG/wilford-server:latest $DOCK_REG/wilford-server:${{ github.ref_name }} | ||
- run: docker push $DOCK_REG/wilford-server:latest | ||
- run: docker push $DOCK_REG/wilford-server:${{ github.ref_name }} | ||
|
||
ui: | ||
name: UI build | ||
runs-on: ubuntu-latest | ||
steps: | ||
- uses: actions/checkout@v4 | ||
- uses: actions/setup-node@v4 | ||
with: | ||
node-version: '21' | ||
- run: (cd ui; yarn install) | ||
|
||
- run: make build-ui | ||
- run: docker tag $DOCK_REG/wilford-ui:latest $DOCK_REG/wilford-ui:${{ github.ref_name }} | ||
- run: docker push $DOCK_REG/wilford-ui:latest | ||
- run: docker push $DOCK_REG/wilford-ui:${{ github.ref_name }} | ||
|
||
docs: | ||
name: Docs build | ||
runs-on: ubuntu-latest | ||
steps: | ||
- uses: actions/checkout@v4 | ||
- run: cargo install mdbook --locked | ||
|
||
- run: make build-docs | ||
- run: docker tag $DOCK_REG/wilford-docs:latest $DOCK_REG/wilford-docs:${{ github.ref_name }} | ||
- run: docker push $DOCK_REG/wilford-docs:latest | ||
- run: docker push $DOCK_REG/wilford-docs:${{ github.ref_name }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,2 +1,2 @@ | ||
# User | ||
User info & user managment | ||
User info & user management |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
# Configuration | ||
|
||
|
||
## Default config file | ||
```json | ||
{{#include ../../../sample_config.json}} | ||
``` | ||
|
||
## Environmental variables | ||
``` | ||
CONFIG_PATH=<path to config.json> | ||
``` | ||
|
||
## Available options | ||
The following Rust structs define the layout of the configuration. | ||
An example of how this translates to JSON can be found in the [sample config](#default-config-file) | ||
```rust,noplayground | ||
{{#include ../../../server/wilford/src/config.rs:config}} | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
# Deployment Documentation |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,96 @@ | ||
# OAuth2 Proxy | ||
|
||
Wilford supports running with [oauth2-proxy](https://oauth2-proxy.github.io/oauth2-proxy/). | ||
Using oaut2-proxy together with Wilford and nginx, you can protect static resources without needing to modify them. | ||
|
||
## OAuth2 Config | ||
Sample docker-compose file for running oauth2-proxy. | ||
Replace the `CLIENT_ID` and `CLIENT_SECRET` with the ID and Secret generated by Wilford. Use `REDIRECT_URL` as the Redirect URL in Wilford. | ||
The `COOKIE_SECRET` should be a securely generated random string. | ||
```yml | ||
version: '3.2' | ||
services: | ||
oauth2_proxy: | ||
image: quay.io/oauth2-proxy/oauth2-proxy | ||
environment: | ||
- "OAUTH2_PROXY_COOKIE_SECRET=VsZqXqHQzwdPUcEUDgNxmQvTRZ46DtlQr8q-HtomkL8=" | ||
- "OAUTH2_PROXY_COOKIE_SECURE=true" | ||
- "OAUTH2_PROXY_COOKIE_DOMAIN=localhost" | ||
- "OAUTH2_PROXY_CLIENT_ID=NuWrxroZbOuhBL2ufHx9zj0qKT6XXQRg" | ||
- "OAUTH2_PROXY_CLIENT_SECRET=vwn0MqNbD9qAnvCbGns9sNtikWC7eTM2V7DIz85vcimtxm12" | ||
- "OAUTH2_PROXY_OIDC_ISSUER_URL=https://localhost:8443" | ||
- "OAUTH2_PROXY_REDIRECT_URL=https://localhost:8443/oauth2/callback" | ||
- "OAUTH2_PROXY_PROVIDER=oidc" | ||
- "OAUTH2_PROXY_EMAIL_DOMAINS=*" | ||
- "OAUTH2_PROXY_OIDC_EMAIL_CLAIM=sub_email" | ||
- "OAUTH2_PROXY_PROVIDER_DISPLAY_NAME=Koala" | ||
- "OAUTH2_PROXY_CUSTOM_SIGN_IN_LOGO=-" | ||
- "OAUTH2_PROXY_BANNER=<img src='https://public.svsticky.nl/logos/logo_outline_kleur.png'/>" | ||
- "OAUTH2_PROXY_FOOTER=-" | ||
network_mode: "host" | ||
``` | ||
## Nginx auth_directive | ||
Using this setup, you can use the nginx auth directive very easily: | ||
```conf | ||
location /secure { | ||
auth_request /oauth2/auth; | ||
error_page 401 =403 /oauth2/sign_in; | ||
proxy_pass http://my-secure-backend; | ||
} | ||
``` | ||
|
||
## Localhost | ||
The JWKS specification requires it be served over https. When working locally, this can be a bit of a pain. | ||
|
||
### Generate certificates for localhost | ||
Install the required tools: | ||
```bash | ||
sudo apt install -y libnss3-tools mkcert | ||
``` | ||
Generate a CA cert: | ||
```bash | ||
mkcert --install | ||
``` | ||
|
||
Generate SSL certificate for `localhost`, from the repository root: | ||
```bash | ||
mkcert localhost | ||
``` | ||
|
||
### Oauth2-proxy | ||
Add the following to the docker-compose file: | ||
```yml | ||
volumes: | ||
- "/usr/local/share/ca-certificates:/usr/local/share/ca-certificates:ro" | ||
- "/etc/ssl/certs:/etc/ssl/certs:ro" | ||
``` | ||
### nginx | ||
Use the following block for Wilford: | ||
```conf | ||
server { | ||
listen 8443 ssl default_server; | ||
server_name _; | ||
|
||
ssl_certificate /etc/ssl/certs/ssl-cert-localhost.pem; | ||
ssl_certificate_key /etc/ssl/private/ssl-cert-localhost.key; | ||
|
||
location / { | ||
proxy_set_header Host $host; | ||
proxy_set_header X-Real-IP $remote_addr; | ||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | ||
proxy_pass http://localhost:2521; | ||
} | ||
} | ||
``` | ||
docker-compose: | ||
```yml | ||
nginx: | ||
image: nginx | ||
network_mode: "host" | ||
volumes: | ||
- "./localhost.pem:/etc/ssl/certs/ssl-cert-localhost.pem" | ||
- "./localhost-key.pem:/etc/ssl/private/ssl-cert-localhost.key" | ||
- "./nginx.conf:/etc/nginx/conf.d/default.conf:ro" | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.