From 2e877610deb55b835ed614e1ed48d1994c77089c Mon Sep 17 00:00:00 2001 From: M1n-0 Date: Fri, 16 May 2025 15:48:06 +0200 Subject: [PATCH] add too many things --- docker-compose.yml | 101 +++++++++++++--------------- web/app.py | 13 ++-- web/{ => templates}/view/index.html | 0 3 files changed, 52 insertions(+), 62 deletions(-) rename web/{ => templates}/view/index.html (100%) diff --git a/docker-compose.yml b/docker-compose.yml index 4c1cec2..90167e3 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,20 +1,4 @@ services: - caddy: - image: caddy:latest - ports: -# - "80:80" - - "443:443" - volumes: - - ./Caddyfile:/etc/caddy/Caddyfile - - caddy_data:/data - - caddy_config:/config - depends_on: - - flask - - wekan - - mattermost - networks: - - gesthub - flask: build: ./web environment: @@ -26,6 +10,8 @@ services: - mariadb volumes: - ./web:/app + ports: + - "5000:5000" networks: - gesthub @@ -41,51 +27,21 @@ services: networks: - gesthub - wekan: - image: wekanteam/wekan - environment: - - MONGO_URL=mongodb://mongo:27017/wekan - - ROOT_URL=https://wekan.gesthub - depends_on: - - mongo - networks: - - gesthub - mongo: - image: mongo:latest + image: arm64v8/mongo:4.4 volumes: - mongo_data:/data/db networks: - gesthub - mattermost: - image: mattermost/mattermost-team-edition:latest - ports: - - "8065:8065" - environment: - - MM_SQLSETTINGS_DRIVERNAME=postgres - - MM_SQLSETTINGS_DATASOURCE=postgres://mmuser:mmuserpass@db:5432/mattermost?sslmode=disable - - MM_SERVICESETTINGS_SITEURL=http://chat.gesthub - depends_on: - - db - volumes: - - mattermost_data:/mattermost/data - networks: - - gesthub - - db: - image: postgres:13 - environment: - - POSTGRES_DB=mattermost - - POSTGRES_USER=mmuser - - POSTGRES_PASSWORD=mmuserpass - volumes: - - postgres_data:/var/lib/postgresql/data - networks: - - gesthub keycloak: image: quay.io/keycloak/keycloak:22.0.5 - command: start-dev + command: + - start-dev + - --hostname=keycloak.ninolbt.com + - --hostname-strict=false + - --hostname-strict-https=false + - --proxy=edge environment: - KEYCLOAK_ADMIN=admin - KEYCLOAK_ADMIN_PASSWORD=admin @@ -102,6 +58,7 @@ services: - keycloak_data:/opt/keycloak/data networks: - gesthub + keycloak-db: image: postgres:13 environment: @@ -112,6 +69,39 @@ services: - keycloakdb_data:/var/lib/postgresql/data networks: - gesthub + + # plane: + # image: planehq/plane:latest + # container_name: plane + # depends_on: + # - plane-db + # environment: + # DATABASE_URL: postgres://plane:plane@plane-db:5432/plane + # SECRET_KEY: supersecretkeyhere + # ENABLE_OPENID_CONNECT: "true" + # OIDC_RP_CLIENT_ID: plane-client + # OIDC_RP_CLIENT_SECRET: changeme + # OIDC_OP_AUTHORIZATION_ENDPOINT: https://keycloak.ninolbt.com/realms/gesthub/protocol/openid-connect/auth + # OIDC_OP_TOKEN_ENDPOINT: https://keycloak.ninolbt.com/realms/gesthub/protocol/openid-connect/token + # OIDC_OP_USER_ENDPOINT: https://keycloak.ninolbt.com/realms/gesthub/protocol/openid-connect/userinfo + # OIDC_OP_JWKS_ENDPOINT: https://keycloak.ninolbt.com/realms/gesthub/protocol/openid-connect/certs + # ports: + # - "3000:3000" + # networks: + # - gesthub + + # plane-db: + # image: postgres:15 + # container_name: plane-db + # environment: + # POSTGRES_DB: plane + # POSTGRES_USER: plane + # POSTGRES_PASSWORD: plane + # volumes: + # - plane_db_data:/var/lib/postgresql/data + # networks: + # - gesthub + networks: gesthub: driver: bridge @@ -121,7 +111,6 @@ volumes: caddy_config: mariadb_data: mongo_data: - mattermost_data: - postgres_data: keycloak_data: - keycloakdb_data: \ No newline at end of file + keycloakdb_data: + plane_db_data: diff --git a/web/app.py b/web/app.py index 389de19..cbca241 100644 --- a/web/app.py +++ b/web/app.py @@ -1,4 +1,5 @@ import os +import uuid from flask import Flask, redirect, url_for, session, render_template from flask_sqlalchemy import SQLAlchemy from authlib.integrations.flask_client import OAuth @@ -16,8 +17,8 @@ oauth = OAuth(app) keycloak = oauth.register( name='keycloak', client_id='flask-app', - client_secret='6R70kt1x9KjYpccZCMnPvJAGiJFzRHjE', - server_metadata_url='http://keycloak.localhost/realms/gesthub/.well-known/openid-configuration', + client_secret='IpVDkBPN6ya9oj8ZJPWNtW32bdaqv83Q', + server_metadata_url='https://keycloak.ninolbt.com/realms/gesthub/.well-known/openid-configuration', client_kwargs={ 'scope': 'openid profile email', } @@ -27,21 +28,21 @@ keycloak = oauth.register( def index(): user = session.get('user') if user: - return render_template('/view/index.html', user=user) + return render_template('view/index.html', user=user) return redirect(url_for('login')) @app.route('/login') def login(): nonce = uuid.uuid4().hex session['nonce'] = nonce - redirect_uri = url_for('auth', _external=True) - return keycloak.authorize_redirect(redirect_uri) + redirect_uri = url_for('auth', _external=True, _scheme='https') + return keycloak.authorize_redirect(redirect_uri, nonce=nonce) @app.route('/auth') def auth(): token = keycloak.authorize_access_token() nonce = session.pop('nonce', None) - userinfo = keycloak.parse_id_token(token) + userinfo = keycloak.parse_id_token(token, nonce=nonce) session['user'] = userinfo return redirect('/') diff --git a/web/view/index.html b/web/templates/view/index.html similarity index 100% rename from web/view/index.html rename to web/templates/view/index.html