Nono/gesthub
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

modif README + export config keycloak

Browse Source
This commit is contained in:
lnino
2025-05-19 19:36:44 +02:00
parent 4d68f48a7f
commit 697902d649
8 changed files with 412 additions and 109 deletions
Download Patch File Download Diff File Expand all files Collapse all files

332
README.md
View File

@@ -1,45 +1,301 @@
# Projet gesthub # 📘 Gesthub
<img src="https://img.shields.io/github/last-commit/M1n-0/gesthub?style=flat&logo=git&logoColor=white&color=0080ff" alt="last-commit">
## Membres <em>Construit avec les outils et les technologies nécessaires :</em>
- Lajus Erika <img src="https://img.shields.io/badge/Flask-000000.svg?style=flat&logo=Flask&logoColor=white" alt="Flask">
- Lemoule Duparc Nathan <img src="https://img.shields.io/badge/JSON-000000.svg?style=flat&logo=JSON&logoColor=white" alt="JSON">
- LABAT Nino <img src="https://img.shields.io/badge/Keycloak-4D4D4D.svg?style=flat&logo=Keycloak&logoColor=white" alt="Keycloak">
<img src="https://img.shields.io/badge/GNU%20Bash-4EAA25.svg?style=flat&logo=GNU-Bash&logoColor=white" alt="GNU%20Bash">
## Présentation du projet <img src="https://img.shields.io/badge/MariaDB-003545.svg?style=flat&logo=MariaDB&logoColor=white" alt="MariaDB">
Ce projet vise à créer une interface fait pour faciliter la gestion et communication au sein d'un projet ou d'une entreprise. <br>
<img src="https://img.shields.io/badge/Docker-2496ED.svg?style=flat&logo=Docker&logoColor=white" alt="Docker">
On y retrouve deux roles distints : <img src="https://img.shields.io/badge/Python-3776AB.svg?style=flat&logo=Python&logoColor=white" alt="Python">
<img src="https://img.shields.io/badge/Mattermost-0058CC.svg?style=flat&logo=Mattermost&logoColor=white" alt="Mattermost">
**1. Admin :**
<u>Gestion des utilisateurs :</u> Création et suppression de comptes par les admins.
<u> Authentification sécurisée:</u>Avec nom, prénom et mot de passe.
<u> Gestion des annonces :</u> Les admins peuvent publier des annonces sous forme de post-it qui apparait dans une zone défini sur l'interface des membres.
Chaque annonce a une date limite et disparaît automatiquement une fois la date dépassée.
<u> Gestion agenda :</u> ajoute les évènement globaux
<u> Gestionnaire des taches :</u> Création de tableaux, listes et cartes pour l'organisation des tâches.
**2. Membre :**
<u> Agenda/Planning partagé : </u>
Visibilité des événements globaux ajouté par les admins.
Possibilité d'ajouter des événements personnels.
<u> Gestion de projets façon Trello :</u>
Possibilité d'ajouter des cartes
Suivi de l'avancement des projets.
Visibilité sur les différents tableaux.
<u>Messagerie interne :</u>
Système de chat pour la communication en temps réel entre membres.
<u>Liens vers outils externes :</u>
Boutons pour accéder rapidement à des outils comme Discord, etc.
## 🧱 Objectif
Créer un site web multi-services (extranet/intranet) avec :
- Authentification centralisée via **Keycloak**
- Reverse proxy **Caddy**
- Frontend/backend **Flask**
- Chat & Gestion de tâches via **Mattermost**
- Gestion dannonces via JSON avec droits `/admin` (a faire)
---
## 🐳 Démarrage du projet
### 1. **Structure Docker**
Les services sont définis dans `docker-compose.yml` :
- `caddy`: Reverse proxy + HTTPS automatique
- `flask`: Application web backend
- `mariadb`: Base de données
- `keycloak`: SSO + gestion utilisateurs
- `mattermost`: Chat et gestion de tâches (type Trello)
Réseau utilisé : `gesthub_gesthub`
---
## 🔐 Authentification Keycloak
### ✅ Étapes :
1. Création du **realm `Gesthub`**
2. Ajout des clients (Flask et Mattermost)
3. Activation `OpenID Connect`
4. Configuration des **Redirect URIs**
- Exemples :
- Flask → `https://dashboard.ninolbt.com/login/callback`
- Mattermost → `https://mattermost.ninolbt.com/signup/openid/complete`
5. Pour les utilisateurs `/admin`, on utilise le **groupe `/admin`** dans Keycloak.
---
## 🌐 Reverse Proxy Caddy
### 🛠️ `Caddyfile` :
```caddyfile
https://dashboard.ninolbt.com {
reverse_proxy flask:5000
}
https://keycloak.ninolbt.com {
reverse_proxy keycloak:8080
}
https://mattermost.ninolbt.com {
reverse_proxy mattermost:8065
}
```
**Volumes persistants** :
`caddy_data` et `caddy_config` montés dans `/data` et `/config`
---
## 🧩 Flask
- back du dashboard
- Permet la création/modification/suppression dannonces en JSON (en test)
- Accessible uniquement pour les utilisateurs avec le rôle `/admin` (via token) (en test)
- Chargement des assets statiques corrigé avec Caddy
---
## 🗂️ Gestion des droits
- Auth via Keycloak pour Flask, Mattermost, Wekan
- Vérification des groupes dans Flask (`/admin`)
- Redirections correctes avec URLs HTTPS Caddy
---
## 📌 Bugs et corrections
- ⚠️ Redirection Keycloak incorrecte → Corrigé avec bon `redirect_uri`
- ⚠️ Assets statiques Flask → corrigé via URL absolue en HTTPS
- ✅ Reverse proxy fonctionne avec tous les services
- ✅ HTTPS opérationnel via Caddy avec certificats Let's Encrypt
---
## 🚀 Démarrage
```bash
docker compose up --build -d
```
Si besoin :
```bash
docker compose logs -f [service]
```
---
## 📤 Export complet
Pour rendre le projet exportable :
- Tout est containerisé (Docker)
- Config Keycloak exporté (JSON disponible dans le dossier `export_keycloak`)
- `docker-compose.yml`, `Caddyfile`, fichier disponible dans le repo
<!-- BADGES -->
<img src="https://img.shields.io/github/languages/top/M1n-0/gesthub?style=flat&color=0080ff" alt="repo-top-language">
<img src="https://img.shields.io/github/languages/count/M1n-0/gesthub?style=flat&color=0080ff" alt="repo-language-count">
<em>Built with the tools and technologies:</em>
<img src="https://img.shields.io/badge/Flask-000000.svg?style=flat&logo=Flask&logoColor=white" alt="Flask">
<img src="https://img.shields.io/badge/JSON-000000.svg?style=flat&logo=JSON&logoColor=white" alt="JSON">
<img src="https://img.shields.io/badge/Keycloak-4D4D4D.svg?style=flat&logo=Keycloak&logoColor=white" alt="Keycloak">
<img src="https://img.shields.io/badge/GNU%20Bash-4EAA25.svg?style=flat&logo=GNU-Bash&logoColor=white" alt="GNU%20Bash">
<img src="https://img.shields.io/badge/MariaDB-003545.svg?style=flat&logo=MariaDB&logoColor=white" alt="MariaDB">
<br>
<img src="https://img.shields.io/badge/Docker-2496ED.svg?style=flat&logo=Docker&logoColor=white" alt="Docker">
<img src="https://img.shields.io/badge/Python-3776AB.svg?style=flat&logo=Python&logoColor=white" alt="Python">
<img src="https://img.shields.io/badge/Mattermost-0058CC.svg?style=flat&logo=Mattermost&logoColor=white" alt="Mattermost">
<img src="https://img.shields.io/badge/bat-31369E.svg?style=flat&logo=bat&logoColor=white" alt="bat">
</div>
<br>
---
## Table of Contents
- [Overview](#overview)
- [Getting Started](#getting-started)
- [Prerequisites](#prerequisites)
- [Installation](#installation)
- [Usage](#usage)
- [Testing](#testing)
- [Contributing](#contributing)
- [Acknowledgment](#acknowledgment)
---
## Overview
Gesthub is a powerful developer tool designed to streamline the setup and management of full-stack applications by integrating essential services into a cohesive environment.
**Why Gesthub?**
This project simplifies the development process, allowing developers to focus on building features rather than managing infrastructure. The core features include:
- 🚀 **Docker Compose Configuration:** Simplifies orchestration of multiple services, reducing setup complexity.
- 🌐 **Local Domain Management:** Scripts to add local domain entries streamline access to services, enhancing the development experience.
- 🔒 **Integrated User Authentication:** Utilizes Keycloak for secure user management, addressing security concerns.
- ⚙️ **Seamless Routing and Load Balancing:** Caddyfile configuration ensures efficient request handling, improving performance.
- 🎨 **User-Friendly Interface:** Responsive design enhances collaboration and user experience.
- 📊 **Centralized Data Management:** Structured storage for advertisements improves data handling capabilities.
---
## Getting Started
### Prerequisites
This project requires the following dependencies:
- **Programming Language:** Shell
- **Package Manager:** Bash
- **Container Runtime:** Docker
### Installation
Build gesthub from the source and intsall dependencies:
1. **Clone the repository:**
```sh
git clone https://github.com/M1n-0/gesthub
```
2. **Navigate to the project directory:**
```sh
cd gesthub
```
3. **Install the dependencies:**
**Using [docker](https://www.docker.com/):**
```sh
docker build -t M1n-0/gesthub .
```
**Using [bash](https://www.gnu.org/software/bash/):**
```sh
chmod +x {entrypoint}
```
### Usage
Run the project with:
**Using [docker](https://www.docker.com/):**
```sh
docker run -it {image_name}
```
**Using [bash](https://www.gnu.org/software/bash/):**
```sh
./{entrypoint}
```
### Testing
Gesthub uses the {__test_framework__} test framework. Run the test suite with:
**Using [docker](https://www.docker.com/):**
```sh
echo 'INSERT-TEST-COMMAND-HERE'
```
**Using [bash](https://www.gnu.org/software/bash/):**
```sh
bats *.bats
```
---
## Contributing
- **💬 [Join the Discussions](https://github.com/M1n-0/gesthub/discussions)**: Share your insights, provide feedback, or ask questions.
- **🐛 [Report Issues](https://github.com/M1n-0/gesthub/issues)**: Submit bugs found or log feature requests for the `gesthub` project.
- **💡 [Submit Pull Requests](https://github.com/M1n-0/gesthub/blob/main/CONTRIBUTING.md)**: Review open PRs, and submit your own PRs.
<details closed>
<summary>Contributing Guidelines</summary>
1. **Fork the Repository**: Start by forking the project repository to your github account.
2. **Clone Locally**: Clone the forked repository to your local machine using a git client.
```sh
git clone https://github.com/M1n-0/gesthub
```
3. **Create a New Branch**: Always work on a new branch, giving it a descriptive name.
```sh
git checkout -b new-feature-x
```
4. **Make Your Changes**: Develop and test your changes locally.
5. **Commit Your Changes**: Commit with a clear message describing your updates.
```sh
git commit -m 'Implemented new feature x.'
```
6. **Push to github**: Push the changes to your forked repository.
```sh
git push origin new-feature-x
```
7. **Submit a Pull Request**: Create a PR against the original project repository. Clearly describe the changes and their motivations.
8. **Review**: Once your PR is reviewed and approved, it will be merged into the main branch. Congratulations on your contribution!
</details>
<details closed>
<summary>Contributor Graph</summary>
<br>
<p align="left">
<a href="https://github.com{/M1n-0/gesthub/}graphs/contributors">
<img src="https://contrib.rocks/image?repo=M1n-0/gesthub">
</a>
</p>
</details>
---
## Acknowledgments
- Credit `contributors`, `inspiration`, `references`, etc.
<div align="left"><a href="#top">⬆ Return</a></div>
---

19
add-localhosts.bat
View File

@@ -1,19 +0,0 @@
@echo off
set HOSTS_FILE=%SystemRoot%\System32\drivers\etc\hosts
set DOMAINS=flask.gesthub keycloak.gesthub chat.gesthub wekan.gesthub
echo [🔧] Mise à jour de %HOSTS_FILE%
for %%D in (%DOMAINS%) do (
findstr /C:"%%D" %HOSTS_FILE% >nul
if errorlevel 1 (
echo 127.0.0.1 %%D >> %HOSTS_FILE%
echo [+] Ajouté : %%D
) else (
echo [=] Déjà présent : %%D
)
)
echo [✅] Terminé.
pause

17
add-localhosts.sh
View File

@@ -1,17 +0,0 @@
#!/bin/bash
HOSTS_FILE="/etc/hosts"
DOMAINS=("flask.gesthub" "keycloak.gesthub" "chat.gesthub" "wekan.gesthub")
echo "[🔧] Mise à jour de : $HOSTS_FILE"
for domain in "${DOMAINS[@]}"; do
if grep -q "$domain" "$HOSTS_FILE"; then
echo "[=] Déjà présent : $domain"
else
echo "127.0.0.1 $domain" | sudo tee -a "$HOSTS_FILE" > /dev/null
echo "[+] Ajouté : $domain"
fi
done
echo "[✅] Terminé."

59
export_keycloak/flask-app.json Normal file
View File

@@ -0,0 +1,59 @@
{
"clientId": "flask-app",
"name": "dashboard",
"description": "",
"rootUrl": "https://dashboard.ninolbt.com",
"adminUrl": "https://dashboard.ninolbt.com",
"baseUrl": "https://dashboard.ninolbt.com",
"surrogateAuthRequired": false,
"enabled": true,
"alwaysDisplayInConsole": false,
"clientAuthenticatorType": "client-secret",
"secret": "T5G5jzCBiphnBNh9uuj0f6YNc9HrP8r4",
"redirectUris": [
"https://dashboard.ninolbt.com/*"
],
"webOrigins": [
"https://dashboard.ninolbt.com"
],
"notBefore": 0,
"bearerOnly": false,
"consentRequired": false,
"standardFlowEnabled": true,
"implicitFlowEnabled": false,
"directAccessGrantsEnabled": true,
"serviceAccountsEnabled": false,
"publicClient": false,
"frontchannelLogout": true,
"protocol": "openid-connect",
"attributes": {
"oidc.ciba.grant.enabled": "false",
"client.secret.creation.time": "1747419098",
"backchannel.logout.session.required": "true",
"post.logout.redirect.uris": "https://dashboard.ninolbt.com/*",
"display.on.consent.screen": "false",
"oauth2.device.authorization.grant.enabled": "false",
"backchannel.logout.revoke.offline.tokens": "false"
},
"authenticationFlowBindingOverrides": {},
"fullScopeAllowed": true,
"nodeReRegistrationTimeout": -1,
"defaultClientScopes": [
"web-origins",
"acr",
"profile",
"roles",
"email"
],
"optionalClientScopes": [
"address",
"phone",
"offline_access",
"microprofile-jwt"
],
"access": {
"view": true,
"configure": true,
"manage": true
}
}

58
export_keycloak/mattermost.json Normal file
View File

@@ -0,0 +1,58 @@
{
"clientId": "mattermost",
"name": "mattermost",
"description": "",
"rootUrl": "https://mattermost.ninolbt.com",
"adminUrl": "https://mattermost.ninolbt.com",
"baseUrl": "https://mattermost.ninolbt.com",
"surrogateAuthRequired": false,
"enabled": true,
"alwaysDisplayInConsole": false,
"clientAuthenticatorType": "client-secret",
"secret": "DwImxpeoe70Ulu6uslL2I8B0IQr4FmKz",
"redirectUris": [
"https://mattermost.ninolbt.com/signup/openid/complete"
],
"webOrigins": [
"https://mattermost.ninolbt.com"
],
"notBefore": 0,
"bearerOnly": false,
"consentRequired": false,
"standardFlowEnabled": true,
"implicitFlowEnabled": false,
"directAccessGrantsEnabled": true,
"serviceAccountsEnabled": false,
"publicClient": false,
"frontchannelLogout": true,
"protocol": "openid-connect",
"attributes": {
"oidc.ciba.grant.enabled": "false",
"client.secret.creation.time": "1747504584",
"backchannel.logout.session.required": "true",
"display.on.consent.screen": "false",
"oauth2.device.authorization.grant.enabled": "false",
"backchannel.logout.revoke.offline.tokens": "false"
},
"authenticationFlowBindingOverrides": {},
"fullScopeAllowed": true,
"nodeReRegistrationTimeout": -1,
"defaultClientScopes": [
"web-origins",
"acr",
"profile",
"roles",
"email"
],
"optionalClientScopes": [
"address",
"phone",
"offline_access",
"microprofile-jwt"
],
"access": {
"view": true,
"configure": true,
"manage": true
}
}

17
start-gesthub.sh
View File

@@ -1,17 +0,0 @@
#!/bin/bash
PROJECT_DOMAIN="gesthub"
HOSTS_LINE="127.0.0.1 flask.$PROJECT_DOMAIN wekan.$PROJECT_DOMAIN chat.$PROJECT_DOMAIN"
echo "🔧 Vérification des droits (sudo peut être requis pour modifier /etc/hosts)..."
# Ajout dans /etc/hosts si absent
if ! grep -q "$PROJECT_DOMAIN" /etc/hosts; then
echo "✅ Ajout de $PROJECT_DOMAIN dans /etc/hosts..."
echo "$HOSTS_LINE" | sudo tee -a /etc/hosts > /dev/null
else
echo "✔️ Domaine $PROJECT_DOMAIN déjà présent dans /etc/hosts."
fi
echo "🚀 Lancement des services Docker..."
docker compose up --build

17
start-infra.sh
View File

@@ -1,17 +0,0 @@
#!/bin/bash
PROJECT_DOMAIN="gesthub"
HOSTS_LINE="127.0.0.1 flask.$PROJECT_DOMAIN wekan.$PROJECT_DOMAIN chat.$PROJECT_DOMAIN"
echo "🔧 Vérification des droits (sudo peut être requis pour modifier /etc/hosts)..."
# Ajout dans /etc/hosts si absent
if ! grep -q "$PROJECT_DOMAIN" /etc/hosts; then
echo "✅ Ajout de $PROJECT_DOMAIN dans /etc/hosts..."
echo "$HOSTS_LINE" | sudo tee -a /etc/hosts > /dev/null
else
echo "✔️ Domaine $PROJECT_DOMAIN déjà présent dans /etc/hosts."
fi
echo "🚀 Lancement des services Docker..."
docker compose up --build

2
web/templates/view/index.html
View File

@@ -41,7 +41,7 @@
</div> </div>
<div class="profile-menu"> <div class="profile-menu">
<span id="profile-name">{{ user['preferred_username'] }}<i class="fa-solid fa-caret-down"></i></span> <span id="profile-name">{{ user['preferred_username'] }} <i class="fa-solid fa-caret-down"></i></span>
<div class="profile-dropdown"> <div class="profile-dropdown">
<p>Mon profil</p> <p>Mon profil</p>
<a class="simple-btn" href="/logout" type="button">Déconnexion</a> <a class="simple-btn" href="/logout" type="button">Déconnexion</a>