add working sso + working Caddy + 2 scripts for hosts

2025-05-13 21:21:07 +02:00
parent 248b608aba
commit cd4678c883
5 changed files with 64 additions and 30 deletions
--- a/8
+++ b/8
@@ -1,17 +1,17 @@
 # Caddyfile

-flask.localhost {
+http://flask.localhost {
    reverse_proxy flask:5000
 }

-wekan.localhost {
+http://wekan.localhost {
    reverse_proxy wekan:8080
 }

-chat.localhost {
+http://chat.localhost {
    reverse_proxy mattermost:8065
 }

-keycloak.localhost {
+http://keycloak.localhost {
    reverse_proxy keycloak:8080
 }
--- a/add-localhosts.bat
+++ b/add-localhosts.bat
@@ -0,0 +1,19 @@
+@echo off
+set HOSTS_FILE=%SystemRoot%\System32\drivers\etc\hosts
+
+set DOMAINS=flask.localhost keycloak.localhost chat.localhost wekan.localhost
+
+echo [🔧] Mise à jour de %HOSTS_FILE%
+
+for %%D in (%DOMAINS%) do (
+    findstr /C:"%%D" %HOSTS_FILE% >nul
+    if errorlevel 1 (
+        echo 127.0.0.1 %%D >> %HOSTS_FILE%
+        echo [+] Ajouté : %%D
+    ) else (
+        echo [=] Déjà présent : %%D
+    )
+)
+
+echo [✅] Terminé.
+pause
--- a/add-localhosts.sh
+++ b/add-localhosts.sh
@@ -0,0 +1,17 @@
+#!/bin/bash
+
+HOSTS_FILE="/etc/hosts"
+DOMAINS=("flask.localhost" "keycloak.localhost" "chat.localhost" "wekan.localhost")
+
+echo "[🔧] Mise à jour de : $HOSTS_FILE"
+
+for domain in "${DOMAINS[@]}"; do
+  if grep -q "$domain" "$HOSTS_FILE"; then
+    echo "[=] Déjà présent : $domain"
+  else
+    echo "127.0.0.1 $domain" | sudo tee -a "$HOSTS_FILE" > /dev/null
+    echo "[+] Ajouté : $domain"
+  fi
+done
+
+echo "[✅] Terminé."
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -13,7 +13,7 @@ services:
      - wekan
      - mattermost
    networks:
-      - backend
+      - gesthub

  flask:
    build: ./web
@@ -22,13 +22,14 @@ services:
      - DB_USER=flaskuser
      - DB_PASSWORD=flaskpass
      - DB_NAME=flaskdb
+    extra_hosts:
+    - "keycloak.localhost:172.18.0.10"
    depends_on:
      - mariadb
-      - keycloak
    volumes:
      - ./web:/app
    networks:
-      - backend
+      - gesthub

  mariadb:
    image: mariadb:latest
@@ -40,7 +41,7 @@ services:
    volumes:
      - mariadb_data:/var/lib/mysql
    networks:
-      - backend
+      - gesthub

  wekan:
    image: wekanteam/wekan
@@ -50,14 +51,14 @@ services:
    depends_on:
      - mongo
    networks:
-      - backend
+      - gesthub

  mongo:
    image: mongo:latest
    volumes:
      - mongo_data:/data/db
    networks:
-      - backend
+      - gesthub

  mattermost:
    image: mattermost/mattermost-team-edition:latest
@@ -72,7 +73,7 @@ services:
    volumes:
      - mattermost_data:/mattermost/data
    networks:
-      - backend
+      - gesthub

  db:
    image: postgres:13
@@ -83,8 +84,7 @@ services:
    volumes:
      - postgres_data:/var/lib/postgresql/data
    networks:
-      - backend
-
+      - gesthub
  keycloak:
    image: quay.io/keycloak/keycloak:22.0.5
    command: start-dev
@@ -94,13 +94,8 @@ services:
      - KC_DB=postgres
      - KC_DB_URL_HOST=keycloak-db
      - KC_DB_URL_DATABASE=keycloak
-      # - KC_DB_USERNAME=keycloak
+      - KC_DB_USERNAME=keycloak
      - KC_DB_PASSWORD=keycloakpass
-      - KC_HOSTNAME=keycloak
-      - KC_HTTP_ENABLED=true
-      - KC_HOSTNAME_STRICT=false
-      - KC_HOSTNAME_STRICT_HTTPS=false
-      - KC_PROXY=edge
    ports:
      - "8080:8080"
    depends_on:
@@ -108,8 +103,7 @@ services:
    volumes:
      - keycloak_data:/opt/keycloak/data
    networks:
-      - backend
-
+      - gesthub
  keycloak-db:
    image: postgres:13
    environment:
@@ -119,8 +113,11 @@ services:
    volumes:
      - keycloakdb_data:/var/lib/postgresql/data
    networks:
-      - backend
-
+      - gesthub
+networks:
+  gesthub:
+    driver: bridge
+    
 volumes:
  caddy_data:
  caddy_config:
@@ -129,7 +126,4 @@ volumes:
  mattermost_data:
  postgres_data:
  keycloak_data:
-  keycloakdb_data:
-
-networks:
-  backend:
+  keycloakdb_data:
--- a/web/app.py
+++ b/web/app.py
@@ -1,3 +1,4 @@
+import os
 from flask import Flask, redirect, url_for, session, render_template
 from flask_sqlalchemy import SQLAlchemy
 from authlib.integrations.flask_client import OAuth
@@ -5,7 +6,7 @@ from authlib.integrations.flask_client import OAuth
 app = Flask(__name__)
 app.config['SQLALCHEMY_DATABASE_URI'] = 'mysql+pymysql://flaskuser:flaskpass@mariadb/flaskdb'
 app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = False
-app.secret_key = 'ninolabat'
+app.secret_key = os.environ.get("SECRET_KEY", "dev-key")

 db = SQLAlchemy(app)

@@ -15,8 +16,8 @@ oauth = OAuth(app)
 keycloak = oauth.register(
    name='keycloak',
    client_id='flask-app',
-    client_secret='jp4T3FnlpzHyc4Ch4zNoO8cAakXzHi50',
-    server_metadata_url='http://keycloak:8080/realms/GestHub/.well-known/openid-configuration',
+    client_secret='6R70kt1x9KjYpccZCMnPvJAGiJFzRHjE',
+    server_metadata_url='http://keycloak.localhost/realms/gesthub/.well-known/openid-configuration',
    client_kwargs={
        'scope': 'openid profile email',
    }
@@ -31,12 +32,15 @@ def index():

@app.route('/login')
 def login():
+    nonce = uuid.uuid4().hex
+    session['nonce'] = nonce
    redirect_uri = url_for('auth', _external=True)
    return keycloak.authorize_redirect(redirect_uri)

@app.route('/auth')
 def auth():
    token = keycloak.authorize_access_token()
+    nonce = session.pop('nonce', None)
    userinfo = keycloak.parse_id_token(token)
    session['user'] = userinfo
    return redirect('/')