IT4Change/gradido
3
0
Fork 0
mirror of https://github.com/IT4Change/gradido.git synced 2026-02-06 09:56:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

add realms to make it easier to switch out later with keycloak

Browse Source
This commit is contained in:
einhornimmond 2025-07-30 12:15:43 +02:00
parent a479a6b7ca
commit 7d164f3ef2
6 changed files with 63 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
backend/src/config/const.ts
View File

@ -1,2 +1,3 @@
export const LOG4JS_BASE_CATEGORY_NAME = 'backend'
export const FRONTEND_LOGIN_ROUTE = 'login'
export const FRONTEND_LOGIN_ROUTE = 'login'
export const GRADIDO_REALM = 'gradido'

4
backend/src/openIDConnect/index.ts
View File

@ -1,5 +1,5 @@
import { CONFIG } from '@/config'
import { FRONTEND_LOGIN_ROUTE, LOG4JS_BASE_CATEGORY_NAME } from '@/config/const'
import { FRONTEND_LOGIN_ROUTE, GRADIDO_REALM, LOG4JS_BASE_CATEGORY_NAME } from '@/config/const'
import { getHomeCommunity } from 'database'
import { importSPKI, exportJWK } from 'jose'
import { createHash } from 'crypto'
@ -12,7 +12,7 @@ export const openidConfiguration = async (req: any, res: any): Promise<void> =>
res.setHeader('Content-Type', 'application/json')
res.status(200).json({
issuer: new URL(FRONTEND_LOGIN_ROUTE, CONFIG.COMMUNITY_URL).toString(),
jwks_uri: new URL('/.well-known/jwks.json', CONFIG.COMMUNITY_URL).toString(),
jwks_uri: new URL(`/realms/${GRADIDO_REALM}/protocol/openid-connect/certs`, CONFIG.COMMUNITY_URL).toString(),
})
}

6
backend/src/server/createServer.ts
View File

@ -9,7 +9,7 @@ import helmet from 'helmet'
import { Logger, getLogger } from 'log4js'
import { DataSource } from 'typeorm'
import { LOG4JS_BASE_CATEGORY_NAME } from '@/config/const'
import { GRADIDO_REALM, LOG4JS_BASE_CATEGORY_NAME } from '@/config/const'
import { AppDatabase } from 'database'
import { context as serverContext } from './context'
import { cors } from './cors'
@ -86,8 +86,8 @@ export const createServer = async (
app.get('/hook/gms/' + CONFIG.GMS_WEBHOOK_SECRET, gmsWebhook)
// OpenID Connect
app.get('/.well-known/openid-configuration', openidConfiguration)
app.get('/.well-known/jwks.json', jwks)
app.get(`/realms/${GRADIDO_REALM}/.well-known/openid-configuration`, openidConfiguration)
app.get(`/realms/${GRADIDO_REALM}/protocol/openid-connect/certs`, jwks)
// Apollo Server
const apollo = new ApolloServer({

24
deployment/bare_metal/nginx/sites-available/gradido.conf.ssl.template
View File

@ -131,8 +131,8 @@ server {
# Well-Known for openid connect
location /.well-known/ {
limit_req zone=backend burst=20 nodelay;
limit_conn addr 10;
limit_req zone=backend burst=10 nodelay;
limit_conn addr 5;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
@ -140,7 +140,25 @@ server {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:4000/.well-known/;
proxy_pass http://127.0.0.1:4000/realms/gradido/.well-known;
proxy_redirect off;
access_log $GRADIDO_LOG_PATH/nginx-access.well-known.log gradido_log;
error_log $GRADIDO_LOG_PATH/nginx-error.well-known.log warn;
}
# Well-Known for openid connect
location /realms/gradido {
limit_req zone=backend burst=10 nodelay;
limit_conn addr 5;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:4000/realms/gradido;
proxy_redirect off;
access_log $GRADIDO_LOG_PATH/nginx-access.well-known.log gradido_log;

24
deployment/bare_metal/nginx/sites-available/gradido.conf.template
View File

@ -116,8 +116,8 @@ server {
# Well-Known for openid connect
location /.well-known/ {
limit_req zone=backend burst=20 nodelay;
limit_conn addr 10;
limit_req zone=backend burst=10 nodelay;
limit_conn addr 5;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
@ -125,7 +125,25 @@ server {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:4000/.well-known/;
proxy_pass http://127.0.0.1:4000/realms/gradido/.well-known;
proxy_redirect off;
access_log $GRADIDO_LOG_PATH/nginx-access.well-known.log gradido_log;
error_log $GRADIDO_LOG_PATH/nginx-error.well-known.log warn;
}
# Well-Known for openid connect
location /realms/gradido {
limit_req zone=backend burst=10 nodelay;
limit_conn addr 5;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:4000/realms/gradido;
proxy_redirect off;
access_log $GRADIDO_LOG_PATH/nginx-access.well-known.log gradido_log;

16
nginx/gradido.conf
View File

@ -44,7 +44,7 @@ server {
}
# Well-Known for openid connect
location /.well-known/ {
location /.well-known {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
@ -52,7 +52,19 @@ server {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_pass http://backend:4000/.well-known/;
proxy_pass http://backend:4000/realms/gradido/.well-known;
proxy_redirect off;
}
location /realms/gradido {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_pass http://backend:4000/realms/gradido;
proxy_redirect off;
}