MasterMito/work-club-manager
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

Fix RLS permissions and JWT validation for admin club creation #5

Merged
MasterMito merged 18 commits from fix/rls-permission-test-failure into epic/admin_rework_second_try 2026-03-20 11:42:05 +01:00
Conversation 0 Commits 18 Files Changed 37
+15 -5
2 changed files with 15 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit d295c9123e - Show all commits
docker-compose.yml
+6 -4
View File
@@ -42,8 +42,9 @@ services:
KC_HOSTNAME: "http://localhost:8080"
KC_HOSTNAME_STRICT: "false"
KC_PROXY: "edge"
KC_HTTP_PORT: "8081"
ports:
- "8080:8080"
- "8080:8081"
volumes:
- ./infra/keycloak:/opt/keycloak/data/import
depends_on:
@@ -62,20 +63,21 @@ services:
container_name: workclub_api
environment:
ASPNETCORE_ENVIRONMENT: Development
ASPNETCORE_URLS: "http://+:8080"
ConnectionStrings__DefaultConnection: "Host=postgres;Port=5432;Database=workclub;Username=workclub;Password=dev_password_change_in_production"
Keycloak__Authority: "http://keycloak:8080/realms/workclub"
Keycloak__Authority: "http://192.168.65.254:8080/realms/workclub"
Keycloak__Audience: "workclub-api"
Keycloak__TokenValidationParameters__ValidateIssuer: "false"
ports:
- "5001:8080"
extra_hosts:
- "localhost:host-gateway"
working_dir: /app
volumes:
- ./backend:/app:cached
depends_on:
postgres:
condition: service_healthy
command: watch run WorkClub.Api/WorkClub.Api.csproj
networks:
- app-network
@@ -95,7 +97,7 @@ services:
KEYCLOAK_CLIENT_ID: "workclub-app"
KEYCLOAK_CLIENT_SECRET: "dev-secret-workclub-api-change-in-production"
KEYCLOAK_ISSUER: "http://localhost:8080/realms/workclub"
KEYCLOAK_ISSUER_INTERNAL: "http://keycloak:8080/realms/workclub"
KEYCLOAK_ISSUER_INTERNAL: "http://keycloak:8081/realms/workclub"
NEXT_PUBLIC_KEYCLOAK_ISSUER: "http://localhost:8080/realms/workclub"
ports:
- "3000:3000"
frontend/src/auth/auth.ts
+9 -1
View File
@@ -27,15 +27,23 @@ declare module "next-auth" {
const issuerPublic = process.env.KEYCLOAK_ISSUER!
const issuerInternal = process.env.KEYCLOAK_ISSUER_INTERNAL || issuerPublic
const oidcPublic = `${issuerPublic}/protocol/openid-connect`
const oidcInternal = `${issuerInternal}/protocol/openid-connect`
const oidcInternal = `${issuerInternal.replace(':8080', ':8081')}/protocol/openid-connect`
export const { handlers, signIn, signOut, auth } = NextAuth({
providers: [
KeycloakProvider({
clientId: process.env.KEYCLOAK_CLIENT_ID!,
issuer: issuerPublic,
authorization: {
url: `${oidcPublic}/auth`,
params: { scope: "openid email profile" },
},
token: `${oidcInternal}/token`,
userinfo: `${oidcInternal}/userinfo`,
jwks_endpoint: `${oidcInternal}/certs`,
})
],
trustHost: true,
cookies: {
pkceCodeVerifier: {
name: "authjs.pkce.code_verifier",