Fix RLS permissions and JWT validation for admin club creation #5
+6
-4
@@ -42,8 +42,9 @@ services:
|
|||||||
KC_HOSTNAME: "http://localhost:8080"
|
KC_HOSTNAME: "http://localhost:8080"
|
||||||
KC_HOSTNAME_STRICT: "false"
|
KC_HOSTNAME_STRICT: "false"
|
||||||
KC_PROXY: "edge"
|
KC_PROXY: "edge"
|
||||||
|
KC_HTTP_PORT: "8081"
|
||||||
ports:
|
ports:
|
||||||
- "8080:8080"
|
- "8080:8081"
|
||||||
volumes:
|
volumes:
|
||||||
- ./infra/keycloak:/opt/keycloak/data/import
|
- ./infra/keycloak:/opt/keycloak/data/import
|
||||||
depends_on:
|
depends_on:
|
||||||
@@ -62,20 +63,21 @@ services:
|
|||||||
container_name: workclub_api
|
container_name: workclub_api
|
||||||
environment:
|
environment:
|
||||||
ASPNETCORE_ENVIRONMENT: Development
|
ASPNETCORE_ENVIRONMENT: Development
|
||||||
ASPNETCORE_URLS: "http://+:8080"
|
|
||||||
ConnectionStrings__DefaultConnection: "Host=postgres;Port=5432;Database=workclub;Username=workclub;Password=dev_password_change_in_production"
|
ConnectionStrings__DefaultConnection: "Host=postgres;Port=5432;Database=workclub;Username=workclub;Password=dev_password_change_in_production"
|
||||||
Keycloak__Authority: "http://keycloak:8080/realms/workclub"
|
Keycloak__Authority: "http://192.168.65.254:8080/realms/workclub"
|
||||||
Keycloak__Audience: "workclub-api"
|
Keycloak__Audience: "workclub-api"
|
||||||
Keycloak__TokenValidationParameters__ValidateIssuer: "false"
|
Keycloak__TokenValidationParameters__ValidateIssuer: "false"
|
||||||
ports:
|
ports:
|
||||||
- "5001:8080"
|
- "5001:8080"
|
||||||
extra_hosts:
|
extra_hosts:
|
||||||
- "localhost:host-gateway"
|
- "localhost:host-gateway"
|
||||||
|
working_dir: /app
|
||||||
volumes:
|
volumes:
|
||||||
- ./backend:/app:cached
|
- ./backend:/app:cached
|
||||||
depends_on:
|
depends_on:
|
||||||
postgres:
|
postgres:
|
||||||
condition: service_healthy
|
condition: service_healthy
|
||||||
|
command: watch run WorkClub.Api/WorkClub.Api.csproj
|
||||||
networks:
|
networks:
|
||||||
- app-network
|
- app-network
|
||||||
|
|
||||||
@@ -95,7 +97,7 @@ services:
|
|||||||
KEYCLOAK_CLIENT_ID: "workclub-app"
|
KEYCLOAK_CLIENT_ID: "workclub-app"
|
||||||
KEYCLOAK_CLIENT_SECRET: "dev-secret-workclub-api-change-in-production"
|
KEYCLOAK_CLIENT_SECRET: "dev-secret-workclub-api-change-in-production"
|
||||||
KEYCLOAK_ISSUER: "http://localhost:8080/realms/workclub"
|
KEYCLOAK_ISSUER: "http://localhost:8080/realms/workclub"
|
||||||
KEYCLOAK_ISSUER_INTERNAL: "http://keycloak:8080/realms/workclub"
|
KEYCLOAK_ISSUER_INTERNAL: "http://keycloak:8081/realms/workclub"
|
||||||
NEXT_PUBLIC_KEYCLOAK_ISSUER: "http://localhost:8080/realms/workclub"
|
NEXT_PUBLIC_KEYCLOAK_ISSUER: "http://localhost:8080/realms/workclub"
|
||||||
ports:
|
ports:
|
||||||
- "3000:3000"
|
- "3000:3000"
|
||||||
|
|||||||
@@ -27,15 +27,23 @@ declare module "next-auth" {
|
|||||||
const issuerPublic = process.env.KEYCLOAK_ISSUER!
|
const issuerPublic = process.env.KEYCLOAK_ISSUER!
|
||||||
const issuerInternal = process.env.KEYCLOAK_ISSUER_INTERNAL || issuerPublic
|
const issuerInternal = process.env.KEYCLOAK_ISSUER_INTERNAL || issuerPublic
|
||||||
const oidcPublic = `${issuerPublic}/protocol/openid-connect`
|
const oidcPublic = `${issuerPublic}/protocol/openid-connect`
|
||||||
const oidcInternal = `${issuerInternal}/protocol/openid-connect`
|
const oidcInternal = `${issuerInternal.replace(':8080', ':8081')}/protocol/openid-connect`
|
||||||
|
|
||||||
export const { handlers, signIn, signOut, auth } = NextAuth({
|
export const { handlers, signIn, signOut, auth } = NextAuth({
|
||||||
providers: [
|
providers: [
|
||||||
KeycloakProvider({
|
KeycloakProvider({
|
||||||
clientId: process.env.KEYCLOAK_CLIENT_ID!,
|
clientId: process.env.KEYCLOAK_CLIENT_ID!,
|
||||||
issuer: issuerPublic,
|
issuer: issuerPublic,
|
||||||
|
authorization: {
|
||||||
|
url: `${oidcPublic}/auth`,
|
||||||
|
params: { scope: "openid email profile" },
|
||||||
|
},
|
||||||
|
token: `${oidcInternal}/token`,
|
||||||
|
userinfo: `${oidcInternal}/userinfo`,
|
||||||
|
jwks_endpoint: `${oidcInternal}/certs`,
|
||||||
})
|
})
|
||||||
],
|
],
|
||||||
|
trustHost: true,
|
||||||
cookies: {
|
cookies: {
|
||||||
pkceCodeVerifier: {
|
pkceCodeVerifier: {
|
||||||
name: "authjs.pkce.code_verifier",
|
name: "authjs.pkce.code_verifier",
|
||||||
|
|||||||
Reference in New Issue
Block a user