diff --git a/.forgejo/workflows/build.yaml b/.forgejo/workflows/build.yaml index cf2172f..53c75fe 100644 --- a/.forgejo/workflows/build.yaml +++ b/.forgejo/workflows/build.yaml @@ -70,6 +70,7 @@ jobs: - name: Publish if: fromJSON(steps.builder.outputs.run) run: pnpm publish --no-git-checks + continue-on-error: true - name: Build container if: fromJSON(steps.builder.outputs.run) diff --git a/Containerfile b/Containerfile index e9815a2..f5612bd 100644 --- a/Containerfile +++ b/Containerfile @@ -1,3 +1,5 @@ FROM docker.io/nginx:alpine -COPY ./dist /usr/share/nginx/html +COPY ./dist /usr/share/nginx/html/oidc-test-web + +CMD ["nginx", "-g", "daemon off;"] diff --git a/README.md b/README.md index 77693ed..271f522 100644 --- a/README.md +++ b/README.md @@ -2,24 +2,123 @@ Small web app for experimenting a web app with a Keycloak auth server. -It is a sibbling of the server version (oidc-test)[philorg/oidc-fastapi-test], +It is a sibling of the server version [oidc-test](philorg/oidc-fastapi-test), which acts also as a resource server. -Live demo: https://philo.ydns.eu/oidc-test-web: +Live demo: : + - configured with a test realm on a private Keycloak instance - 2 users are defined: foo (foofoo) and bar (barbar). -## Deployment +**Note**: decoding tokens requires the use of cryto extension, +that web browsers allow only with a secured connection (https). -In a container: +## Configuration + +The app expects that a `settings.json` file is available on the server +at the app's base url. + +For example: + +```json +{ + "keycloakUri": "https://keycloak.your.domain", + "realm": "test", + "authProvider": "keycloak", + "sso": false, + "clientId": "oidc-test-web", + "tokenSandbox": true, + "resourceServerUrl": "https://someserver.your.domain/resourceBaseUrl", + "resourceScopes": [ + "get:time", + "get:bs" + ], + "resourceProviders": { + "resourceProvider1": { + "name": "Third party 1", + "baseUrl": "https://otherserver.your.domain/resources/", + "verifySSL": true, + "resources": { + "public": { + "name": "A public resource", + "url": "resource/public" + }, + "bs": { + "name": "A secured resource, eg by scope", + "url": "resource/secured1" + }, + "time": { + "name": "Another secured resource, eg by role", + "url": "resource/secured2" + } + } + } + } +} +``` + +## Build + +For generating a `dist` directory ready to be copied to a web server +static data tree, it's a straightforward: + +```sh +pnpm run build +``` + +Eventually specify a `base url` (eg. accessible from `https://for.example.com/oidc-test-web`): ```sh pnpm run build --base oidc-test-web -podman run -it --rm -p 8874:80 -v ./dist:/usr/share/nginx/html/oidc-test-web docker.io/nginx:alpine +``` + +## Deployment + +Examples of deployment are presented below. + +- Using the nginx default container, from the development source tree: + +```sh +podman run -it --rm -p 8874:80 -v ./dist:/usr/share/nginx/html/oidc-test-web -v ./settings.json:/usr/share/nginx/html/oidc-test-web/settings.json docker.io/nginx:alpine +``` + +- The build is packaged in a provided container (see *pakcages*), serving with the `/oidc-test-web` base url: + +```sh +podman run -it --rm -p 8874:80 -v ./settings.json:/usr/share/nginx/html/oidc-test-web/settings.json code.philo.ydns.eu/philorg/oidc-vue-test:latest +``` + +- A *quadlet* *systemd* service, in `~/.config/containers/systemd/oidc-vue-test.container`: + +```systemd +[Container] +ContainerName=oidc-vue-test +Image=code.philo.ydns.eu/philorg/oidc-vue-test:latest +Mount=type=bind,source=/path/to/settings.json,destination=/usr/share/nginx/html/oidc-test-web/settings.json +PublishPort=8874:80 + +[Service] +Restart=always +RestartSec=5 + +[Unit] +After=podman-user-wait-network-online.service + +[Install] +WantedBy=default.target +``` + +Run with: + +```sh +systemctl --user daemon-reload +systemcrl --user start oidc-vue-test ``` ## Frontend +YMMV, easy with *Caddy*: + ```Caddyfile handle /oidc-test-web { reverse-proxy hostname.domainame:8874 diff --git a/package.json b/package.json index ee57e60..360dd30 100644 --- a/package.json +++ b/package.json @@ -1,5 +1,5 @@ { - "name": "oidc-text-web", + "name": "oidc-test-web", "version": "0.0.0", "type": "module", "scripts": {