Added proxy to nginx

fda-authentication-service/Dockerfile

@@ -10,6 +10,7 @@ ENV KC_FEATURES=account-api
 ENV KC_DB=mariadb
 
 WORKDIR /opt/keycloak
+
 # for demonstration purposes only, please make sure to use proper certificates in production instead
 RUN keytool -genkeypair -storepass password -storetype PKCS12 -keyalg RSA -keysize 2048 -dname "CN=server" -alias server -ext "SAN:c=DNS:localhost,IP:127.0.0.1" -keystore conf/server.keystore
 RUN /opt/keycloak/bin/kc.sh build
@@ -20,7 +21,7 @@ COPY --from=config /opt/keycloak/ /opt/keycloak/
 
 USER root
 
-COPY dbrepo-realm.json /dbrepo-realm.json
+COPY ./dbrepo-realm.json /dbrepo-realm.json
 
 ENV METADATA_USERNAME=root
 ENV METADATA_PASSWORD=dbrepo
@@ -35,8 +36,6 @@ ENV KEYCLOAK_IMPORT=/dbrepo-realm.json
 ENV KEYCLOAK_ADMIN=keycloak
 ENV KEYCLOAK_ADMIN_PASSWORD=keycloak
 
-VOLUME /tmp
-
-EXPOSE 9097
+USER 1000
 
 ENTRYPOINT ["/opt/keycloak/bin/kc.sh", "start"]

fda-gateway-service/rest-service/src/main/java/at/tuwien/config/GatewayConfig.java

@@ -11,11 +11,10 @@ public class GatewayConfig {
     @Bean
     public RouteLocator routes(RouteLocatorBuilder builder) {
         return builder.routes()
-                .route("authentication-service", r -> r.path("/api/auth/**",
-                                "/api/user/**")
+                .route("authentication-service", r -> r.path("/api/auth/**")
                         .and()
                         .method("POST", "GET", "PUT", "DELETE")
-                        .and()
+                        .filters(f -> f.rewritePath("/api/auth/(?<segment>.*)", "/${segment}"))
                         .uri("lb://authentication-service"))
                 .route("broker-service", r -> r.path("/api/broker/**")
                         .and()

fda-ui/.env.example

 # ATTENTION: remove the last slash for the gateway url
 #   - CORRECT: http://localhost:9095
 #   - WRONG:   http://localhost:9095/
+NODE_ENV=dev
 API="http://localhost:9095"
 BROKER_USERNAME=fda
 BROKER_PASSWORD=fda
-SANDBOX=false
+SANDBOX=true
 SHARED_FILESYSTEM=/tmp
+CLIENT_SECRET=

fda-ui/Dockerfile

@@ -41,6 +41,7 @@ EXPOSE 3000
 EXPOSE 9100
 
 ENV API=http://gateway-service:9095
+ENV KEYCLOAK=https://authentication-service:8443
 ENV BROKER_USERNAME=fda
 ENV BROKER_PASSWORD=fda
 ENV SANDBOX=false
@@ -52,6 +53,7 @@ ENV ELASTIC_PASSWORD=elastic
 ENV VERSION="${TAG}"
 ENV TITLE="Database Repository"
 ENV ICON="/favicon.ico"
+ENV CLIENT_SECRET=""
 
 WORKDIR /app
 

fda-ui/nuxt.config.js

@@ -10,6 +10,7 @@ if (process.env.SANDBOX) {
 
 const configTitle = process.env.TITLE || 'Database Repository'
 const configIcon = process.env.ICON || '/favicon.ico'
+const sandbox = process.env.SANDBOX || false
 
 export default {
   target: 'server',
@@ -40,10 +41,10 @@ export default {
   ],
 
   plugins: [
-    { src: '~/plugins/toast', ssr: false },
-    { src: '~/plugins/vendors', ssr: false },
-    { src: '~/plugins/axios' },
-    { src: '~/plugins/vuex-persist.js', mode: 'client' }
+    { src: '@/plugins/toast', ssr: false },
+    { src: '@/plugins/vendors', ssr: false },
+    { src: '@/plugins/axios' },
+    { src: '@/plugins/vuex-persist.js', mode: 'client' }
   ],
 
   // Auto import components (https://go.nuxtjs.dev/config-components)
@@ -75,16 +76,18 @@ export default {
   publicRuntimeConfig: {
     brokerUsername: process.env.BROKER_USERNAME || 'fda',
     brokerPassword: process.env.BROKER_PASSWORD || 'fda',
-    sandbox: process.env.SANDBOX || false,
+    sandbox,
     sharedFilesystem: process.env.SHARED_FILESYSTEM || '/tmp',
     version: process.env.VERSION || 'latest',
     logo: process.env.LOGO || '/logo.png',
     mailVerify: process.env.MAIL_VERIFY || false,
     tokenMax: process.env.TOKEN_MAX || 5,
-    elasticPassword: process.env.ELASTIC_PASSWORD || 'elastic'
+    elasticPassword: process.env.ELASTIC_PASSWORD || 'elastic',
+    client_secret: process.env.CLIENT_SECRET
   },
 
   proxy: {
+    '/auth': process.env.KEYCLOAK || 'https://localhost:8443',
     '/api': process.env.API || 'http://localhost:9095',
     '/pid': {
       target: process.env.API + '/api' || 'http://localhost:9095/api',

fda-ui/package.json

@@ -3,7 +3,7 @@
   "version": "1.0.0",
   "private": true,
   "scripts": {
-    "dev": "nuxt --port 3001",
+    "dev": "export NODE_TLS_REJECT_UNAUTHORIZED=0 && nuxt --env.NODE_TLS_REJECT_UNAUTHORIZED=0 --port 3001",
     "docker": "nuxt > /dev/null",
     "build": "nuxt build",
     "start": "nuxt start",

fda-ui/pages/login.vue

@@ -63,8 +63,11 @@ export default {
       error: false, // XXX: `error` is never changed
       valid: false,
       loginAccount: {
+        client_id: 'dbrepo-client',
         username: null,
-        password: null
+        password: null,
+        grant_type: 'password',
+        client_secret: this.$config.client_secret
       }
     }
   },
@@ -103,7 +106,7 @@ export default {
     async login () {
       try {
         this.loading = true
-        const res = await this.$axios.post('/api/auth', this.loginAccount)
+        const res = await this.$axios.post('/auth/realms/dbrepo/protocol/openid-connect/token', this.loginAccount)
         console.debug('login user', res.data)
         const { token } = res.data
         this.$store.commit('SET_TOKEN', token)