diff --git a/fda-authentication-service/Dockerfile b/fda-authentication-service/Dockerfile
index f5cfe08e18c15e0d59d387d42eadc7932ed27a40..a68b28577fa9c76437921607e1a4a0706018c916 100644
--- a/fda-authentication-service/Dockerfile
+++ b/fda-authentication-service/Dockerfile
@@ -10,6 +10,7 @@ ENV KC_FEATURES=account-api
ENV KC_DB=mariadb
WORKDIR /opt/keycloak
+
# for demonstration purposes only, please make sure to use proper certificates in production instead
RUN keytool -genkeypair -storepass password -storetype PKCS12 -keyalg RSA -keysize 2048 -dname "CN=server" -alias server -ext "SAN:c=DNS:localhost,IP:127.0.0.1" -keystore conf/server.keystore
RUN /opt/keycloak/bin/kc.sh build
@@ -20,7 +21,7 @@ COPY --from=config /opt/keycloak/ /opt/keycloak/
USER root
-COPY dbrepo-realm.json /dbrepo-realm.json
+COPY ./dbrepo-realm.json /dbrepo-realm.json
ENV METADATA_USERNAME=root
ENV METADATA_PASSWORD=dbrepo
@@ -35,8 +36,6 @@ ENV KEYCLOAK_IMPORT=/dbrepo-realm.json
ENV KEYCLOAK_ADMIN=keycloak
ENV KEYCLOAK_ADMIN_PASSWORD=keycloak
-VOLUME /tmp
-
-EXPOSE 9097
+USER 1000
ENTRYPOINT ["/opt/keycloak/bin/kc.sh", "start"]
diff --git a/fda-gateway-service/rest-service/src/main/java/at/tuwien/config/GatewayConfig.java b/fda-gateway-service/rest-service/src/main/java/at/tuwien/config/GatewayConfig.java
index a5f75df457eb660ef31cdbbac74b9ce3deb59b34..937479e0417e4ffd3f8ed19ec3160d7b9c9ce744 100644
--- a/fda-gateway-service/rest-service/src/main/java/at/tuwien/config/GatewayConfig.java
+++ b/fda-gateway-service/rest-service/src/main/java/at/tuwien/config/GatewayConfig.java
@@ -11,11 +11,10 @@ public class GatewayConfig {
@Bean
public RouteLocator routes(RouteLocatorBuilder builder) {
return builder.routes()
- .route("authentication-service", r -> r.path("/api/auth/**",
- "/api/user/**")
+ .route("authentication-service", r -> r.path("/api/auth/**")
.and()
.method("POST", "GET", "PUT", "DELETE")
- .and()
+ .filters(f -> f.rewritePath("/api/auth/(?<segment>.*)", "/${segment}"))
.uri("lb://authentication-service"))
.route("broker-service", r -> r.path("/api/broker/**")
.and()
diff --git a/fda-ui/.env.example b/fda-ui/.env.example
index 6d67c5eca979378377bc21dd27644ba038a41d86..00f7fc8871f021c34ef36a11ea99a513cc027a58 100644
--- a/fda-ui/.env.example
+++ b/fda-ui/.env.example
@@ -1,8 +1,10 @@
# ATTENTION: remove the last slash for the gateway url
# - CORRECT: http://localhost:9095
# - WRONG: http://localhost:9095/
+NODE_ENV=dev
API="http://localhost:9095"
BROKER_USERNAME=fda
BROKER_PASSWORD=fda
-SANDBOX=false
+SANDBOX=true
SHARED_FILESYSTEM=/tmp
+CLIENT_SECRET=
diff --git a/fda-ui/Dockerfile b/fda-ui/Dockerfile
index 0df37b3162497a09a783844a2b2eef4f264f9a14..e5ecd6473878935de025fbb42ca21223a8800e2d 100644
--- a/fda-ui/Dockerfile
+++ b/fda-ui/Dockerfile
@@ -41,6 +41,7 @@ EXPOSE 3000
EXPOSE 9100
ENV API=http://gateway-service:9095
+ENV KEYCLOAK=https://authentication-service:8443
ENV BROKER_USERNAME=fda
ENV BROKER_PASSWORD=fda
ENV SANDBOX=false
@@ -52,6 +53,7 @@ ENV ELASTIC_PASSWORD=elastic
ENV VERSION="${TAG}"
ENV TITLE="Database Repository"
ENV ICON="/favicon.ico"
+ENV CLIENT_SECRET=""
WORKDIR /app
diff --git a/fda-ui/nuxt.config.js b/fda-ui/nuxt.config.js
index 66d11e53c6c5a59abc1f2f729acb9895844603d6..d537faae8af0e10bf79da71eb8386375309f5a6f 100644
--- a/fda-ui/nuxt.config.js
+++ b/fda-ui/nuxt.config.js
@@ -10,6 +10,7 @@ if (process.env.SANDBOX) {
const configTitle = process.env.TITLE || 'Database Repository'
const configIcon = process.env.ICON || '/favicon.ico'
+const sandbox = process.env.SANDBOX || false
export default {
target: 'server',
@@ -40,10 +41,10 @@ export default {
],
plugins: [
- { src: '~/plugins/toast', ssr: false },
- { src: '~/plugins/vendors', ssr: false },
- { src: '~/plugins/axios' },
- { src: '~/plugins/vuex-persist.js', mode: 'client' }
+ { src: '@/plugins/toast', ssr: false },
+ { src: '@/plugins/vendors', ssr: false },
+ { src: '@/plugins/axios' },
+ { src: '@/plugins/vuex-persist.js', mode: 'client' }
],
// Auto import components (https://go.nuxtjs.dev/config-components)
@@ -75,16 +76,18 @@ export default {
publicRuntimeConfig: {
brokerUsername: process.env.BROKER_USERNAME || 'fda',
brokerPassword: process.env.BROKER_PASSWORD || 'fda',
- sandbox: process.env.SANDBOX || false,
+ sandbox,
sharedFilesystem: process.env.SHARED_FILESYSTEM || '/tmp',
version: process.env.VERSION || 'latest',
logo: process.env.LOGO || '/logo.png',
mailVerify: process.env.MAIL_VERIFY || false,
tokenMax: process.env.TOKEN_MAX || 5,
- elasticPassword: process.env.ELASTIC_PASSWORD || 'elastic'
+ elasticPassword: process.env.ELASTIC_PASSWORD || 'elastic',
+ client_secret: process.env.CLIENT_SECRET
},
proxy: {
+ '/auth': process.env.KEYCLOAK || 'https://localhost:8443',
'/api': process.env.API || 'http://localhost:9095',
'/pid': {
target: process.env.API + '/api' || 'http://localhost:9095/api',
diff --git a/fda-ui/package.json b/fda-ui/package.json
index 1649177b07b97389c2827d1c565f2db4f7e77ca9..7d4b5cb16b5aecfe883850a9afede905ec516847 100644
--- a/fda-ui/package.json
+++ b/fda-ui/package.json
@@ -3,7 +3,7 @@
"version": "1.0.0",
"private": true,
"scripts": {
- "dev": "nuxt --port 3001",
+ "dev": "export NODE_TLS_REJECT_UNAUTHORIZED=0 && nuxt --env.NODE_TLS_REJECT_UNAUTHORIZED=0 --port 3001",
"docker": "nuxt > /dev/null",
"build": "nuxt build",
"start": "nuxt start",
diff --git a/fda-ui/pages/login.vue b/fda-ui/pages/login.vue
index 44ee3235cf09fd0e02f0e3e4eb09bd1f2a6a94fa..9457e6eb65394b2ed68aa824dcc9013df35e7561 100644
--- a/fda-ui/pages/login.vue
+++ b/fda-ui/pages/login.vue
@@ -63,8 +63,11 @@ export default {
error: false, // XXX: `error` is never changed
valid: false,
loginAccount: {
+ client_id: 'dbrepo-client',
username: null,
- password: null
+ password: null,
+ grant_type: 'password',
+ client_secret: this.$config.client_secret
}
}
},
@@ -103,7 +106,7 @@ export default {
async login () {
try {
this.loading = true
- const res = await this.$axios.post('/api/auth', this.loginAccount)
+ const res = await this.$axios.post('/auth/realms/dbrepo/protocol/openid-connect/token', this.loginAccount)
console.debug('login user', res.data)
const { token } = res.data
this.$store.commit('SET_TOKEN', token)