chore: identity-server app global prefix in prod

aceHubert · Oct 18, 2024 · 703809a · 703809a
1 parent d7670ba
commit 703809a
Show file tree

Hide file tree

Showing 11 changed files with 39 additions and 38 deletions.
diff --git a/clients/vue-web/env/env.js b/clients/vue-web/env/env.js
@@ -10,7 +10,7 @@
   env.identityGraphqlBase = baseUrl + '/action/identity/graphql';
 
   env.oidc = {
-    authority: baseUrl + '/oauth2',
+    authority: baseUrl + '/identity/oauth2',
     client_id: clientId,
     redirect_uri: baseUrl + globalPrefix + '/signin.html',
     post_logout_redirect_uri: baseUrl + globalPrefix,

diff --git a/ecosystem.config.js b/ecosystem.config.js
@@ -37,6 +37,7 @@ module.exports = {
       autorestart: true,
       env_production: {
         PORT: 3003,
+        GLOBAL_PREFIX_URI: '/identity',
         OIDC_PATH: '/oauth2',
         INFRASTRUCTURE_SERVICE_PORT: 3000,
       },

diff --git a/servers/conf/apisix.yaml b/servers/conf/apisix.yaml
@@ -16,9 +16,10 @@ routes:
         _meta:
           disable: true
         bearer_only: false
-        client_id: CLIENT_ID
-        client_secret: CLIENT_SECRET
-        discovery: http://pomelo-server:3003/oauth2/.well-known/openid-configuration
+        # set client metadata
+        # client_id: CLIENT_ID
+        # client_secret: CLIENT_SECRET
+        discovery: http://pomelo-server:3003/identity/oauth2/.well-known/openid-configuration
         unauth_action: pass
         use_jwks: true
       proxy-rewrite:
@@ -61,7 +62,7 @@ routes:
       proxy-rewrite:
         regex_uri:
           - ^/action/identity(/?)(.*)
-          - /$2
+          - /identity/$2
     upstream:
       nodes:
         - host: pomelo-server

diff --git a/servers/conf/config.fly.yaml b/servers/conf/config.fly.yaml
@@ -12,10 +12,24 @@ graphql:
   # path: "/graphql"
 # server configuration
 server:
-  origin: "https://pomelo-server.fly.dev"
+  origin: "https://pomelo-server.fly.dev:3003"
 # redis connection, from fly secrets
 # REDIS_URL: "redis://host:port/db"
 # infrastructure database connection, from fly secrets
 # INFRASTRUCTURE_DATABASE_CONNECTION: "mysql://user:password@host:port/database"
 # identity database connection, from fly secrets
 # IDENTITY_DATABASE_CONNECTION: "mysql://user:password@host:port/database"
+# table prefix
+TABLE_PREFIX: "po_"
+# oidc redirect uri, default: ${server.origin}
+WEB_URL: "https://pomelo-client.fly.dev:3011"
+# openid-client authentication configuration
+OIDC_CONFIG:
+  # openid-connect issuer
+  issuer: "${server.origin}/oauth2"
+  # use jwks to verify jwt
+  useJWKS: true
+  # http options
+  # https://github.com/panva/node-openid-client/blob/main/docs/README.md#customizing-http-requests
+  httpOptions:
+    timeout: 60000
diff --git a/servers/conf/config.yaml b/servers/conf/config.yaml
@@ -45,14 +45,15 @@ PUBLIC_KEY: "private_key"
 # openid-client authentication configuration
 OIDC_CONFIG:
   # openid-connect issuer
-  issuer: "${server.origin}/oauth2"
+  issuer: "${server.origin}/identity/oauth2"
   # use jwks to verify jwt
   useJWKS: true
-  # client metadata
-  # https://github.com/panva/node-openid-client/blob/main/docs/README.md#new-clientmetadata-jwks-options
-  client_id: "client_id"
-  client_secret: "client_secret"
   # http options
   # https://github.com/panva/node-openid-client/blob/main/docs/README.md#customizing-http-requests
   httpOptions:
     timeout: 1000
+# bff client metadata
+# https://github.com/panva/node-openid-client/blob/main/docs/README.md#new-clientmetadata-jwks-options
+# INFRASTRUCTURE_BFF_CLIENT_METADATA:
+  # client_id: "client_id"
+  # client_secret: "client_secret"
diff --git a/servers/conf/nginx.conf b/servers/conf/nginx.conf
@@ -86,7 +86,7 @@ upstream pomelo_identity_server {
             client_max_body_size 100M;
         }
 
-        location /oauth2/ {
+        location /identity/ {
             proxy_read_timeout    90;
             proxy_connect_timeout 90;
             proxy_redirect        off;

diff --git a/servers/identity-server/.env b/servers/identity-server/.env
diff --git a/servers/identity-server/src/app.module.ts b/servers/identity-server/src/app.module.ts
@@ -218,6 +218,7 @@ const logger = new Logger('AppModule', { timestamp: true });
       useFactory: async (config: ConfigService, storageOptions: StorageOptions) => ({
         debug: config.get('debug', false),
         issuer: 'http://fakeissuer.com',
+        // update issuer in each request
         //  `${config.getOrThrow('server.origin')}${normalizeRoutePath(
         //   config.get<string>('server.globalPrefixUri', ''),
         // )}`,

diff --git a/servers/infrastructure-bff/.env b/servers/infrastructure-bff/.env
diff --git a/servers/infrastructure-bff/src/app.module.ts b/servers/infrastructure-bff/src/app.module.ts
@@ -152,15 +152,17 @@ const logger = new Logger('AppModule', { timestamp: true });
     AuthorizationModule.forRootAsync({
       isGlobal: true,
       useFactory: async (config: ConfigService) => {
-        const {
-          issuer,
-          useJWKS = true,
-          httpOptions = {},
-          ...clientMetadata
-        } = config.get<Record<string, any>>('OIDC_CONFIG', {});
+        const { issuer, useJWKS = true, httpOptions = {} } = config.get<Record<string, any>>('OIDC_CONFIG', {});
+        const clientMetadata = config.get<{ client_id: string; [key: string]: any }>(
+          'INFRASTRUCTURE_BFF_CLIENT_METADATA',
+          {
+            client_id: '75a9c633-cfde-4954-b35c-9344ed9b781a',
+            client_secret: 'NzVhOWM2MzMtY2ZkZS00OTU0LWIzNWMtOTM0NGVkOWI3ODFhLlhDeTZLU19xVEc',
+          },
+        );
         return {
           issuer,
-          clientMetadata: clientMetadata as any,
+          clientMetadata,
           useJWKS,
           publicKey: await getPublicKey(config.get('PUBLIC_KEY')),
           httpOptions: {

diff --git a/servers/infrastructure-service/.env b/servers/infrastructure-service/.env