forked from baron/baron-sso
adminfront/devfront 앱 실행 기본 URL 설정
This commit is contained in:
@@ -108,10 +108,6 @@ HYDRA_ADMIN_URL=http://hydra:4445
|
|||||||
# Oathkeeper가 /oidc 경로를 Hydra Public API로 라우팅합니다.
|
# Oathkeeper가 /oidc 경로를 Hydra Public API로 라우팅합니다.
|
||||||
HYDRA_PUBLIC_URL=${OATHKEEPER_PUBLIC_URL}/oidc
|
HYDRA_PUBLIC_URL=${OATHKEEPER_PUBLIC_URL}/oidc
|
||||||
|
|
||||||
# OIDC 클라이언트 callback (콤마 구분)
|
|
||||||
ADMINFRONT_CALLBACK_URLS=http://localhost:5173/auth/callback,https://sso.hmac.kr/auth/callback
|
|
||||||
DEVFRONT_CALLBACK_URLS=http://localhost:5174/auth/callback,https://sso.hmac.kr/devfront/auth/callback
|
|
||||||
|
|
||||||
# Kratos allowed_return_urls 확장 목록 (콤마 구분, 선택)
|
# Kratos allowed_return_urls 확장 목록 (콤마 구분, 선택)
|
||||||
# 기본값은 KRATOS_UI_URL, USERFRONT_URL, 각 callback URL을 자동 포함합니다.
|
# 기본값은 KRATOS_UI_URL, USERFRONT_URL, 각 callback URL을 자동 포함합니다.
|
||||||
KRATOS_ALLOWED_RETURN_URLS_EXTRA=[]
|
KRATOS_ALLOWED_RETURN_URLS_EXTRA=[]
|
||||||
@@ -134,9 +130,11 @@ CSRF_COOKIE_NAME=__HOST-baronSSO_csrf
|
|||||||
CSRF_COOKIE_SECRET=localcsrf123
|
CSRF_COOKIE_SECRET=localcsrf123
|
||||||
|
|
||||||
# AdminFront OIDC 설정
|
# AdminFront OIDC 설정
|
||||||
|
ADMINFRONT_URL=http://localhost:5173
|
||||||
ADMINFRONT_CALLBACK_URLS=http://localhost:5173/auth/callback,https://sso.hmac.kr/auth/callback
|
ADMINFRONT_CALLBACK_URLS=http://localhost:5173/auth/callback,https://sso.hmac.kr/auth/callback
|
||||||
|
|
||||||
# DevFront OIDC 설정
|
# DevFront OIDC 설정
|
||||||
VITE_OIDC_CLIENT_ID=devfront
|
VITE_OIDC_CLIENT_ID=devfront
|
||||||
VITE_OIDC_AUTHORITY=https://sso.hmac.kr/oidc
|
VITE_OIDC_AUTHORITY=https://sso.hmac.kr/oidc
|
||||||
DEVFRONT_CALLBACK_URLS=http://localhost:5174/auth/callback,https://sso.hmac.kr/devfront/auth/callback
|
DEVFRONT_URL=http://localhost:5174
|
||||||
|
DEVFRONT_CALLBACK_URLS=http://localhost:5174/auth/callback,https://sso.hmac.kr/devfront/auth/callback
|
||||||
|
|||||||
@@ -120,6 +120,8 @@ jobs:
|
|||||||
|
|
||||||
# Frontend OIDC configs for Staging
|
# Frontend OIDC configs for Staging
|
||||||
VITE_OIDC_AUTHORITY=https://sso.hmac.kr/oidc
|
VITE_OIDC_AUTHORITY=https://sso.hmac.kr/oidc
|
||||||
|
ADMINFRONT_URL=http://172.16.10.176:5173
|
||||||
|
DEVFRONT_URL=http://172.16.10.176:5174
|
||||||
ADMINFRONT_CALLBACK_URLS=http://localhost:5173/auth/callback,https://sso.hmac.kr/auth/callback,http://172.16.10.176:5173/auth/callback,https://sadmin.hmac.kr/auth/callback
|
ADMINFRONT_CALLBACK_URLS=http://localhost:5173/auth/callback,https://sso.hmac.kr/auth/callback,http://172.16.10.176:5173/auth/callback,https://sadmin.hmac.kr/auth/callback
|
||||||
DEVFRONT_CALLBACK_URLS=http://localhost:5174/auth/callback,https://sso.hmac.kr/devfront/auth/callback,http://172.16.10.176:5174/auth/callback,https://sdev.hmac.kr/auth/callback
|
DEVFRONT_CALLBACK_URLS=http://localhost:5174/auth/callback,https://sso.hmac.kr/devfront/auth/callback,http://172.16.10.176:5174/auth/callback,https://sdev.hmac.kr/auth/callback
|
||||||
# OATHKEEPER_INTROSPECT_CLIENT_ID=${{ vars.OATHKEEPER_INTROSPECT_CLIENT_ID }}
|
# OATHKEEPER_INTROSPECT_CLIENT_ID=${{ vars.OATHKEEPER_INTROSPECT_CLIENT_ID }}
|
||||||
|
|||||||
@@ -3388,13 +3388,11 @@ func (h *AuthHandler) ListLinkedRps(c *fiber.Ctx) error {
|
|||||||
name = clientID
|
name = clientID
|
||||||
}
|
}
|
||||||
|
|
||||||
// ClientURI가 없으면 RedirectURIs에서 호스트 부분만 추출하여 URL로 사용 (Fallback)
|
clientURL := resolveLinkedRPURL(
|
||||||
clientURL := strings.TrimSpace(client.ClientURI)
|
client.ClientID,
|
||||||
if clientURL == "" && len(client.RedirectURIs) > 0 {
|
client.ClientURI,
|
||||||
if parsed, err := url.Parse(client.RedirectURIs[0]); err == nil {
|
client.RedirectURIs,
|
||||||
clientURL = fmt.Sprintf("%s://%s", parsed.Scheme, parsed.Host)
|
)
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
lastAuth := time.Time{}
|
lastAuth := time.Time{}
|
||||||
if session.AuthenticatedAt != nil {
|
if session.AuthenticatedAt != nil {
|
||||||
@@ -3484,12 +3482,11 @@ func (h *AuthHandler) ListLinkedRps(c *fiber.Ctx) error {
|
|||||||
name = client.ClientID
|
name = client.ClientID
|
||||||
}
|
}
|
||||||
|
|
||||||
clientURL := strings.TrimSpace(client.ClientURI)
|
clientURL := resolveLinkedRPURL(
|
||||||
if clientURL == "" && len(client.RedirectURIs) > 0 {
|
client.ClientID,
|
||||||
if parsed, err := url.Parse(client.RedirectURIs[0]); err == nil {
|
client.ClientURI,
|
||||||
clientURL = fmt.Sprintf("%s://%s", parsed.Scheme, parsed.Host)
|
client.RedirectURIs,
|
||||||
}
|
)
|
||||||
}
|
|
||||||
|
|
||||||
records[dc.ClientID] = &linkedRpRecord{
|
records[dc.ClientID] = &linkedRpRecord{
|
||||||
linkedRpSummary: linkedRpSummary{
|
linkedRpSummary: linkedRpSummary{
|
||||||
@@ -5423,6 +5420,32 @@ func extractHydraClientLogo(metadata map[string]interface{}) string {
|
|||||||
return ""
|
return ""
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func resolveLinkedRPURL(clientID string, clientURI string, redirectURIs []string) string {
|
||||||
|
switch strings.TrimSpace(clientID) {
|
||||||
|
case "adminfront":
|
||||||
|
if value := strings.TrimSpace(os.Getenv("ADMINFRONT_URL")); value != "" {
|
||||||
|
return value
|
||||||
|
}
|
||||||
|
case "devfront":
|
||||||
|
if value := strings.TrimSpace(os.Getenv("DEVFRONT_URL")); value != "" {
|
||||||
|
return value
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
clientURL := strings.TrimSpace(clientURI)
|
||||||
|
if clientURL != "" {
|
||||||
|
return clientURL
|
||||||
|
}
|
||||||
|
|
||||||
|
if len(redirectURIs) > 0 {
|
||||||
|
if parsed, err := url.Parse(redirectURIs[0]); err == nil {
|
||||||
|
return fmt.Sprintf("%s://%s", parsed.Scheme, parsed.Host)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return ""
|
||||||
|
}
|
||||||
|
|
||||||
func mergeScopes(current []string, next []string) []string {
|
func mergeScopes(current []string, next []string) []string {
|
||||||
if len(next) == 0 {
|
if len(next) == 0 {
|
||||||
return current
|
return current
|
||||||
|
|||||||
@@ -17,8 +17,10 @@ USERFRONT_URL="${USERFRONT_URL:-http://localhost:5000}"
|
|||||||
OATHKEEPER_PUBLIC_URL="${OATHKEEPER_PUBLIC_URL:-$USERFRONT_URL}"
|
OATHKEEPER_PUBLIC_URL="${OATHKEEPER_PUBLIC_URL:-$USERFRONT_URL}"
|
||||||
HYDRA_PUBLIC_URL="${HYDRA_PUBLIC_URL:-${OATHKEEPER_PUBLIC_URL%/}/oidc}"
|
HYDRA_PUBLIC_URL="${HYDRA_PUBLIC_URL:-${OATHKEEPER_PUBLIC_URL%/}/oidc}"
|
||||||
KRATOS_UI_URL="${KRATOS_UI_URL:-http://localhost:5000}"
|
KRATOS_UI_URL="${KRATOS_UI_URL:-http://localhost:5000}"
|
||||||
ADMINFRONT_CALLBACK_URLS="${ADMINFRONT_CALLBACK_URLS:-http://localhost:5173/auth/callback}"
|
ADMINFRONT_URL="${ADMINFRONT_URL:-http://172.16.10.176:5173}"
|
||||||
DEVFRONT_CALLBACK_URLS="${DEVFRONT_CALLBACK_URLS:-http://localhost:5174/callback}"
|
DEVFRONT_URL="${DEVFRONT_URL:-http://172.16.10.176:5174}"
|
||||||
|
ADMINFRONT_CALLBACK_URLS="${ADMINFRONT_CALLBACK_URLS:-http://172.16.10.176:5173/auth/callback}"
|
||||||
|
DEVFRONT_CALLBACK_URLS="${DEVFRONT_CALLBACK_URLS:-http://172.16.10.176:5174/auth/callback}"
|
||||||
KRATOS_ALLOWED_RETURN_URLS_EXTRA="${KRATOS_ALLOWED_RETURN_URLS_EXTRA:-}"
|
KRATOS_ALLOWED_RETURN_URLS_EXTRA="${KRATOS_ALLOWED_RETURN_URLS_EXTRA:-}"
|
||||||
|
|
||||||
declare -a WARNINGS=()
|
declare -a WARNINGS=()
|
||||||
@@ -382,12 +384,21 @@ run_validation() {
|
|||||||
validate_dotenv_line_safety "HYDRA_PUBLIC_URL"
|
validate_dotenv_line_safety "HYDRA_PUBLIC_URL"
|
||||||
validate_dotenv_line_safety "KRATOS_BROWSER_URL"
|
validate_dotenv_line_safety "KRATOS_BROWSER_URL"
|
||||||
validate_dotenv_line_safety "KRATOS_UI_URL"
|
validate_dotenv_line_safety "KRATOS_UI_URL"
|
||||||
|
validate_dotenv_line_safety "ADMINFRONT_URL"
|
||||||
|
validate_dotenv_line_safety "DEVFRONT_URL"
|
||||||
validate_dotenv_line_safety "ADMINFRONT_CALLBACK_URLS"
|
validate_dotenv_line_safety "ADMINFRONT_CALLBACK_URLS"
|
||||||
validate_dotenv_line_safety "DEVFRONT_CALLBACK_URLS"
|
validate_dotenv_line_safety "DEVFRONT_CALLBACK_URLS"
|
||||||
|
|
||||||
|
if [[ -n "$ADMINFRONT_URL" ]]; then
|
||||||
|
validate_urls "ADMINFRONT_URL" "$ADMINFRONT_URL"
|
||||||
|
fi
|
||||||
|
if [[ -n "$DEVFRONT_URL" ]]; then
|
||||||
|
validate_urls "DEVFRONT_URL" "$DEVFRONT_URL"
|
||||||
|
fi
|
||||||
|
|
||||||
collect_values
|
collect_values
|
||||||
validate_callback_group "ADMINFRONT_CALLBACK_URLS" "/auth/callback" "${ADMIN_CALLBACKS[@]}"
|
validate_callback_group "ADMINFRONT_CALLBACK_URLS" "/auth/callback" "${ADMIN_CALLBACKS[@]}"
|
||||||
validate_callback_group "DEVFRONT_CALLBACK_URLS" "/callback" "${DEV_CALLBACKS[@]}"
|
validate_callback_group "DEVFRONT_CALLBACK_URLS" "/auth/callback" "${DEV_CALLBACKS[@]}"
|
||||||
validate_gateway_mapping
|
validate_gateway_mapping
|
||||||
build_allowed_return_urls
|
build_allowed_return_urls
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user