dashboard/README.md

# Stackspin dashboard backend

Backend for the [Stackspin dashboard](https://open.greenhost.net/stackspin/dashboard)

## Login application

Apart from the dashboard backend this repository contains a flask application
that functions as the identity provider, login, consent and logout endpoints
for the OpenID Connect (OIDC) process.
The application relies on the following components:

 - **Hydra**: Hydra is an open source OIDC server.
   It means applications can connect to Hydra to start a session with a user.
   Hydra provides the application with the username
   and other roles/claims for the application.
   Hydra is developed by Ory and has security as one of their top priorities.

 - **Kratos**: This is Identity Manager
   and contains all the user profiles and secrets (passwords).
   Kratos is designed to work mostly between UI (browser) and kratos directly,
   over a public API endpoint.
   Authentication, form-validation, etc. are all handled by Kratos.
   Kratos only provides an API and not UI itself.
   Kratos provides an admin API as well,
   which is only used from the server-side flask app to create/delete users.

 - **MariaDB**: The login application, as well as Hydra and Kratos, need to store data.
   This is done in a MariaDB database server.
   There is one instance with three databases.
   As all databases are very small we do not foresee resource limitation problems.

If Hydra hits a new session/user, it has to know if this user has access.
To do so, the user has to login through a login application.
This application is developed by the Stackspin team (Greenhost)
and is part of this repository.
It is a Python Flask application
The application follows flows defined in Kratos,
and as such a lot of the interaction is done in the web-browser,
rather then server-side.
As a result,
the login application has a UI component which relies heavily on JavaScript.
As this is a relatively small application,
it is based on traditional Bootstrap + JQuery.

# Development

To develop the Dashboard,
you need a Stackspin cluster that is set up as a development environment.
Follow the instructions [in the dashboard-dev-overrides
repository](https://open.greenhost.net/stackspin/dashboard-dev-overrides#dashboard-dev-overrides)
in order to set up a development-capable cluster.
The end-points for the Dashboard,
as well as Kratos and Hydra, will point to `http://stackspin_proxy:8081` in that cluster.
As a result, you can run components using the `docker-compose` file in
this repository, and still log into Stackspin applications that run on the cluster.


## Setting up the local development environment

After this process is finished, the following will run locally:

- The [dashboard](https://open.greenhost.net/stackspin/dashboard)
- The
  [dashboard-backend](https://open.greenhost.net/stackspin/dashboard-backend)

The following will be available locally through a proxy and port-forwards:

- Hydra admin
- Kratos admin and public
- The MariaDB database connections

These need to be available locally, because Kratos wants to run on the same
domain as the front-end that serves the login interface.


### 1. Setup hosts file

The application will run on `http://stackspin_proxy`. Add the following line to
`/etc/hosts` to be able to access that from your browser:

```
127.0.0.1	stackspin_proxy
```

### 2. Kubernetes access

The script needs you to have access to the Kubernetes cluster that runs
Stackspin. Point the `KUBECONFIG` environment variable to a kubectl config. That
kubeconfig will be mounted inside docker containers, so also make sure your
Docker user can read it.

### 3. Run it all

Now, run this script that sets a few environment variables based on what is in
your cluster secrets, and starts `docker-compose` to start a reverse proxy as
well as the flask application in this repository.

```
./run_app.sh
```

### 4. Front-end developmenet

Start the [dashboard front-end app](https://open.greenhost.net/stackspin/dashboard/#yarn-start).