From aecd564f7bbf163f52eaae9984d5f9a96ffff51b Mon Sep 17 00:00:00 2001 From: carla Date: Tue, 24 Jun 2025 09:52:17 +0200 Subject: [PATCH] review(env): shift secret to env file and added logger --- .gitignore | 3 +++ Justfile | 2 ++ config/dev.exs | 2 +- config/runtime.exs | 2 ++ docker-compose.yml | 10 +++++++++- lib/accounts/user.ex | 2 ++ lib/mv_web/controllers/auth_controller.ex | 2 ++ 7 files changed, 21 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index 040944d..eef8464 100644 --- a/.gitignore +++ b/.gitignore @@ -36,3 +36,6 @@ npm-debug.log /assets/node_modules/ .cursor + +# Ignore the .env file with env variables +.env diff --git a/Justfile b/Justfile index 19a93bf..26db3bc 100644 --- a/Justfile +++ b/Justfile @@ -1,3 +1,5 @@ +set dotenv-load := true + run: install-dependencies start-database migrate-database seed-database mix phx.server diff --git a/config/dev.exs b/config/dev.exs index 038af99..af6e92c 100644 --- a/config/dev.exs +++ b/config/dev.exs @@ -93,5 +93,5 @@ config :mv, :token_signing_secret, "IwUwi65TrEeExwBXXFPGm2I7889NsL" config :mv, :rauthy, client_id: "mv", base_url: "http://localhost:8080/auth/v1", - client_secret: "GWGkEWBLRAzZruXhipQKSjeaOtwZtKdETBABHLAXVoqrhsJoXUOsIDfNVOXCQUEv", + client_secret: System.get_env("OIDC_CLIENT_SECRET"), redirect_uri: "http://localhost:4000/auth/user/rauthy/callback" diff --git a/config/runtime.exs b/config/runtime.exs index e591590..264ae16 100644 --- a/config/runtime.exs +++ b/config/runtime.exs @@ -53,6 +53,8 @@ if config_env() == :prod do config :mv, :dns_cluster_query, System.get_env("DNS_CLUSTER_QUERY") + config :mv, :rauthy, redirect_uri: "http://localhost:4000/auth/user/rauthy/callback" + config :mv, MvWeb.Endpoint, url: [host: host, port: 443, scheme: "https"], http: [ diff --git a/docker-compose.yml b/docker-compose.yml index 7fed5d7..c41cc71 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -33,12 +33,14 @@ services: rauthy: container_name: rauthy-test - image: ghcr.io/sebadob/rauthy:latest + image: ghcr.io/sebadob/rauthy:0.30.2 environment: - LOCAL_TEST=true - SMTP_URL=mailcrab - SMTP_PORT=1025 - SMTP_DANGER_INSECURE=true + - LISTEN_SCHEME=http + - PUB_URL=localhost:8080 - BOOTSTRAP_ADMIN_PASSWORD_PLAIN=RauthyTest12345 #- HIQLITE=false #- PG_HOST=db @@ -54,7 +56,13 @@ services: networks: - rauthy-test - local + volumes: + - type: volume + source: rauthy-data + target: /app/data volumes: postgres-data: + rauthy-data: + diff --git a/lib/accounts/user.ex b/lib/accounts/user.ex index 009b5a1..7f34bcb 100644 --- a/lib/accounts/user.ex +++ b/lib/accounts/user.ex @@ -24,6 +24,7 @@ defmodule Mv.Accounts.User do token_resource Mv.Accounts.Token require_token_presence_for_authentication? true store_all_tokens? true + #signing_algorithm "EdDSA" -> https://git.local-it.org/local-it/mitgliederverwaltung/issues/87 signing_secret fn _, _ -> {:ok, Application.get_env(:mv, :token_signing_secret)} @@ -38,6 +39,7 @@ defmodule Mv.Accounts.User do client_secret Mv.Secrets auth_method :client_secret_jwt code_verifier true + #id_token_signed_response_alg "EdDSA" #-> https://git.local-it.org/local-it/mitgliederverwaltung/issues/87 end password :password do diff --git a/lib/mv_web/controllers/auth_controller.ex b/lib/mv_web/controllers/auth_controller.ex index 613c8d1..2861d73 100644 --- a/lib/mv_web/controllers/auth_controller.ex +++ b/lib/mv_web/controllers/auth_controller.ex @@ -1,3 +1,4 @@ +require Logger defmodule MvWeb.AuthController do use MvWeb, :controller use AshAuthentication.Phoenix.Controller @@ -22,6 +23,7 @@ defmodule MvWeb.AuthController do end def failure(conn, activity, reason) do + Logger.error(%{conn: conn, reason: reason}) message = case {activity, reason} do {_,