review(env): shift secret to env file and added logger

2025-06-24 09:52:17 +02:00 · 2025-06-24 09:52:17 +02:00 · cc51763a6e
commit cc51763a6e
parent b796746a45
7 changed files with 21 additions and 2 deletions
--- a/.gitignore
+++ b/.gitignore
@ -36,3 +36,6 @@ npm-debug.log
 /assets/node_modules/
 .cursor
 # Ignore the .env file with env variables
 .env
--- a/2
+++ b/2
@ -1,3 +1,5 @@
 set dotenv-load := true
 run: install-dependencies start-database migrate-database seed-database
    mix phx.server
--- a/config/dev.exs
+++ b/config/dev.exs
@ -93,5 +93,5 @@ config :mv, :token_signing_secret, "IwUwi65TrEeExwBXXFPGm2I7889NsL"
 config :mv, :rauthy,
  client_id: "mv",
  base_url: "http://localhost:8080/auth/v1",
-  client_secret: "GWGkEWBLRAzZruXhipQKSjeaOtwZtKdETBABHLAXVoqrhsJoXUOsIDfNVOXCQUEv",
+  client_secret: System.get_env("OIDC_CLIENT_SECRET"),
  redirect_uri: "http://localhost:4000/auth/user/rauthy/callback"
--- a/config/runtime.exs
+++ b/config/runtime.exs
@ -53,6 +53,8 @@ if config_env() == :prod do
  config :mv, :dns_cluster_query, System.get_env("DNS_CLUSTER_QUERY")
  config :mv, :rauthy, redirect_uri: "http://localhost:4000/auth/user/rauthy/callback"
  config :mv, MvWeb.Endpoint,
    url: [host: host, port: 443, scheme: "https"],
    http: [
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -33,12 +33,14 @@ services:
  rauthy:
    container_name: rauthy-test
-    image: ghcr.io/sebadob/rauthy:latest
+    image: ghcr.io/sebadob/rauthy:0.30.2
    environment:
      - LOCAL_TEST=true
      - SMTP_URL=mailcrab
      - SMTP_PORT=1025
      - SMTP_DANGER_INSECURE=true
      - LISTEN_SCHEME=http
      - PUB_URL=localhost:8080
      - BOOTSTRAP_ADMIN_PASSWORD_PLAIN=RauthyTest12345
      #- HIQLITE=false
      #- PG_HOST=db
@ -54,7 +56,13 @@ services:
    networks:
      - rauthy-test
      - local
    volumes: 
      - type: volume 
        source: rauthy-data 
        target: /app/data
 volumes:
  postgres-data:
  rauthy-data:
--- a/lib/accounts/user.ex
+++ b/lib/accounts/user.ex
@ -24,6 +24,7 @@ defmodule Mv.Accounts.User do
      token_resource Mv.Accounts.Token
      require_token_presence_for_authentication? true
      store_all_tokens? true
      #signing_algorithm "EdDSA" -> https://git.local-it.org/local-it/mitgliederverwaltung/issues/87
      signing_secret fn _, _ ->
        {:ok, Application.get_env(:mv, :token_signing_secret)}
@ -38,6 +39,7 @@ defmodule Mv.Accounts.User do
        client_secret Mv.Secrets
        auth_method :client_secret_jwt
        code_verifier true
        #id_token_signed_response_alg "EdDSA" #-> https://git.local-it.org/local-it/mitgliederverwaltung/issues/87
      end
      password :password do
--- a/lib/mv_web/controllers/auth_controller.ex
+++ b/lib/mv_web/controllers/auth_controller.ex
@ -1,3 +1,4 @@
 require Logger
 defmodule MvWeb.AuthController do
  use MvWeb, :controller
  use AshAuthentication.Phoenix.Controller
@ -22,6 +23,7 @@ defmodule MvWeb.AuthController do
  end
  def failure(conn, activity, reason) do
    Logger.error(%{conn: conn, reason: reason})
    message =
      case {activity, reason} do
        {_,