-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
a3073bc
commit 88fc93e
Showing
15 changed files
with
452 additions
and
43 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,26 +1,38 @@ | ||
[ | ||
{ | ||
"subjects": ["admin"], | ||
"subjects": ["admin", "secy", "coordi"], | ||
"resources": ["courses", "files"], | ||
"actions": ["delete", "create"], | ||
"actions": ["create", "modify"], | ||
"effect": "allow" | ||
}, | ||
{ | ||
"subjects": ["admin", "user"], | ||
"resources": ["courses"], | ||
"subjects": ["admin", "coordi"], | ||
"resources": ["courses", "files"], | ||
"actions": ["delete"], | ||
"effect": "allow" | ||
}, | ||
{ | ||
"subjects": ["admin", "user", "secy", "coordi"], | ||
"resources": ["courses", "files"], | ||
"actions": ["read"], | ||
"effect": "allow" | ||
}, | ||
{ | ||
"subjects": ["admin"], | ||
"subjects": ["admin", "secy", "coordi"], | ||
"resources": ["cpanel"], | ||
"actions": ["login"], | ||
"effect": "allow" | ||
}, | ||
{ | ||
"subjects": ["admin", "user"], | ||
"subjects": ["admin", "user", "secy", "coordi"], | ||
"resources": ["portal"], | ||
"actions": ["login"], | ||
"effect": "allow" | ||
}, | ||
{ | ||
"subjects": ["admin", "coordi"], | ||
"resources": ["coordi", "secy"], | ||
"actions": ["create", "delete"], | ||
"effect": "allow" | ||
} | ||
] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,54 @@ | ||
session: | ||
lifespan: 24h | ||
serve: | ||
public: | ||
base_url: http://127.0.0.1:3001/.ory/kratos/public | ||
admin: | ||
base_url: http://kratos:4434/ | ||
selfservice: | ||
default_browser_return_url: http://127.0.0.1:3000/ | ||
whitelisted_return_urls: | ||
- http://127.0.0.1:3000 | ||
flows: | ||
error: | ||
ui_url: http://127.0.0.1:3000/error | ||
settings: | ||
ui_url: http://127.0.0.1:3000/settings | ||
privileged_session_max_age: 15m | ||
recovery: | ||
enabled: true | ||
ui_url: http://127.0.0.1:3000/recovery | ||
verification: | ||
enabled: true | ||
ui_url: http://127.0.0.1:3000/verify | ||
after: | ||
default_browser_return_url: http://127.0.0.1:3000/ | ||
logout: | ||
after: | ||
default_browser_return_url: http://127.0.0.1:3000/ | ||
login: | ||
ui_url: http://127.0.0.1:3000/login | ||
registration: | ||
ui_url: http://127.0.0.1:3000/registration | ||
after: | ||
password: | ||
hooks: | ||
- hook: session | ||
log: | ||
level: debug | ||
leak_sensitive_values: true | ||
secrets: | ||
cookie: | ||
- PLEASE-CHANGE-ME-I-AM-VERY-INSECURE | ||
hashers: | ||
argon2: | ||
parallelism: 1 | ||
memory: 131072 | ||
iterations: 2 | ||
salt_length: 16 | ||
key_length: 16 | ||
identity: | ||
default_schema_url: file:///etc/config/kratos/identity.traits.schema.json | ||
courier: | ||
smtp: | ||
connection_uri: smtps://anc.courses@gmail.com:AnC@2020@smtp.gmail.com:465/?skip_ssl_verify=true |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,34 @@ | ||
{ | ||
"$id": "https://schemas.ory.sh/presets/kratos/quickstart/email-password/identity.schema.json", | ||
"$schema": "http://json-schema.org/draft-07/schema#", | ||
"title": "Person", | ||
"type": "object", | ||
"properties": { | ||
"traits": { | ||
"type": "object", | ||
"properties": { | ||
"email": { | ||
"type": "string", | ||
"format": "email", | ||
"title": "E-Mail", | ||
"minLength": 3, | ||
"ory.sh/kratos": { | ||
"credentials": { | ||
"password": { | ||
"identifier": true | ||
} | ||
}, | ||
"verification": { | ||
"via": "email" | ||
}, | ||
"recovery": { | ||
"via": "email" | ||
} | ||
} | ||
} | ||
}, | ||
"required": ["email"], | ||
"additionalProperties": false | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,14 +1,45 @@ | ||
server { | ||
listen $PORT; | ||
listen 3001; | ||
proxy_hide_header "Access-Control-Allow-Origin"; | ||
add_header 'Access-Control-Allow-Origin' 'http://127.0.0.1:3000' always; | ||
add_header 'Access-Control-Allow-Credentials' 'true' always; | ||
add_header 'Access-Control-Allow-Headers' 'Authorization,Accept,Origin,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range' always; | ||
add_header 'Access-Control-Allow-Methods' 'GET,POST,OPTIONS,PUT,DELETE,PATCH' always; | ||
|
||
location / { | ||
proxy_set_header Host $host; | ||
proxy_set_header X-Forwarded-For $remote_addr; | ||
proxy_set_header X-Forwarded-Proto $scheme; | ||
proxy_set_header X-Real-IP $remote_addr; | ||
proxy_pass http://127.0.0.1:4433; | ||
if ($request_method = 'OPTIONS') { | ||
add_header 'Access-Control-Max-Age' 1728000; | ||
add_header 'Content-Type' 'text/plain; charset=utf-8'; | ||
add_header 'Content-Length' 0; | ||
return 204; | ||
} | ||
proxy_set_header Host $host; | ||
proxy_set_header X-Forwarded-For $remote_addr; | ||
proxy_set_header X-Forwarded-Proto $scheme; | ||
proxy_set_header X-Real-IP $remote_addr; | ||
proxy_http_version 1.1; | ||
proxy_set_header Upgrade $http_upgrade; | ||
proxy_set_header Connection 'upgrade'; | ||
proxy_cache_bypass $http_upgrade; | ||
proxy_pass http://oathkeeper:4455; | ||
} | ||
|
||
access_log /var/log/nginx/gateway.access.log main; | ||
error_log /var/log/nginx/gateway.error.log; | ||
# location = /.commento { | ||
# return 302 /.commento/; | ||
# } | ||
|
||
# location = /.commento/ { | ||
# proxy_set_header Host $host; | ||
# proxy_set_header X-Forwarded-For $remote_addr; | ||
# proxy_set_header X-Forwarded-Proto $scheme; | ||
# proxy_set_header X-Real-IP $remote_addr; | ||
# proxy_http_version 1.1; | ||
# proxy_set_header Upgrade $http_upgrade; | ||
# proxy_set_header Connection 'upgrade'; | ||
# proxy_cache_bypass $http_upgrade; | ||
# proxy_pass http://commento:8080/; | ||
# } | ||
|
||
access_log /var/log/nginx/gateway.access.log main; | ||
error_log /var/log/nginx/gateway.error.log; | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,73 @@ | ||
- id: "ory:kratos:public" | ||
upstream: | ||
preserve_host: true | ||
url: "http://kratos:4433" | ||
strip_path: /.ory/kratos/public | ||
match: | ||
url: "http://<**>/.ory/kratos/public/<**>" | ||
methods: | ||
- GET | ||
- POST | ||
- PUT | ||
- DELETE | ||
- PATCH | ||
authenticators: | ||
- handler: noop | ||
authorizer: | ||
handler: allow | ||
mutators: | ||
- handler: noop | ||
|
||
- id: "ory:kratos-ss-ui-react:anonymous" | ||
upstream: | ||
preserve_host: true | ||
url: "http://kratos-ss-ui-react:4435" | ||
match: | ||
url: "http://127.0.0.1:4455/<{error,recovery,verify,auth/*,**.css,**.js}{/,}>" | ||
methods: | ||
- GET | ||
authenticators: | ||
- handler: anonymous | ||
authorizer: | ||
handler: allow | ||
mutators: | ||
- handler: noop | ||
|
||
- id: "ory:kratos-ss-ui-react:protected" | ||
upstream: | ||
preserve_host: true | ||
url: "http://kratos-ss-ui-react:4435" | ||
match: | ||
url: "http://127.0.0.1:4455/<{,callback,debug,dashboard,settings}>" | ||
methods: | ||
- GET | ||
authenticators: | ||
- handler: cookie_session | ||
authorizer: | ||
handler: allow | ||
mutators: | ||
- handler: id_token | ||
errors: | ||
- handler: redirect | ||
config: | ||
to: http://127.0.0.1:4455/auth/login | ||
|
||
- id: "commento:public" | ||
upstream: | ||
preserve_host: true | ||
url: "http://commento:8080" | ||
# strip_path: /.commento | ||
match: | ||
url: "http://<**>/.commento/<**>" | ||
methods: | ||
- GET | ||
- POST | ||
- PUT | ||
- DELETE | ||
- PATCH | ||
authenticators: | ||
- handler: noop | ||
authorizer: | ||
handler: allow | ||
mutators: | ||
- handler: noop |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
FROM nginx:mainline | ||
RUN apt update && apt install wget -y | ||
RUN wget https://dl.commento.io/release/commento-v1.8.0-linux-glibc-amd64.tar.gz | ||
RUN tar xvf commento-v1.8.0-linux-glibc-amd64.tar.gz -C / | ||
COPY ./.nginx/commento.nginx.conf /etc/nginx/conf.d/default.conf |
Oops, something went wrong.