Skip to content

This issue was moved to a discussion.

You can continue the conversation there. Go to discussion →

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

workspace get_by_domain isn't compatible with docker-compose networking #249

Closed
dearlordylord opened this issue Aug 6, 2023 · 4 comments
Closed

workspace get_by_domain isn't compatible with docker-compose networking #249

dearlordylord opened this issue Aug 6, 2023 · 4 comments
Labels
bug Something isn't working

Comments

@dearlordylord
Copy link

dearlordylord commented Aug 6, 2023
edited

Describe the bug

fief/fief/repositories/workspace.py

Line 24 in 6df2773

async def get_by_domain(self, domain: str) -> Workspace | None:

admin api call cannot identify any domain except the given with ROOT_DOMAIN/FIEF_DOMAIN on setup (i.e. localhost is recognized, but inner docker-compose domains are not)

To Reproduce

docker-compose.yml: (note: env secrets are generated for testing and are not my production secrets)

version: '2'

services:
  fief: # generate from the above ^
    image: ghcr.io/fief-dev/fief:latest
    ports:
      - '8000:8000'
    environment:
      - SECRET=XXX
      - FIEF_CLIENT_ID=XXX
      - FIEF_CLIENT_SECRET=XXX
      - ENCRYPTION_KEY=XXX=
      - FIEF_MAIN_ADMIN_API_KEY=ACAB
      - PORT=8000
      - ROOT_DOMAIN=localhost:8000
      - FIEF_DOMAIN=localhost:8000
      - FIEF_MAIN_USER_EMAIL=admin@popug.io
      - FIEF_MAIN_USER_PASSWORD=admin@popug.io
      - CSRF_COOKIE_SECURE=False
      - SESSION_DATA_COOKIE_SECURE=False
      - USER_LOCALE_COOKIE_SECURE=False
      - LOGIN_HINT_COOKIE_SECURE=False
      - LOGIN_SESSION_COOKIE_SECURE=False
      - REGISTRATION_SESSION_COOKIE_SECURE=False
      - SESSION_COOKIE_SECURE=False
      - FIEF_ADMIN_SESSION_COOKIE_SECURE=False

  fiefsetup:
    image: curlimages/curl:latest
    depends_on:
      - fief
    restart: "no"
    environment:
      FIEF_API_KEY: "ACAB"
    entrypoint:
      - "/bin/sh"
      - "-c"
      - |
        curl \
        -X GET \
        -H "Authorization: Bearer ${FIEF_API_KEY}" \
        http://fief:8000/admin/api/users/ && echo "\n"

-> run -> get CANT_DETERMINE_VALID_WORKSPACE error

however, run the same curl command from the host machine with http://localhost:8000/admin/api/users/ and it finds the workspace

Expected behavior

I expect it to understand default workspace with whatever root domain it's accessed from

Configuration

self-hosted, as per https://docs.fief.dev/self-hosting/quickstart/ but FIEF_MAIN_ADMIN_API_KEY=ACAB added

Additional context

For context, the main point of why I'm doing this call from inside docker-compose is that I'd like to setup some default schema, namely a field for users, that I'd like to do through admin API automatically on docker setup
@dearlordylord dearlordylord added the bug Something isn't working label Aug 6, 2023
@fief-bailiff
Copy link

fief-bailiff bot commented Aug 6, 2023

Hail, @Firfi 👋

I've noticed you shared secret values: SECRET, FIEF_CLIENT_ID, FIEF_CLIENT_SECRET, ENCRYPTION_KEY. Those are highly sensitive and you should keep them secret.

For your security, I've taken the liberty to replace them with dummy values.

@fief-bailiff
Copy link

fief-bailiff bot commented Aug 6, 2023

Hail, @Firfi 👋 Welcome to Fief's kingdom!

Our team will get back to you very soon to help.

In the meantime, take a minute to star our repository ⭐️

star-fief

Farewell!

@dearlordylord
Copy link
Author

Hail, @Firfi 👋

I've noticed you shared secret values: SECRET, FIEF_CLIENT_ID, FIEF_CLIENT_SECRET, ENCRYPTION_KEY. Those are highly sensitive and you should keep them secret.

For your security, I've taken the liberty to replace them with dummy values.

they were really all right to share and I was aware, but all right.

@dearlordylord
Copy link
Author

network_mode: host solves the issue but isn't desirable

@fief-dev fief-dev locked and limited conversation to collaborators Aug 8, 2023
@frankie567 frankie567 converted this issue into discussion #250 Aug 8, 2023

This issue was moved to a discussion.

You can continue the conversation there. Go to discussion →

Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@dearlordylord