diff --git a/.gitpod.yml b/.gitpod.yml
index 4204e95a172a5663118be8a253da23613bb871d4..06fa2f690bfbf589d8572ff7818c03406b7dc68d 100644
--- a/.gitpod.yml
+++ b/.gitpod.yml
@@ -30,15 +30,27 @@ tasks:
npm run start
ports:
- - port: 8065 # Enketo Express
+ - port: 8065
onOpen: ignore
visibility: public
- - port: 3006 # Form Manager
+ description: Enketo Express
+
+ - port: 3006
onOpen: ignore
visibility: public
- - port: 3000 # React Wrapper
+ description: Form Manager
+
+ - port: 3000
onOpen: ignore
visibility: public
- - port: 8080 # React Wrapper
+ description: React Wrapper
+
+ - port: 8080
onOpen: ignore
- visibility: public
\ No newline at end of file
+ visibility: public
+ description: Hasura
+
+ - port: 9011
+ onOpen: ignore
+ visibility: public
+ description: Fusion Auth
\ No newline at end of file
diff --git a/docker-compose.gitpod.yaml b/docker-compose.gitpod.yaml
index 635413efa23e48e3a36d11856ef0f900f5e21483..e6b9a12b2d9bc5af342e415b14940310e96a3263 100644
--- a/docker-compose.gitpod.yaml
+++ b/docker-compose.gitpod.yaml
@@ -66,6 +66,9 @@ services:
FUSIONAUTH_APP_URL: http://fusionauth:9011
SEARCH_SERVERS: http://search:9200
SEARCH_TYPE: elasticsearch
+ FUSIONAUTH_APP_KICKSTART_FILE: /usr/local/fusionauth/kickstarts/kickstart.json
+ env_file:
+ - ./fusionauth.env
volumes:
- fa-config:/usr/local/fusionauth/config
- ./kickstart:/usr/local/fusionauth/kickstarts
@@ -124,7 +127,7 @@ services:
- HASURA_GRAPHQL_MIGRATIONS_DISABLE_TRANSACTION=true
- HASURA_GRAPHQL_CONSOLE_ASSETS_DIR=/srv/console-assets
- HASURA_GRAPHQL_ADMIN_SECRET=myadminsecretkey
- - HASURA_GRAPHQL_JWT_SECRET={"type":"RS256","jwk_url":"https://auth.konnect.samagra.io/.well-known/jwks.json"}
+ - HASURA_GRAPHQL_JWT_SECRET={"type":"RS256","jwk_url":"http://fusionauth/.well-known/jwks.json"}
networks:
db_net:
diff --git a/fusionauth.env b/fusionauth.env
new file mode 100644
index 0000000000000000000000000000000000000000..f4170797f4121f73b92b98ca27aac98595e1deaf
--- /dev/null
+++ b/fusionauth.env
@@ -0,0 +1,13 @@
+FUSIONAUTH_API_KEY=testkeytestkeytestkey
+FUSIONAUTH_ADMIN_PASSWORD=adminadminadmin
+FUSIONAUTH_ADMIN_EMAIL=admin@samagragovernance.in
+APPLICATION_NAME=Affiliation
+MEDICAL_USER_EMAIL=med@samagragovernance.in
+MEDICAL_USER_PASSWORD=medmedmedmedmed
+NON_MEDICAL_USER_EMAIL=nonmed@samagragovernance.in
+NON_MEDICAL_USER_PASSWORD=nonmednonmednonmed
+APPLICATION_ADMIN_EMAIL=adminmed@samagragovernance.in
+APPLICATION_ADMIN_PASSWORD=adminmedadminmedadminmed
+LAMBDA_NAME=Affiliation
+APPLICATION_ID_TOKEN_SIGNING_KEY="Id token signing key generated for application Affiliation"
+APPLICATION_ACCESS_TOKEN_SIGNING_KEY="Access token signing key generated for application Affiliation"
\ No newline at end of file
diff --git a/kickstart/kickstart.json b/kickstart/kickstart.json
index 2f4a8de47b06e3b8f62c3cebb0fd4158bc698f11..7c38de8a81b5d2b8d39fe2b739c66c8734ccfd60 100644
--- a/kickstart/kickstart.json
+++ b/kickstart/kickstart.json
@@ -2,7 +2,21 @@
"variables": {
"apiKey": "#{ENV.FUSIONAUTH_API_KEY}",
"adminPassword": "#{ENV.FUSIONAUTH_ADMIN_PASSWORD}",
- "adminEmail": "#{ENV.FUSIONAUTH_ADMIN_EMAIL}"
+ "adminEmail": "#{ENV.FUSIONAUTH_ADMIN_EMAIL}",
+ "applicationName": "#{ENV.APPLICATION_NAME}",
+ "applicationUUID": "#{UUID()}",
+ "medicalUserEmail": "#{ENV.MEDICAL_USER_EMAIL}",
+ "medicalUserPassword": "#{ENV.MEDICAL_USER_PASSWORD}",
+ "nonMedicalUserEmail": "#{ENV.NON_MEDICAL_USER_EMAIL}",
+ "nonMedicalUserPassword": "#{ENV.NON_MEDICAL_USER_PASSWORD}",
+ "applicationAdminEmail": "#{ENV.APPLICATION_ADMIN_EMAIL}",
+ "applicationAdminPassword": "#{ENV.APPLICATION_ADMIN_PASSWORD}",
+ "lambdaName": "#{ENV.LAMBDA_NAME}",
+ "lambdaUUID": "#{UUID()}",
+ "applicationIDTokenSigningKeyName": "#{ENV.APPLICATION_ID_TOKEN_SIGNING_KEY}",
+ "applicationIDTokenSigningKeyUUID": "#{UUID()}",
+ "applicationAccessTokenSigningKeyName": "#{ENV.APPLICATION_ACCESS_TOKEN_SIGNING_KEY}",
+ "applicationAccessTokenSigningKeyUUID": "#{UUID()}"
},
"apiKeys": [
{
@@ -25,6 +39,142 @@
]
}
}
+ },
+ {
+ "method": "POST",
+ "url": "/api/key/generate/#{applicationIDTokenSigningKeyUUID}",
+ "body": {
+ "key": {
+ "algorithm": "RS256",
+ "name": "#{applicationIDTokenSigningKeyName}",
+ "length": "2048"
+ }
+ }
+ },
+ {
+ "method": "POST",
+ "url": "/api/key/generate/#{applicationAccessTokenSigningKeyUUID}",
+ "body": {
+ "key": {
+ "algorithm": "RS256",
+ "name": "#{applicationAccessTokenSigningKeyName}",
+ "length": "2048"
+ }
+ }
+ },
+ {
+ "method": "POST",
+ "url": "/api/lambda/#{lambdaUUID}",
+ "body": {
+ "lambda": {
+ "body":"function populate(jwt, user, registration) {\n applicationId = registration.applicationId || null;\n claims = {\n 'x-hasura-allowed-roles': ['Medical', 'Non-Medical', 'Admin']\n };\n\n if (applicationId) {\n user.registrations.map(function (reg) {\n claims['x-hasura-user-id'] = '1';\n claims['x-hasura-default-role'] = 'Medical';\n if (reg.applicationId === applicationId && Array.isArray(reg.roles)) {\n if (reg.roles.indexOf('Admin') >= 0) {\n claims['x-hasura-default-role'] = 'Admin';\n } else if (reg.roles.indexOf('Medical') >= 0) {\n claims['x-hasura-default-role'] = 'Medical';\n } else if (reg.roles.indexOf('Non-Medical') >= 0) {\n claims['x-hasura-default-role'] = 'Non-Medical';\n }\n }\n });\n }\n\n jwt['https://hasura.io/jwt/claims'] = claims;\n}",
+ "engineType": "GraalJS",
+ "name": "#{lambdaName}",
+ "type": "JWTPopulate"
+ }
+ }
+ },
+ {
+ "method": "POST",
+ "url": "/api/application/#{applicationUUID}",
+ "tenantId": "#{FUSIONAUTH_TENANT_ID}",
+ "body": {
+ "application": {
+ "name": "#{applicationName}",
+ "oauthConfiguration": {
+ "enabledGrants": ["authorization_code", "refresh_token"],
+ "generateRefreshTokens": true
+ },
+ "loginConfiguration": {
+ "allowTokenRefresh": true,
+ "generateRefreshTokens": true,
+ "enableJwtRefresh": true
+ },
+ "jwtConfiguration": {
+ "enabled": true,
+ "idTokenKeyId": "#{applicationIDTokenSigningKeyUUID}",
+ "accessTokenKeyId": "#{applicationAccessTokenSigningKeyUUID}"
+ },
+ "lambdaConfiguration": {
+ "accessTokenPopulateId": "#{lambdaUUID}"
+ }
+ }
+ }
+ },
+ {
+ "method": "POST",
+ "url": "/api/application/#{applicationUUID}/role",
+ "body": {
+ "role": {
+ "name": "Admin"
+ }
+ }
+ },
+ {
+ "method": "POST",
+ "url": "/api/application/#{applicationUUID}/role",
+ "body": {
+ "role": {
+ "name": "Medical"
+ }
+ }
+ },
+ {
+ "method": "POST",
+ "url": "/api/application/#{applicationUUID}/role",
+ "body": {
+ "role": {
+ "name": "Non-Medical"
+ }
+ }
+ },
+ {
+ "method": "POST",
+ "url": "/api/user/registration",
+ "body": {
+ "user": {
+ "email": "#{applicationAdminEmail}",
+ "password": "#{applicationAdminPassword}"
+ },
+ "registration": {
+ "applicationId": "#{applicationUUID}",
+ "roles": [
+ "Admin"
+ ]
+ }
+ }
+ },
+ {
+ "method": "POST",
+ "url": "/api/user/registration",
+ "body": {
+ "user": {
+ "email": "#{medicalUserEmail}",
+ "password": "#{medicalUserPassword}"
+ },
+ "registration": {
+ "applicationId": "#{applicationUUID}",
+ "roles": [
+ "Medical"
+ ]
+ }
+ }
+ },
+ {
+ "method": "POST",
+ "url": "/api/user/registration",
+ "body": {
+ "user": {
+ "email": "#{nonMedicalUserEmail}",
+ "password": "#{nonMedicalUserPassword}"
+ },
+ "registration": {
+ "applicationId": "#{applicationUUID}",
+ "roles": [
+ "Non-Medical"
+ ]
+ }
+ }
}
]
}
\ No newline at end of file