Merge pull request #29 from tushar5526/fa-kickstart

9e41d9b0 · Chakshu Gautam · GitHub · cb3233d6 · 87018b93 · 9e41d9b0
Unverified Commit 9e41d9b0 authored 2 years ago by Chakshu Gautam Committed by GitHub 2 years ago
Hide whitespace changes
Inline Side-by-side

Showing

with 185 additions and 7 deletions
+185 -7
--- a/.gitpod.yml
+++ b/.gitpod.yml
@@ -30,15 +30,27 @@ tasks:
      npm run start
      
 ports:
-  - port: 8065 # Enketo Express
+  - port: 8065
    onOpen: ignore
    visibility: public
-  - port: 3006 # Form Manager
+    description: Enketo Express
+
+  - port: 3006
    onOpen: ignore
    visibility: public
-  - port: 3000 # React Wrapper
+    description: Form Manager
+
+  - port: 3000 
    onOpen: ignore
    visibility: public
-  - port: 8080 # React Wrapper
+    description: React Wrapper
+
+  - port: 8080
    onOpen: ignore
-    visibility: public
\ No newline at end of file
+    visibility: public
+    description: Hasura
+
+  - port: 9011 
+    onOpen: ignore
+    visibility: public
+    description: Fusion Auth
\ No newline at end of file
--- a/docker-compose.gitpod.yaml
+++ b/docker-compose.gitpod.yaml
@@ -66,6 +66,9 @@ services:
      FUSIONAUTH_APP_URL: http://fusionauth:9011
      SEARCH_SERVERS: http://search:9200
      SEARCH_TYPE: elasticsearch
+      FUSIONAUTH_APP_KICKSTART_FILE: /usr/local/fusionauth/kickstarts/kickstart.json
+    env_file:
+      - ./fusionauth.env
    volumes:
      - fa-config:/usr/local/fusionauth/config
      - ./kickstart:/usr/local/fusionauth/kickstarts
@@ -124,7 +127,7 @@ services:
      - HASURA_GRAPHQL_MIGRATIONS_DISABLE_TRANSACTION=true
      - HASURA_GRAPHQL_CONSOLE_ASSETS_DIR=/srv/console-assets
      - HASURA_GRAPHQL_ADMIN_SECRET=myadminsecretkey
-      - HASURA_GRAPHQL_JWT_SECRET={"type":"RS256","jwk_url":"https://auth.konnect.samagra.io/.well-known/jwks.json"}
+      - HASURA_GRAPHQL_JWT_SECRET={"type":"RS256","jwk_url":"http://fusionauth/.well-known/jwks.json"}

 networks:
  db_net:

--- a/fusionauth.env
+++ b/fusionauth.env
+FUSIONAUTH_API_KEY=testkeytestkeytestkey
+FUSIONAUTH_ADMIN_PASSWORD=adminadminadmin
+FUSIONAUTH_ADMIN_EMAIL=admin@samagragovernance.in
+APPLICATION_NAME=Affiliation
+MEDICAL_USER_EMAIL=med@samagragovernance.in
+MEDICAL_USER_PASSWORD=medmedmedmedmed
+NON_MEDICAL_USER_EMAIL=nonmed@samagragovernance.in
+NON_MEDICAL_USER_PASSWORD=nonmednonmednonmed
+APPLICATION_ADMIN_EMAIL=adminmed@samagragovernance.in
+APPLICATION_ADMIN_PASSWORD=adminmedadminmedadminmed
+LAMBDA_NAME=Affiliation
+APPLICATION_ID_TOKEN_SIGNING_KEY="Id token signing key generated for application Affiliation"
+APPLICATION_ACCESS_TOKEN_SIGNING_KEY="Access token signing key generated for application Affiliation"
\ No newline at end of file
--- a/kickstart/kickstart.json
+++ b/kickstart/kickstart.json
@@ -2,7 +2,21 @@
    "variables": {
        "apiKey": "#{ENV.FUSIONAUTH_API_KEY}",
        "adminPassword": "#{ENV.FUSIONAUTH_ADMIN_PASSWORD}",
-        "adminEmail": "#{ENV.FUSIONAUTH_ADMIN_EMAIL}"
+        "adminEmail": "#{ENV.FUSIONAUTH_ADMIN_EMAIL}",
+        "applicationName": "#{ENV.APPLICATION_NAME}",
+        "applicationUUID": "#{UUID()}",
+        "medicalUserEmail": "#{ENV.MEDICAL_USER_EMAIL}",
+        "medicalUserPassword": "#{ENV.MEDICAL_USER_PASSWORD}",
+        "nonMedicalUserEmail": "#{ENV.NON_MEDICAL_USER_EMAIL}",
+        "nonMedicalUserPassword": "#{ENV.NON_MEDICAL_USER_PASSWORD}",
+        "applicationAdminEmail": "#{ENV.APPLICATION_ADMIN_EMAIL}",
+        "applicationAdminPassword": "#{ENV.APPLICATION_ADMIN_PASSWORD}",
+        "lambdaName": "#{ENV.LAMBDA_NAME}",
+        "lambdaUUID": "#{UUID()}",
+        "applicationIDTokenSigningKeyName": "#{ENV.APPLICATION_ID_TOKEN_SIGNING_KEY}", 
+        "applicationIDTokenSigningKeyUUID": "#{UUID()}", 
+        "applicationAccessTokenSigningKeyName": "#{ENV.APPLICATION_ACCESS_TOKEN_SIGNING_KEY}",
+        "applicationAccessTokenSigningKeyUUID": "#{UUID()}" 
    },
    "apiKeys": [
        {
@@ -25,6 +39,142 @@
                    ]
                }
            }
+        },
+        {
+            "method": "POST",
+            "url": "/api/key/generate/#{applicationIDTokenSigningKeyUUID}",
+            "body": {
+                "key": {
+                    "algorithm": "RS256",
+                    "name": "#{applicationIDTokenSigningKeyName}",
+                    "length": "2048"
+                }
+            }
+        },
+        {
+            "method": "POST",
+            "url": "/api/key/generate/#{applicationAccessTokenSigningKeyUUID}",
+            "body": {
+                "key": {
+                    "algorithm": "RS256",
+                    "name": "#{applicationAccessTokenSigningKeyName}",
+                    "length": "2048"
+                }
+            }
+        },
+        {
+            "method": "POST",
+            "url": "/api/lambda/#{lambdaUUID}",
+            "body": {
+                "lambda": {
+                    "body":"function populate(jwt, user, registration) {\n    applicationId = registration.applicationId || null;\n    claims = {\n        'x-hasura-allowed-roles': ['Medical', 'Non-Medical', 'Admin']\n    };\n\n    if (applicationId) {\n        user.registrations.map(function (reg) {\n            claims['x-hasura-user-id'] = '1';\n            claims['x-hasura-default-role'] = 'Medical';\n            if (reg.applicationId === applicationId && Array.isArray(reg.roles)) {\n                if (reg.roles.indexOf('Admin') >= 0) {\n                    claims['x-hasura-default-role'] = 'Admin';\n                } else if (reg.roles.indexOf('Medical') >= 0) {\n                    claims['x-hasura-default-role'] = 'Medical';\n                } else if (reg.roles.indexOf('Non-Medical') >= 0) {\n                    claims['x-hasura-default-role'] = 'Non-Medical';\n                }\n            }\n        });\n    }\n\n    jwt['https://hasura.io/jwt/claims'] = claims;\n}",
+                    "engineType": "GraalJS",
+                    "name": "#{lambdaName}",
+                    "type": "JWTPopulate"
+                }
+            }
+        },
+        {
+            "method": "POST",
+            "url": "/api/application/#{applicationUUID}",
+            "tenantId": "#{FUSIONAUTH_TENANT_ID}",
+            "body": {
+              "application": {
+                "name": "#{applicationName}",
+                "oauthConfiguration": {
+                    "enabledGrants": ["authorization_code", "refresh_token"],
+                    "generateRefreshTokens": true
+                },
+                "loginConfiguration": {
+                    "allowTokenRefresh": true,
+                    "generateRefreshTokens": true,
+                    "enableJwtRefresh": true
+                },
+                "jwtConfiguration": {
+                    "enabled": true,
+                    "idTokenKeyId": "#{applicationIDTokenSigningKeyUUID}",
+                    "accessTokenKeyId": "#{applicationAccessTokenSigningKeyUUID}"
+                },
+                "lambdaConfiguration": {
+                    "accessTokenPopulateId": "#{lambdaUUID}"
+                }
+              }
+            }
+        },
+        {
+            "method": "POST",
+            "url": "/api/application/#{applicationUUID}/role",
+            "body": {
+              "role": {
+                "name": "Admin"
+              }
+            }
+        },
+        {
+            "method": "POST",
+            "url": "/api/application/#{applicationUUID}/role",
+            "body": {
+              "role": {
+                "name": "Medical"
+              }
+            }
+        },
+        {
+            "method": "POST",
+            "url": "/api/application/#{applicationUUID}/role",
+            "body": {
+              "role": {
+                "name": "Non-Medical"
+              }
+            }
+        },
+        {
+            "method": "POST",
+            "url": "/api/user/registration",
+            "body": {
+                "user": {
+                    "email": "#{applicationAdminEmail}",
+                    "password": "#{applicationAdminPassword}"
+                },
+                "registration": {
+                    "applicationId": "#{applicationUUID}",
+                    "roles": [
+                        "Admin"
+                    ]
+                }
+            }
+        },
+        {
+            "method": "POST",
+            "url": "/api/user/registration",
+            "body": {
+                "user": {
+                    "email": "#{medicalUserEmail}",
+                    "password": "#{medicalUserPassword}"
+                },
+                "registration": {
+                    "applicationId": "#{applicationUUID}",
+                    "roles": [
+                        "Medical"
+                    ]
+                }
+            }
+        },
+        {
+            "method": "POST",
+            "url": "/api/user/registration",
+            "body": {
+                "user": {
+                    "email": "#{nonMedicalUserEmail}",
+                    "password": "#{nonMedicalUserPassword}"
+                },
+                "registration": {
+                    "applicationId": "#{applicationUUID}",
+                    "roles": [
+                        "Non-Medical"
+                    ]
+                }
+            }
        }
    ]
 }
\ No newline at end of file