diff --git a/docker-compose_idhub-demo-12d.yml b/docker-compose_idhub-demo-12d.yml new file mode 100644 index 0000000..289aa3c --- /dev/null +++ b/docker-compose_idhub-demo-12d.yml @@ -0,0 +1,67 @@ +version: "3.9" +services: + + idhub1: + container_name: idhub1 + init: true + image: dkr-dsg.ac.upc.edu/trustchain-oc1-orchestral/idhub:latest + environment: + - DEPLOYMENT=${IDHUB_DEPLOYMENT} + - SECRET_KEY=${IDHUB_SECRET_KEY:-publicsecretisnotsecureVtmKBfxpVV47PpBCF2Nzz2H6qnbd} + - ALLOWED_HOSTS=${IDHUB_ALLOWED_HOSTS:-*} + - STATIC_ROOT=${IDHUB_STATIC_ROOT:-/static/} + - MEDIA_ROOT=${IDHUB_MEDIA_ROOT:-/media/} + - PORT=${IDHUB_PORT:-9001} + - DJANGO_SUPERUSER_USERNAME=${IDHUB_USER} + - DJANGO_SUPERUSER_PASSWORD=${IDHUB_PASSWD} + - DJANGO_SUPERUSER_EMAIL=${IDHUB_EMAIL} + - CSRF_TRUSTED_ORIGINS=${IDHUB_CSRF_TRUSTED_ORIGINS} + - DEFAULT_FROM_EMAIL=${IDHUB_DEFAULT_FROM_EMAIL} + - EMAIL_HOST=${IDHUB_EMAIL_HOST} + - EMAIL_HOST_USER=${IDHUB_EMAIL_HOST_USER} + - EMAIL_HOST_PASSWORD=${IDHUB_EMAIL_HOST_PASSWORD} + - EMAIL_PORT=${IDHUB_EMAIL_PORT} + - EMAIL_USE_TLS=${IDHUB_EMAIL_USE_TLS} + - EMAIL_BACKEND=${IDHUB_EMAIL_BACKEND} + - RESPONSE_URI=https://idhub1.demo.pangea.org/oidc4vp/ + - ALLOW_CODE_URI=https://idhub1.demo.pangea.org/oidc4vp/allow_code + - SUPPORTED_CREDENTIALS=['MembershipCard'] + ports: + - 9001:9001 + volumes: + - ./idhub1:/opt/idhub + - sharedsecret:/sharedsecret:rw + + idhub2: + container_name: idhub2 + init: true + image: dkr-dsg.ac.upc.edu/trustchain-oc1-orchestral/idhub:latest + environment: + - DEPLOYMENT=${IDHUB_DEPLOYMENT} + - SECRET_KEY=${IDHUB_SECRET_KEY:-publicsecretisnotsecureVtmKBfxpVV47PpBCF2Nzz2H6qnbd} + - ALLOWED_HOSTS=${IDHUB_ALLOWED_HOSTS:-*} + - STATIC_ROOT=${IDHUB_STATIC_ROOT:-/static/} + - MEDIA_ROOT=${IDHUB_MEDIA_ROOT:-/media/} + - PORT=${IDHUB_PORT:-9002} + - DJANGO_SUPERUSER_USERNAME=${IDHUB_USER} + - DJANGO_SUPERUSER_PASSWORD=${IDHUB_PASSWD} + - DJANGO_SUPERUSER_EMAIL=${IDHUB_EMAIL} + - CSRF_TRUSTED_ORIGINS=${IDHUB_CSRF_TRUSTED_ORIGINS} + - DEFAULT_FROM_EMAIL=${IDHUB_DEFAULT_FROM_EMAIL} + - EMAIL_HOST=${IDHUB_EMAIL_HOST} + - EMAIL_HOST_USER=${IDHUB_EMAIL_HOST_USER} + - EMAIL_HOST_PASSWORD=${IDHUB_EMAIL_HOST_PASSWORD} + - EMAIL_PORT=${IDHUB_EMAIL_PORT} + - EMAIL_USE_TLS=${IDHUB_EMAIL_USE_TLS} + - EMAIL_BACKEND=${IDHUB_EMAIL_BACKEND} + - RESPONSE_URI=https://idhub2.demo.pangea.org/oidc4vp/ + - ALLOW_CODE_URI=https://idhub2.demo.pangea.org/oidc4vp/allow_code + - SUPPORTED_CREDENTIALS=['MembershipCard'] + ports: + - 9002:9002 + volumes: + - ./idhub2:/opt/idhub + - sharedsecret:/sharedsecret:rw + +volumes: + sharedsecret: diff --git a/docker/idhub.Dockerfile b/docker/idhub.Dockerfile index de6bddd..aa43271 100644 --- a/docker/idhub.Dockerfile +++ b/docker/idhub.Dockerfile @@ -4,7 +4,10 @@ RUN apt update && apt-get install -y \ python3-minimal \ python3-pip \ python3-dev \ - python-is-python3 + python-is-python3 \ + git \ + sqlite3 \ + jq WORKDIR /opt/idhub diff --git a/docker/idhub.entrypoint.sh b/docker/idhub.entrypoint.sh index 2e70c72..13dc694 100755 --- a/docker/idhub.entrypoint.sh +++ b/docker/idhub.entrypoint.sh @@ -4,6 +4,40 @@ set -e set -u set -x +_set() { + key="${1}" + value="${2}" + response_uri="${3}" + sqlite3 db.sqlite3 "update oidc4vp_organization set ${key}='${value}' where response_uri='${response_uri}';" +} + +_get() { + sqlite3 -json db.sqlite3 "select * from oidc4vp_organization;" +} + +config_oidc4vp() { + # populate your config + R_URI_CLEAN="${RESPONSE_URI%/}" && R_URI_CLEAN="${R_URI_CLEAN#http*://}" + local file="$(echo ${R_URI_CLEAN} | sed 's!/!__!g')" + data="$(_get)" + echo "${data}" | jq --arg uri "${R_URI_CLEAN}" '{ ($uri): .}' > /sharedsecret/${file} + + echo wait the other idhubs to write, this is the only oportunity to sync with other idhubs in the docker compose + sleep 2 + # get other configs + for host in /sharedsecret/*; do + # we are flexible on querying for RESPONSE_URI: the first one based on regex + target_uri="$(cat "${host}" | jq -r 'keys[0]')" + filtered_data="$(cat "${host}" | jq --arg uri "${target_uri}" 'first(.[][] | select(.response_uri | test ($uri)))')" + client_id="$(echo "${filtered_data}" | jq -r '.client_id')" + client_secret="$(echo "${filtered_data}" | jq -r '.client_secret')" + response_uri="$(echo "${filtered_data}" | jq -r '.response_uri')" + + _set my_client_id ${client_id} ${response_uri} + _set my_client_secret ${client_secret} ${response_uri} + done +} + main() { idhub_dir='/opt/idhub' cd "${idhub_dir}" @@ -19,7 +53,7 @@ END exit 1 fi - # detect if existing deployment + # detect if existing deployment (TODO only works with sqlite) if [ -f "${idhub_dir}/db.sqlite3" ]; then echo "INFO: detected EXISTING deployment" ./manage.py makemigrations @@ -33,6 +67,10 @@ END if [ "${DEPLOYMENT}" = 'DEVELOPMENT' ]; then printf "This is DEVELOPMENT DEPLOYMENT: including demo hardcoded data\n creating initial Datas\n" >&2 ./manage.py initial_datas + + if [ "${RESPONSE_URI}" ]; then + config_oidc4vp + fi else printf "creating superuser \n user: ${DJANGO_SUPERUSER_USERNAME}\n password: ${DJANGO_SUPERUSER_PASSWORD}\n email: ${DJANGO_SUPERUSER_EMAIL}\n" >&2 ## thanks https://stackoverflow.com/questions/6244382/how-to-automate-createsuperuser-on-django/59467533#59467533 diff --git a/idhub_build_demo_12d.sh b/idhub_build_demo_12d.sh new file mode 100755 index 0000000..dc1a339 --- /dev/null +++ b/idhub_build_demo_12d.sh @@ -0,0 +1,35 @@ +#!/bin/sh + +set -e +set -u +# DEBUG +set -x + +# wallet and verifier idhub demo +main() { + deployment="${1:-}" + + # detach on production deployment + if [ "${deployment}" = 'prod' ]; then + detach='-d' + fi + + # force recreate + rm -rf ./idhub1 ./idhub2 + + # detect if is new + if [ ! -f "./idhub1" ] && [ ! -f "./idhub2" ]; then + echo 'Detected new deployment, recreating git repos idhub1 and idhub2' + cp -rp IdHub idhub1 + rm -f idhub1/db.sqlite3 + cp -rp IdHub idhub2 + rm -f idhub2/db.sqlite3 + fi + + idhub_dc_f='docker-compose_idhub-demo-12d.yml' + docker compose -f ${idhub_dc_f} down -v || true + make idhub_build \ + && docker compose -f ${idhub_dc_f} up ${detach:-} +} + +main "${@}"