ASCS-eV · royscheeren · Feb 19, 2024 · Feb 13, 2024 · Feb 14, 2024 · Feb 14, 2024
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -24,4 +24,4 @@ jobs:
       - name: Test app
         run: |
           npm i
-          npx nx run-many -t test
+          npx nx run-many -t test --exclude ory-hydra
diff --git a/apps/envited.ascs.digital/stacks/Envited.ts b/apps/envited.ascs.digital/stacks/Envited.ts
@@ -10,6 +10,7 @@ export default function Envited({ stack }: StackContext) {
     vpc,
     description: 'Postgres SG',
     allowAllOutbound: true,
+    securityGroupName: 'PostgresSG',
   })
   sg.addIngressRule(aws_ec2.Peer.anyIpv4(), aws_ec2.Port.tcp(5432))
 

diff --git a/apps/ory-hydra/.eslintrc.json b/apps/ory-hydra/.eslintrc.json
@@ -0,0 +1,18 @@
+{
+  "extends": ["../../.eslintrc.json"],
+  "ignorePatterns": ["!**/*"],
+  "overrides": [
+    {
+      "files": ["*.ts", "*.tsx", "*.js", "*.jsx"],
+      "rules": {}
+    },
+    {
+      "files": ["*.ts", "*.tsx"],
+      "rules": {}
+    },
+    {
+      "files": ["*.js", "*.jsx"],
+      "rules": {}
+    }
+  ]
+}
diff --git a/apps/ory-hydra/.gitignore b/apps/ory-hydra/.gitignore
@@ -0,0 +1,15 @@
+# dependencies
+node_modules
+
+# sst
+.sst
+.build
+
+# opennext
+.open-next
+
+# misc
+.DS_Store
+
+# local env files
+.env*.local
diff --git a/apps/ory-hydra/config/development.yml b/apps/ory-hydra/config/development.yml
@@ -0,0 +1,24 @@
+serve:
+  cookies:
+    same_site_mode: Lax
+
+urls:
+  self:
+    issuer: http://localhost:4444
+  consent: http://localhost:5002/api/consent
+  login: http://localhost:5002/login
+  logout: http://localhost:5002/logout
+
+secrets:
+  system:
+    - e5Mcyq@EU@iT=1hH
+
+oidc:
+  subject_identifiers:
+    supported_types:
+      - pairwise
+      - public
+    pairwise:
+      salt: e5Mcyq@EU@iT=1hH
+log:
+  level: debug
diff --git a/apps/ory-hydra/containers/docker-compose.yaml b/apps/ory-hydra/containers/docker-compose.yaml
@@ -0,0 +1,53 @@
+version: '3.7'
+
+services:
+  hydra-migrate:
+    image: oryd/hydra:v2.2.0
+    environment:
+      - DSN=postgres://${DB_USER}:${DB_PASSWORD}@${DB_HOST}:${DB_PORT}/${DB_NAME}?sslmode=disable&max_conns=20&max_idle_conns=4
+    command: migrate sql -e --yes
+    restart: on-failure
+    networks:
+      - ory-hydra-network
+
+  hydra:
+    image: oryd/hydra:v2.2.0
+    ports:
+      - 4444:4444 # Public port
+      - 4445:4445 # Admin port
+    environment:
+      - DSN=postgres://${DB_USER}:${DB_PASSWORD}@${DB_HOST}:${DB_PORT}/${DB_NAME}?sslmode=disable&max_conns=20&max_idle_conns=4
+    command: serve -c /etc/config/hydra/${ENV}.yml all --dev
+    volumes:
+      - type: bind
+        source: ../config
+        target: /etc/config/hydra
+    restart: on-failure
+    networks:
+      - ory-hydra-network
+
+  redis:
+    image: redis:7.2.2
+    networks:
+      - ory-hydra-network
+    ports:
+      - 6379:6379
+    restart: unless-stopped
+    profiles: ['development']
+
+  postgresd:
+    image: postgres:16
+    networks:
+      - ory-hydra-network
+    ports:
+      - 5433:5432
+    environment:
+      - POSTGRES_USER=${DB_USER}
+      - POSTGRES_PASSWORD=${DB_PASSWORD}
+      - POSTGRES_DB=${DB_NAME}
+    restart: on-failure
+    profiles: ['development']
+
+networks:
+  ory-hydra-network:
+    name: ory-hydra-net
diff --git a/apps/ory-hydra/containers/testClient.sh b/apps/ory-hydra/containers/testClient.sh
@@ -0,0 +1,31 @@
+#!/bin/bash
+client=$(docker run --rm \
+    --network ory-hydra-net \
+    oryd/hydra:v2.2.0 \
+    create client --skip-tls-verify \
+    --name testclient \
+    --secret some-secret \
+    --grant-type authorization_code \
+    --response-type token,code,id_token \
+    --scope openid \
+    --redirect-uri http://localhost:9010/callback \
+    -e http://hydra:4445 \
+    --format json )
+
+echo $client
+
+client_id=$(echo $client | jq -r '.client_id')
+
+docker run --rm \
+    --network ory-hydra-net \
+    -p 9010:9010 \
+    oryd/hydra:v2.2.0 \
+    perform authorization-code --skip-tls-verify \
+    --port 9010 \
+    --client-id $client_id \
+    --client-secret some-secret \
+    --redirect http://localhost:9010/callback \
+    --scope openid \
+    --auth-url http://localhost:4445/oauth2/auth \
+    --token-url http://hydra:4444/oauth2/token \
+    -e http://hydra:4444
diff --git a/apps/ory-hydra/jest.config.ts b/apps/ory-hydra/jest.config.ts
@@ -0,0 +1,11 @@
+/* eslint-disable */
+export default {
+  displayName: 'ory-hydra',
+  preset: '../../jest.preset.js',
+  testEnvironment: 'node',
+  transform: {
+    '^.+\\.[tj]s$': ['ts-jest', { tsconfig: '<rootDir>/tsconfig.spec.json' }],
+  },
+  moduleFileExtensions: ['ts', 'js', 'html'],
+  coverageDirectory: '../../coverage/apps/ory-hydra',
+}
diff --git a/apps/ory-hydra/project.json b/apps/ory-hydra/project.json
@@ -0,0 +1,85 @@
+{
+  "name": "ory-hydra",
+  "$schema": "../../node_modules/nx/schemas/project-schema.json",
+  "sourceRoot": "apps/ory-hydra/src",
+  "projectType": "application",
+  "targets": {
+    "build": {
+      "executor": "@nx/esbuild:esbuild",
+      "outputs": ["{options.outputPath}"],
+      "defaultConfiguration": "production",
+      "options": {
+        "platform": "node",
+        "outputPath": "dist/apps/ory-hydra",
+        "format": ["cjs"],
+        "bundle": false,
+        "main": "apps/ory-hydra/src/main.ts",
+        "tsConfig": "apps/ory-hydra/tsconfig.app.json",
+        "assets": ["apps/ory-hydra/src/assets"],
+        "generatePackageJson": true,
+        "esbuildOptions": {
+          "sourcemap": true,
+          "outExtension": {
+            ".js": ".js"
+          }
+        }
+      },
+      "configurations": {
+        "development": {},
+        "production": {
+          "esbuildOptions": {
+            "sourcemap": false,
+            "outExtension": {
+              ".js": ".js"
+            }
+          }
+        }
+      }
+    },
+    "serve": {
+      "executor": "@nx/js:node",
+      "defaultConfiguration": "development",
+      "options": {
+        "buildTarget": "ory-hydra:build"
+      },
+      "configurations": {
+        "development": {
+          "buildTarget": "ory-hydra:build:development"
+        },
+        "production": {
+          "buildTarget": "ory-hydra:build:production"
+        }
+      }
+    },
+    "test": {
+      "executor": "@nx/jest:jest",
+      "outputs": ["{workspaceRoot}/coverage/{projectRoot}"],
+      "options": {
+        "jestConfig": "apps/ory-hydra/jest.config.ts"
+      }
+    },
+    "deploy:staging": {
+      "executor": "nx:run-commands",
+      "options": {
+        "cwd": "apps/ory-hydra",
+        "commands": ["sst deploy OryHydra --stage staging"],
+        "parallel": false
+      }
+    },
+    "run:local:container": {
+      "executor": "nx:run-commands",
+      "options": {
+        "cwd": "apps/ory-hydra/containers",
+        "commands": ["ENV=development docker compose --profile development --env-file ../.env.development up --build"],
+        "parallel": false
+      }
+    },
+    "run:local:testClient": {
+      "executor": "nx:run-commands",
+      "options": {
+        "command": "./apps/ory-hydra/containers/testClient.sh"
+      }
+    }
+  },
+  "tags": []
+}
diff --git a/apps/ory-hydra/sst.config.ts b/apps/ory-hydra/sst.config.ts
@@ -0,0 +1,16 @@
+import { SSTConfig } from 'sst'
+
+import { OryHydra } from './stacks/OryHydra'
+
+export default {
+  config() {
+    return {
+      name: 'oryhydra',
+      region: 'eu-central-1',
+      role: process.env.ROLE_TO_ASSUME,
+    }
+  },
+  stacks(app) {
+    app.stack(OryHydra)
+  },
+} satisfies SSTConfig