add docker-compose support

README.md

@@ -8,8 +8,30 @@
 
 - 使用方法
 ```
-
-
+cd docker-compose
+docker-compose up -d
+
+docker-compose  exec hydra \
+    hydra clients create \
+    --endpoint http://127.0.0.1:4445 \
+    --id auth-code-client \
+    --secret secret \
+    --grant-types authorization_code,refresh_token,client_credentials \
+    --response-types code,id_token,token \
+    --scope openid,offline \
+    --callbacks http://127.0.0.1:5556/callback
+
+
+docker-compose exec hydra \
+    hydra token user \
+    --client-id auth-code-client \
+    --client-secret secret \
+    --endpoint http://127.0.0.1:4444/ \
+    --port 5556 \
+    --scope openid,offline,snsapi_base 
+
+
+# http://127.0.0.1:5556 
 ```
 
 

conf/config.json.example

@@ -1,5 +1,4 @@
 {
-  "CookieSecret": "cookieSecret",
   "WeworkConfig": {
     "WeworkCropID": "xxxxxxxxxxxxxxxxxx",
     "WeworkAgentID": "xxxxxxx",

docker-compose/conf/config.json

@@ -0,0 +1,14 @@
+{
+  "WeworkConfig": {
+    "WeworkCropID": "xxxxxxxxxxxxxxxxxx",
+    "WeworkAgentID": "xxxxxxx",
+    "WeworkSecret": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+  },
+  "HydraConfig": {
+    "HydraHost": "hydra",
+    "HydraMethod": "http",
+    "HydraAdminPort": "4445",
+    "HydraClientID": "auth-code-client",
+    "HydraClientSecret": "secret"
+  }
+}

docker-compose/conf/hydra.yml

@@ -0,0 +1,30 @@
+serve:
+  cookies:
+    same_site_mode: Lax
+
+urls:
+  self:
+    issuer: http://hydra:4444
+  consent: http://hydra-wework.internet.com/wework/consent
+  login: http://hydra-wework.internet.com/wework/auth
+  logout: http://hydra-wework.internet.com/wework/logout
+  error: http://hydra-wework.internet.com/error
+
+# hydra-wework.internet.com改为你拥有的外部域名，在内网的话需要类似ngrok/frp之类的工具进行内网穿透
+# 此域名需要加入企业微信自建应用的回调域名
+
+
+secrets:
+  system:
+    - youReallyNeedToChangeThis
+
+oidc:
+  subject_identifiers:
+    enabled:
+      - pairwise
+      - public
+    pairwise:
+      salt: youReallyNeedToChangeThis
+
+log:
+  leak_sensitive_values: true

docker-compose/docker-compose.yml

@@ -0,0 +1,71 @@
+version: '3.7'
+
+services:
+  hydra:
+    image: oryd/hydra:v1.9.0-alpha.2
+    ports:
+      - "4444:4444" # Public port
+      - "4445:4445" # Admin port
+    command:
+      serve -c /etc/config/hydra/hydra.yml all --dangerous-force-http
+    volumes:
+      - ./conf:/etc/config/hydra
+    environment:
+      - DSN=mysql://root:secret@tcp(mysqld:3306)/hydra?max_conns=20&max_idle_conns=4
+      - TRACING_PROVIDER=jaeger
+      - TRACING_PROVIDERS_JAEGER_SAMPLING_SERVER_URL=http://jaeger:5778/sampling
+      - TRACING_PROVIDERS_JAEGER_LOCAL_AGENT_ADDRESS=jaeger:6831
+      - TRACING_PROVIDERS_JAEGER_SAMPLING_TYPE=const
+      - TRACING_PROVIDERS_JAEGER_SAMPLING_VALUE=1
+    restart: unless-stopped
+    depends_on:
+      - hydra-migrate
+      - jaeger
+    networks:
+      - intranet
+
+  hydra-migrate:
+    image: oryd/hydra:v1.9.0-alpha.2
+    environment:
+      - DSN=mysql://root:secret@tcp(mysqld:3306)/hydra?max_conns=20&max_idle_conns=4
+    command:
+      migrate -c /etc/config/hydra/hydra.yml sql -e --yes
+    volumes:
+      - ./conf:/etc/config/hydra
+    restart: on-failure
+    networks:
+      - intranet
+
+  mysqld:
+    image: mysql:5.7
+    ports:
+      - "3306:3306"
+    environment:
+      - MYSQL_ROOT_PASSWORD=secret
+    volumes:
+      - ./sql:/docker-entrypoint-initdb.d/
+    networks:
+      - intranet
+
+  jaeger:
+    image: jaegertracing/all-in-one:1.19.2
+    ports:
+      - "16686:16686" # The UI port
+    networks:
+      - intranet
+
+  hydra-wework-auth-server:
+    image: afghanistanyn/hydra-wework-auth-server:v1.0.0
+    ports:
+      - "8001:8001"
+    volumes:
+      - ./logs:/hydra-wework/logs/
+      - ./conf/config.json:/hydra-wework/conf/config.json
+    network:
+      - intranet
+
+
+
+networks:
+  intranet:
+

docker-compose/sql/0000_create_db.sql

@@ -0,0 +1,2 @@
+
+create database if not exists hydra character set utf8mb4 collate utf8mb4_unicode_ci;